-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.py
122 lines (122 loc) · 5.47 KB
/
config.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# MOBSF USER CONFIGURATIONS
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# -------------------------
# STATIC ANALYZER SETTINGS
# -------------------------
# ==========ANDROID SKIP CLASSES==========================
# Common third party classes/paths that will be skipped
# during static analysis
import os
SKIP_CLASS_PATH = {
'com/google/', 'androidx', 'okhttp2/', 'okhttp3/',
'com/android/', 'com/squareup', 'okhttp/'
'android/content/', 'com/twitter/', 'twitter4j/',
'android/support/', 'org/apache/', 'oauth/signpost',
'android/arch', 'org/chromium/', 'com/facebook',
'org/spongycastle', 'org/bouncycastle',
'com/amazon/identity/', 'io/fabric/sdk',
'com/instabug', 'com/crashlytics/android',
'kotlinx/', 'kotlin/',
}
# Disable CVSSV2 Score by default
CVSS_SCORE_ENABLED = bool(os.getenv('MOBSF_CVSS_SCORE_ENABLED', ''))
# NIAP Scan
NIAP_ENABLED = os.getenv('MOBSF_NIAP_ENABLED', '')
# Permission to Code Mapping
PERM_MAPPING_ENABLED = os.getenv('MOBSF_PERM_MAPPING_ENABLED', '1')
# Dex 2 Smali Conversion
DEX2SMALI_ENABLED = os.getenv('MOBSF_DEX2SMALI_ENABLED', '1')
# Android Shared Object Binary Analysis
SO_ANALYSIS_ENABLED = os.getenv('MOBSF_SO_ANALYSIS_ENABLED', '1')
# iOS Dynamic Library Binary Analysis
DYLIB_ANALYSIS_ENABLED = os.getenv('MOBSF_DYLIB_ANALYSIS_ENABLED', '1')
# =================================================
# --------------------------
# MALWARE ANALYZER SETTINGS
# --------------------------
DOMAIN_MALWARE_SCAN = os.getenv('MOBSF_DOMAIN_MALWARE_SCAN', '1')
APKID_ENABLED = os.getenv('MOBSF_APKID_ENABLED', '1')
QUARK_ENABLED = bool(os.getenv('MOBSF_QUARK_ENABLED', ''))
# ==================================================
# ======WINDOWS STATIC ANALYSIS SETTINGS ===========
# Private key
WINDOWS_VM_SECRET = os.getenv(
'MOBSF_WINDOWS_VM_SECRET', 'mobsf/MobSF/windows_vm_priv_key.asc')
# IP and Port of the MobSF Windows VM
# example: WINDOWS_VM_IP = '127.0.0.1' ;noqa E800
WINDOWS_VM_IP = os.getenv('MOBSF_WINDOWS_VM_IP')
WINDOWS_VM_PORT = os.getenv('MOBSF_WINDOWS_VM_PORT', '8000')
# ==================================================
# ==============3rd Party Tools=====================
"""
If you want to use a different version of 3rd party tools used by MobSF.
You can do that by specifying the path here. If specified, MobSF will run
the tool from this location.
"""
# Android 3P Tools
JADX_BINARY = os.getenv('MOBSF_JADX_BINARY', '')
BACKSMALI_BINARY = os.getenv('MOBSF_BACKSMALI_BINARY', '')
VD2SVG_BINARY = os.getenv('MOBSF_VD2SVG_BINARY', '')
APKTOOL_BINARY = os.getenv('MOBSF_APKTOOL_BINARY', '')
#ADB_BINARY = os.getenv('MOBSF_ADB_BINARY', '')
ADB_BINARY = 'C:\Program Files\Genymobile\Genymotion\tools\adb.exe'
# iOS 3P Tools
JTOOL_BINARY = os.getenv('MOBSF_JTOOL_BINARY', '')
CLASSDUMP_BINARY = os.getenv('MOBSF_CLASSDUMP_BINARY', '')
CLASSDUMP_SWIFT_BINARY = os.getenv('MOBSF_CLASSDUMP_SWIFT_BINARY', '')
# COMMON
JAVA_DIRECTORY = os.getenv('MOBSF_JAVA_DIRECTORY', '')
"""
Examples:
JAVA_DIRECTORY = 'C:/Program Files/Java/jdk1.7.0_17/bin/'
JAVA_DIRECTORY = '/usr/bin/'
JADX_BINARY = 'C:/Users/Ajin/AppData/Local/Programs/jadx/bin/jadx.bat'
JADX_BINARY = '/Users/ajin/jadx/bin/jadx'
"""
# ==========================================================
# -------------------------
# DYNAMIC ANALYZER SETTINGS
# -------------------------
# =======ANDROID DYNAMIC ANALYSIS SETTINGS===========
ANALYZER_IDENTIFIER = os.getenv('MOBSF_ANALYZER_IDENTIFIER', '')
FRIDA_TIMEOUT = int(os.getenv('MOBSF_FRIDA_TIMEOUT', '4'))
ACTIVITY_TESTER_SLEEP = int(os.getenv('MOBSF_ACTIVITY_TESTER_SLEEP', '4'))
# ==============================================
# ================HTTPS PROXY ===============
PROXY_IP = os.getenv('MOBSF_PROXY_IP', '127.0.0.1')
PROXY_PORT = int(os.getenv('MOBSF_PROXY_PORT', '1337'))
# ===================================================
# ========UPSTREAM PROXY SETTINGS ==============
# If you are behind a Proxy
UPSTREAM_PROXY_ENABLED = bool(os.getenv(
'MOBSF_UPSTREAM_PROXY_ENABLED', ''))
UPSTREAM_PROXY_SSL_VERIFY = os.getenv(
'MOBSF_UPSTREAM_PROXY_SSL_VERIFY', '1')
UPSTREAM_PROXY_TYPE = os.getenv('MOBSF_UPSTREAM_PROXY_TYPE', 'http')
UPSTREAM_PROXY_IP = os.getenv('MOBSF_UPSTREAM_PROXY_IP', '127.0.0.1')
UPSTREAM_PROXY_PORT = int(os.getenv('MOBSF_UPSTREAM_PROXY_PORT', '3128'))
UPSTREAM_PROXY_USERNAME = os.getenv('MOBSF_UPSTREAM_PROXY_USERNAME', '')
UPSTREAM_PROXY_PASSWORD = os.getenv('MOBSF_UPSTREAM_PROXY_PASSWORD', '')
# ==============================================
# ========DISABLED BY DEFAULT COMPONENTS=========
# Get AppMonsta API from https://appmonsta.com/dashboard/get_api_key/
APPMONSTA_API = os.getenv('MOBSF_APPMONSTA_API', '')
# ----------VirusTotal--------------------------
VT_ENABLED = bool(os.getenv('MOBSF_VT_ENABLED', ''))
VT_API_KEY = os.getenv('MOBSF_VT_API_KEY', '')
VT_UPLOAD = bool(os.getenv('MOBSF_VT_UPLOAD', ''))
# Before setting VT_ENABLED to True,
# Make sure VT_API_KEY is set to your VirusTotal API key
# register at: https://www.virustotal.com/#/join-us
# You can get your API KEY from:
# https://www.virustotal.com/en/user/<username>/apikey/
# Files will be uploaded to VirusTotal
# if VT_UPLOAD is set to True.
# ===============================================
# =======IOS DYNAMIC ANALYSIS SETTINGS===========
CORELLIUM_API_DOMAIN = os.getenv('MOBSF_CORELLIUM_API_DOMAIN', '')
CORELLIUM_API_KEY = os.getenv('MOBSF_CORELLIUM_API_KEY', '')
CORELLIUM_PROJECT_ID = os.getenv('MOBSF_CORELLIUM_PROJECT_ID', '')
# CORELLIUM_PROJECT_ID is optional, MobSF will use any available project id
# ===============================================