def dynamic_analysis(request, api=False): """Android Dynamic Analysis Entry point.""" try: scan_apps = [] device_packages = {} and_ver = None and_sdk = None apks = StaticAnalyzerAndroid.objects.filter( APP_TYPE='apk') for apk in reversed(apks): temp_dict = { 'ICON_FOUND': apk.ICON_FOUND, 'MD5': apk.MD5, 'APP_NAME': apk.APP_NAME, 'VERSION_NAME': apk.VERSION_NAME, 'FILE_NAME': apk.FILE_NAME, 'PACKAGE_NAME': apk.PACKAGE_NAME, } scan_apps.append(temp_dict) try: identifier = get_device() except Exception: msg = ('Is Android VM running? MobSF cannot' ' find android instance identifier.' ' Please run an android instance and refresh' ' this page. If this error persists,' ' set ANALYZER_IDENTIFIER in ' f'{get_config_loc()}') return print_n_send_error_response(request, msg, api) try: if identifier: env = Environment(identifier) device_packages = env.get_device_packages() pkg_file = Path(settings.DWD_DIR) / 'packages.json' with pkg_file.open('w', encoding='utf-8') as target: dump(device_packages, target) and_ver = env.get_android_version() and_sdk = env.get_android_sdk() except Exception: pass context = {'apps': scan_apps, 'identifier': identifier, 'android_version': and_ver, 'android_sdk': and_sdk, 'proxy_ip': get_proxy_ip(identifier), 'proxy_port': settings.PROXY_PORT, 'settings_loc': get_config_loc(), 'device_packages': device_packages, 'title': 'MobSF Dynamic Analysis', 'version': settings.MOBSF_VER} if api: return context template = 'dynamic_analysis/dynamic_analysis.html' return render(request, template, context) except Exception as exp: logger.exception('Dynamic Analysis') return print_n_send_error_response(request, exp, api)
def get_result(self, file_path, file_hash): """ Get Results from VT. Uploading a file and getting the approval msg from VT or fetching existing report :param file_path: file's path :param file_hash: file's hash - md5/sha1/sha256 :return: VirusTotal result json / None upon error """ try: logger.info('VirusTotal: Check for existing report') report = self.get_report(file_hash) # Check for existing report if report: if report['response_code'] == 1: logger.info('VirusTotal: %s', report['verbose_msg']) return report if settings.VT_UPLOAD: logger.info('VirusTotal: file upload') upload_response = self.upload_file(file_path) if upload_response: logger.info('VirusTotal: %s', upload_response['verbose_msg']) return upload_response else: logger.info('VirusTotal Scan not performed as file' ' upload is disabled in %s. ' 'To enable file upload, ' 'set VT_UPLOAD to True.', get_config_loc()) report = { 'verbose_msg': ('Scan not performed, VirusTotal file' ' upload disabled ' 'in %s', get_config_loc()), 'positives': 0, 'total': 0} return report except Exception: logger.exception('VirusTotal get_result')
def dynamic_analysis(request, api=False): """Android Dynamic Analysis Entry point.""" try: scan_apps = [] apks = StaticAnalyzerAndroid.objects.filter( APP_TYPE='apk').order_by('-id') for apk in apks: temp_dict = { 'ICON_FOUND': apk.ICON_FOUND, 'MD5': apk.MD5, 'APP_NAME': apk.APP_NAME, 'VERSION_NAME': apk.VERSION_NAME, 'FILE_NAME': apk.FILE_NAME, 'PACKAGE_NAME': apk.PACKAGE_NAME, } scan_apps.append(temp_dict) try: identifier = get_device() except Exception: msg = ('Is Android VM running? MobSF cannot' ' find android instance identifier.' ' Please run an android instance and refresh' ' this page. If this error persists,' ' set ANALYZER_IDENTIFIER in ' f'{get_config_loc()}') return print_n_send_error_response(request, msg, api) proxy_ip = get_proxy_ip(identifier) context = { 'apps': scan_apps, 'identifier': identifier, 'proxy_ip': proxy_ip, 'proxy_port': settings.PROXY_PORT, 'settings_loc': get_config_loc(), 'title': 'MobSF Dynamic Analysis', 'version': settings.MOBSF_VER } if api: return context template = 'dynamic_analysis/dynamic_analysis.html' return render(request, template, context) except Exception as exp: logger.exception('Dynamic Analysis') return print_n_send_error_response(request, exp, api)
def _binary_analysis(app_dic): """Start binary analsis.""" logger.info('Starting Binary Analysis') bin_an_dic = {} # Init optional sections to prevent None-Pointer-Errors bin_an_dic['results'] = [] bin_an_dic['warnings'] = [] # Search for exe for file_name in app_dic['files']: if file_name.endswith('.exe'): bin_an_dic['bin'] = file_name bin_an_dic['bin_name'] = file_name.replace('.exe', '') break if not bin_an_dic.get('bin_name'): logger.exception('No executable in appx.') bin_path = os.path.join(app_dic['app_dir'], bin_an_dic['bin']) # Execute strings command bin_an_dic['strings'] = '' # Make unique # pylint: disable-msg=R0204 str_list = list(set(strings_util(bin_path))) str_list = [escape(s) for s in str_list] bin_an_dic['strings'] = str_list # Search for unsave function pattern = re.compile('(alloca|gets|memcpy|printf|scanf|sprintf|sscanf|' 'strcat|StrCat|strcpy|StrCpy|strlen|StrLen|strncat|' 'StrNCat|strncpy|StrNCpy|strtok|swprintf|vsnprintf|' 'vsprintf|vswprintf|wcscat|wcscpy|wcslen|wcsncat|' 'wcsncpy|wcstok|wmemcpy)') for elem in str_list: if pattern.match(elem[5:-5]): result = { 'rule_id': 'Possible Insecure Function', 'status': 'Insecure', 'desc': ('Possible Insecure ' 'Function detected: {}').format(elem[5:-5])} bin_an_dic['results'].append(result) # Execute binskim analysis if vm is available if platform.system() != 'Windows' or 'CI' in os.environ: if settings.WINDOWS_VM_IP: logger.info('Windows VM configured.') global proxy proxy = xmlrpc.client.ServerProxy( # pylint: disable-msg=C0103 'http://{}:{}'.format( settings.WINDOWS_VM_IP, settings.WINDOWS_VM_PORT)) name = _upload_sample(bin_path) bin_an_dic = binskim(name, bin_an_dic) bin_an_dic = binscope(name, bin_an_dic) else: logger.warning( 'Windows VM not configured in %s.' ' Skipping Binskim and Binscope.', get_config_loc()) warning = { 'rule_id': 'VM', 'status': 'Info', 'info': '', 'desc': 'VM is not configured. Please read the readme.md' ' in MobSF/install/windows.', } bin_an_dic['results'].append(warning) else: logger.info('Running local analysis.') global config config = configparser.ConfigParser() # Switch to settings defined path if available config.read(expanduser('~') + '\\MobSF\\Config\\config.txt') # Run analysis functions bin_an_dic = binskim(bin_path, bin_an_dic, run_local=True, app_dir=app_dic['app_dir']) bin_an_dic = binscope(bin_path, bin_an_dic, run_local=True, app_dir=app_dic['app_dir']) return bin_an_dic