Optimize Windows Setup & Added Android Manifest Rules

Optimize Windows Setup & Added Android Manifest Rules

StaticAnalyzer/views/android/android_manifest_desc.py

@@ -1,6 +1,48 @@
 MANIFEST_DESC = {
+    'a_clear_text': {
+        'title': ('Clear text traffic is Enabled For App'
+                  '<br>[android:usesCleartextTraffic=true]'),
+        'level': 'high',
+        'description': ('The app intends to use cleartext network traffic,'
+                        ' such as cleartext HTTP, FTP stacks, DownloadManager,'
+                        ' and MediaPlayer. The default value for'
+                        ' apps that target API level 27 or lower is "true". '
+                        'Apps that target API level 28 or higher default to'
+                        ' "false". The key reason for avoiding cleartext'
+                        ' traffic is the lack of confidentiality, '
+                        'authenticity, and protections against tampering; '
+                        'a network attacker can eavesdrop on transmitted '
+                        'data and also modify it without being detected.'),
+        'name': ('Clear text traffic is Enabled For App '
+                 '[android:usesCleartextTraffic=true]'),
+    },
+    'a_boot_aware': {
+        'title': 'App is direct-boot aware <br>[android:directBootAware=true]',
+        'level': 'info',
+        'description': ('This app can run before the user unlocks the device. '
+                        'If you\'re using a custom subclass of Application, '
+                        'and if any component inside your application is '
+                        'direct - boot aware, then your entire custom '
+                        'application is considered to be direct - boot aware.'
+                        'During Direct Boot, your application can only access'
+                        ' the data that is stored'
+                        ' in device protected storage.'),
+        'name': 'App is direct-boot aware [android:directBootAware=true]',
+    },
+    'a_network_sec': {
+        'title': ('App has a Network Security Configuration'
+                  '<br>[android:networkSecurityConfig]'),
+        'level': 'info',
+        'description': ('The Network Security Configuration feature lets apps'
+                        ' customize their network security settings in a safe,'
+                        ' declarative configuration file without modifying '
+                        'app code. These settings can be configured for '
+                        'specific domains and for a specific app. '),
+        'name': ('App has a Network Security Configuration '
+                 '[android:networkSecurityConfig]'),
+    },
     'a_debuggable': {
-        'title': 'Debug Enabled For App <br>[android:debuggable=true]',
+        'title': 'Debug Enabled For App<br>[android:debuggable=true]',
         'level': 'high',
         'description': ('Debugging was enabled on the app which makes it '
                         'easier for reverse engineers to hook a debugger to'

StaticAnalyzer/views/android/manifest_analysis.py

@@ -278,6 +278,12 @@ def manifest_analysis(mfxml, man_data_dic):
             else:
                 perm_appl_level_exists = False
             # End
+            if application.getAttribute('android:usesCleartextTraffic') == 'true':
+                ret_list.append(('a_clear_text', (), ()))
+            if application.getAttribute('android:directBootAware') == 'true':
+                ret_list.append(('a_boot_aware', (), ()))
+            if application.getAttribute('android:networkSecurityConfig'):
+                ret_list.append(('a_network_sec', (), ()))
             if application.getAttribute('android:debuggable') == 'true':
                 ret_list.append(('a_debuggable', (), ()))
             if application.getAttribute('android:allowBackup') == 'true':

install/windows/setup.py

@@ -165,7 +165,6 @@ def tools_binskim():
     nuget = mobsf_subdir_tools + CONFIG['nuget']['file']
 
     print('[*] Downloading and installing Binskim...')
-
     # Execute nuget to get binkim
     output = subprocess.check_output(
         [
@@ -272,14 +271,13 @@ def tools_binscope():
 
     # Aaaand close
     binscope_installer_file.close()
-
     # Execute the installer
     print(('[*] Installing BinScope to {}'.format(binscope_path)))
-    os.system(
-        'msiexec' + ' '
-        'INSTALLLOCATION='' + binscope_path + '' '
-        + '/i '' + binscope_installer_path + '' '
-        + '/passive')
+    cmd = ('msiexec INSTALLLOCATION='
+           '"{}" /i "{}" /passive'.format(
+               binscope_path,
+               binscope_installer_path))
+    os.system(cmd)
 
     CONFIG['binscope']['file'] = binscope_path + '\\Binscope.exe'
 

scripts/clean.bat

@@ -0,0 +1,31 @@
+@echo off 
+echo =======================MobSF Clean Script for Windows=======================
+echo Running this script will delete the Scan database, all files uploaded and generated.
+SET mypath=%~dp0
+echo %mypath:~0,-1%
+IF "%~1"=="y" (
+echo Deleting all Uploads
+rmdir "uploads" /q /s
+echo Deleting all Downloads
+rmdir "downloads" /q /s
+echo Deleting Static Analyzer Migrations
+rmdir "StaticAnalyzer\migrations" /q /s
+echo Deleting Dynamic Analyzer Migrations
+rmdir "DynamicAnalyzer\migrations" /q /s
+echo Deleting MobSF Migrations
+rmdir "MobSF\migrations" /q /s
+echo Deleting temp and log files
+rmdir "logs" /q /s
+del /f "classes*""
+echo Deleting DB
+del /f "db.sqlite3"
+echo Deleting Secret File
+del /f "secret"
+echo Deleting Previous Setup files
+rmdir "%UserProfile%\MobSF" /q /s
+del /f "setup_done.txt"
+echo Done
+) ELSE ( 
+echo Please run script from MobSF directory
+echo 'scripts/clean.bat y
+)

setup.bat

@@ -1,7 +1,7 @@
 @echo off
 where python >nul 2>&1 && (
+  deactivate
   echo [INSTALL] Found Python3
-
   pip3 >nul 2>&1 && (
     echo [INSTALL] Found pip3
     python -m pip install --upgrade pip
@@ -30,7 +30,7 @@ where python >nul 2>&1 && (
   )
 
   echo [INSTALL] Using venv
-  rmdir /q /s venv
+  rmdir "venv" /q /s
   python -m venv ./venv
   .\venv\Scripts\activate
 
@@ -46,6 +46,9 @@ where python >nul 2>&1 && (
 
   echo [INSTALL] Installing Requirements
   pip install -r requirements.txt
+
+  echo [INSTALL] Clean Up
+  CALL scripts/clean.bat y
 
   echo [INSTALL] Migrating Database
   python manage.py makemigrations