Merged
Conversation
* Replace Warning with Medium and added Hotspot * Add file analysis to hotspot * Enterprise Feature Request Flag * EFR01 changes * version bump
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Introduce jadx decompilation timeout with env var - exception for timeout - replace subprocess.call for run Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update quark-engine from 22.2.1 to 22.3.1 * update lief Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update jadx to 1.3.4 * update lief * update jadx and requirements
* Update ip2location from 8.7.3 to 8.7.4 * Update quark-engine from 22.4.1 to 22.5.1 * Update frida from 15.1.17 to 15.1.23 * Update tldextract from 3.2.1 to 3.3.0
* Check the GitHub releases page for latest version number * Update utils.py Only log distro if not empty (or spaces) Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update cert_analysis.py Flag on MD5 hash algorithm in signer certificate * Update cert_analysis.py Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Allow iOS IPA download * Code QA
…ents to manifest analysis (MobSF#1905) * Add the checking of the parent element of the permission-related elements to manifest analysis Co-authored-by: Ajin Abraham <ajin25@gmail.com>
…ted elements to manifest analysis (MobSF#1905)" (MobSF#1984) HOTFIX: Revert MobSF#1905
* Update ip2location from 8.7.4 to 8.8.0 * Update frida from 15.1.24 to 15.1.27
* IOS Swift Rules updates * Updated or added rules `ios_biometric_bool`, `ios_biometric_acl`, `ios_keychain_weak_acl_device_passcode`, `ios_keychain_weak_accessibility_value`, `ios_insecure_random_no_generator`, `ios_biometry_hardened` * Regex Hardening: Fixes possible Regex DoS in rules and MobSF code base
…ing search (MobSF#2228) * String extraction from APK, Source, AAR, JAR, SO * Strings sections to show source of strings extracted * Strings Refactor * Support for independent .SO scan * Android SCA rules update * Entropies scan support for strings * URLs/Email extraction refactor * Bug Fixes * iOS Source Report Fix * Frida APK Patcher (WIP) * Dynamic Analyzer identifier not available * Settings env var not working fix for enabled by default features * AppSec Score fix * Recent `scan not completed` fix for iOS zip
* Update macho_analysis.py PR for this issue: MobSF#2233 * Update macho_analysis.py Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Dylib analysis support + PDF for iOS Binary * Dylib string extraction * Improved iOS Plist secret extraction * iOS/Android Form Validation QA * Independent Dylib scan * Symbols view for dylib and so * Trackers support for so
Components which are exported and have no permission were not listed in the results because of a wrong template description key. Also added a warning if this happens again. Co-authored-by: Ajin Abraham <ajin25@gmail.com>
…d strings and symbols extraction (MobSF#2240) * AAR/JAR obfuscation and debug check * Exception handling symbols and strings from so/dylib
…raceful Analysis (MobSF#2242) * Independent Static Library(.a) ELF/MachO Analysis * Mac FAT binary only supported on Mac * Static and Dynamic Binary Analysis QA * Refactor Dex permissions * Fallback certificate analysis using apksigtool * Refactor Androguard `apk.APK()` usage
…port (MobSF#2244) * Docker base image update * Docker file QA * Github Actions version update * Removed unwanted pinned repository * Pip to Poetry migration * Bump httptools * Jump yara-python-dex * Python 3.11 support
* Docker image build test for PRs
) * Use BeautifulSoup4 to prettify malformed XML * Detect non standard XML namespace in AndroidManifest.xml (Fixes : MobSF#2198) * Updated android permissions list * Updated android permission update check script
* Migrate from setup.py to use poetry build and publish * Tox QA * Version is now configured only at pyproject.toml * Added poetry build test * Updated mobsf PyPI publishing workflow * Update local DBs
There was a problem hiding this comment.
CodeQL found more than 10 potential problems in the proposed changes. Check the Files changed tab for more details.
crickard-sl
pushed a commit
that referenced
this pull request
Dec 15, 2025
* HOTFIX: EFR01 Enterprise feature request (MobSF#1908) * Replace Warning with Medium and added Hotspot * Add file analysis to hotspot * Enterprise Feature Request Flag * EFR01 changes * version bump * update quark & frida (MobSF#1903) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update tldextract from 3.1.2 to 3.2.0 (MobSF#1910) * upgrade apktool to 2.6.1 (MobSF#1915) * Hotfix: Update slack link * Hotfix: update slack link * Hotfix: Slack link * Hotfix:Slack link * Hotfix:Slack link * Introduce jadx decompilation timeout with env var (MobSF#1916) * Introduce jadx decompilation timeout with env var - exception for timeout - replace subprocess.call for run Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update ip2location from 8.6.4 to 8.7.2 (MobSF#1926) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Scheduled weekly dependency update for week 13 (MobSF#1931) * Update quark-engine from 22.2.1 to 22.3.1 * update lief Co-authored-by: Ajin Abraham <ajin25@gmail.com> * update apkid (MobSF#1939) * Fix dynamic report_json api bug (MobSF#1934) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Hotfix: LIEF * Update README.md (MobSF#1951) * update jadx to 1.3.4 (MobSF#1941) * update jadx to 1.3.4 * update lief * update jadx and requirements * Scheduled weekly dependency update for week 22 (MobSF#1972) * Update ip2location from 8.7.3 to 8.7.4 * Update quark-engine from 22.4.1 to 22.5.1 * Update frida from 15.1.17 to 15.1.23 * Update tldextract from 3.2.1 to 3.3.0 * Check for updates via GitHub releases (MobSF#1957) * Check the GitHub releases page for latest version number * Update utils.py Only log distro if not empty (or spaces) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update cert_analysis.py (MobSF#1948) * Update cert_analysis.py Flag on MD5 hash algorithm in signer certificate * Update cert_analysis.py Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: Update Readme with Rewards Banner * Update frida from 15.1.23 to 15.1.24 (MobSF#1975) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: openSSL link and readme update * Hotfix: Broken slack channel link fix * Hotfix: Windows setup script * Feature Parity Allow iOS IPA download (MobSF#1977) * Allow iOS IPA download * Code QA * Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905) * Add the checking of the parent element of the permission-related elements to manifest analysis Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Remove RELRO (MobSF#1978) * Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905)" (MobSF#1984) HOTFIX: Revert MobSF#1905 * Scheduled weekly dependency update for week 26 (MobSF#1986) * Update ip2location from 8.7.4 to 8.8.0 * Update frida from 15.1.24 to 15.1.27 * Update quark-engine from 22.5.1 to 22.6.1 (MobSF#1989) * Scheduled weekly dependency update for week 28 (MobSF#1993) * Update frida from 15.1.27 to 15.1.28 * Update tldextract from 3.3.0 to 3.3.1 * HOTFIX: libsast, iOS Rule, M1 Mac support * Hotfix MobSF#1999 * Update frida from 15.1.28 to 15.2.2 (MobSF#2002) * Update README.md (MobSF#2020) add Badge App * Fix bug MobSF#1917 where checking for stripped debugging symbols produces false positives in iOS. (MobSF#2023) Co-authored-by: Toor <toor@DES-macOS-pentest.local> Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update ip2location from 8.8.0 to 8.8.1 (MobSF#2035) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * update apkid to 2.1.4 (MobSF#2037) * Adding tarfile member sanitization to extractall() (MobSF#2039) Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com> Co-authored-by: Ajin Abraham <ajin25@gmail.com> * fix res directory not exist (MobSF#2042) Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory * [EFR-02]Enterprise Feature Request - False Positive Triaging (MobSF#2000) * Suppression logic * Android code analysis suppression * Fixes MobSF#1981 * iOS source support bundle id extraction * iOS Source Code - Suppression support * Remove check in CFBundleURLName * iOS Binary code analysis suppression support * Add Code QL * Suppression support for Manifest analysis * Fixes MobSF#2014 * REST API + Docs * Address review comments * update suppression wordings * Fixes MobSF#2043 * Icon analysis code QA * Unit Test for False Positive Triaging * Adding numeric_owner as a keyword argument (MobSF#2050) numeric_owner needs to be a keyword argument. * Scheduled weekly dependency update for week 41 (MobSF#2046) * Update quark-engine from 22.6.1 to 22.9.1 * Update frida from 15.2.2 to 16.0.1 * Update tldextract from 3.3.1 to 3.4.0 * Update openstep-parser from 1.5.3 to 1.5.4 Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: revert frida to 15.X * HOTFIX: UI changes and warning on mobsf.live (MobSF#2051) * UI changes and warning on mobsf.live * Update home.html * HOTFIX: Split certificate analysis out, suppression list fixes (MobSF#2052) * Hotfix: ui on donate page * Hotfix: Homescreen Navbar * Hotfix: UI icon * hotfix for quyark rules location (MobSF#2053) * HOTFIX: jadx update to 1.4.5 (MobSF#2064) * jadx update to 1.4.5 * MobSF version bump * Fixes CVE-2022-42889 in third party dependency * Installation script error: Solving spelling error (MobSF#2067) changed "installtion" to "installation" * Android APK support extracting icon SVG from XML (MobSF#2060) * Added support for SVG icon extraction * Add jar binaries * code refactoring * Update settings.py * HOTFIX: Setup improvement (MobSF#2078) * Improve setup scripts. * Python support to 3.8 - 3.10 * Delete MobSF data directory on running setup. * Bump applicable dependencies. * Apktool 2.7.0 update (MobSF#2082) * Update apktool to version 2.7.0 * HOTFIX: Icon should be a file * version bump * New Android Manifest Rule: App support vulnerable android versions (MobSF#2114) * add a new rule: dangerous os version * qa * lint checks * run lint test on one os * Support for filenames containing & (MobSF#2129) Co-authored-by: none <none@none.com> * HOTFIX: Fix docker build (MobSF#2135) * Fix Scorecard Severity Distribution chart data (MobSF#2140) * HOTIX: Update Dockerfile to install jq (MobSF#2149) * Update Dockerfile * Update tox.ini * [HOTFIX] Add support for environment variable for MobSF config (MobSF#2150) * add support for environment variable config * Fixes MobSF#2109 * update lief * HOTFIX: Fixes MobSF#2144 * HOTFIX: Android min SDK check on janus vulnerability detection (MobSF#2159) * Android min SDK check on janus check * Update README.md * [Enterprise Feature Request EFR02] Support summary of severity in each section. (MobSF#2160) * Summary for Android and iOS SCA * [EFR05] Enterprise Feature Request: AAR and JAR support (MobSF#2163) * AAR and JAR support * Enable binary analysis for aar/jar * Scheduled weekly dependency update for week 24 (MobSF#2187) * Update ip2location from 8.9.0 to 8.10.0 * Update quark-engine from 22.10.1 to 23.5.1 * Update LIEF from to 0.13.1 * Update tldextract from 3.4.0 to 3.4.4 * Update requirements.txt --------- Co-authored-by: Ajin Abraham <ajin25@gmail.com> * Update requirements.txt 0.13.1 not available. * HOTFIX: update lief * Revert Hotfix * HOTFIX: Feature updates and Bug Fixes (MobSF#2197) * OFAC, jquery bump, tox fix * AAR handle multiple application tags * HOTFIX: MobSF Android Dynamic Analysis Docker Support (MobSF#2214) * MobSF Android Docker Support * Pin pip version * Update mobsf-test.yml * Update setup.py * Hotfix: Docker error fixes * Hotfix: Add Corellium support message * Hotfix: Broken donate link fix * Update dynamic_analysis.html (MobSF#2218) * Hotfix: Handle Docker <-> ADB connectivity internally (MobSF#2219) * host.docker.internal transilation for localhost * Replace urlparse with re * version bump * update ascii art * update apktool to 2.8.1 (MobSF#2220) * update apktool (MobSF#2225) Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: translate upstream proxy ip for docker * Dynamic Analysis support alert (MobSF#2227) * [HOTFIX] Regex + Rule Update (MobSF#2232) * IOS Swift Rules updates * Updated or added rules `ios_biometric_bool`, `ios_biometric_acl`, `ios_keychain_weak_acl_device_passcode`, `ios_keychain_weak_accessibility_value`, `ios_insecure_random_no_generator`, `ios_biometry_hardened` * Regex Hardening: Fixes possible Regex DoS in rules and MobSF code base * [HOTFIX][EFR06] Independent Shared Object (.so) Scan and Improved String search (MobSF#2228) * String extraction from APK, Source, AAR, JAR, SO * Strings sections to show source of strings extracted * Strings Refactor * Support for independent .SO scan * Android SCA rules update * Entropies scan support for strings * URLs/Email extraction refactor * Bug Fixes * iOS Source Report Fix * Frida APK Patcher (WIP) * Dynamic Analyzer identifier not available * Settings env var not working fix for enabled by default features * AppSec Score fix * Recent `scan not completed` fix for iOS zip * HOTFIX: Improve code string extraction * Update macho_analysis.py - SYMBOLS STRIPPED False Negative (MobSF#2234) * Update macho_analysis.py PR for this issue: MobSF#2233 * Update macho_analysis.py Co-authored-by: Ajin Abraham <ajin25@gmail.com> * HOTFIX: fix IPA download support * [HOTFIX][EFR-08] Dylib + Symbols + Other Features (MobSF#2239) * Dylib analysis support + PDF for iOS Binary * Dylib string extraction * Improved iOS Plist secret extraction * iOS/Android Form Validation QA * Independent Dylib scan * Symbols view for dylib and so * Trackers support for so * Fix missing exported components (MobSF#2176) Components which are exported and have no permission were not listed in the results because of a wrong template description key. Also added a warning if this happens again. Co-authored-by: Ajin Abraham <ajin25@gmail.com> * [HOTFIX][EFR09] AAR/JAR obfuscation and debug check + Exception Handed strings and symbols extraction (MobSF#2240) * AAR/JAR obfuscation and debug check * Exception handling symbols and strings from so/dylib * [HOTFIX][EFR10] Independent Static Library(.a) ELF/MachO Analysis + Graceful Analysis (MobSF#2242) * Independent Static Library(.a) ELF/MachO Analysis * Mac FAT binary only supported on Mac * Static and Dynamic Binary Analysis QA * Refactor Dex permissions * Fallback certificate analysis using apksigtool * Refactor Androguard `apk.APK()` usage * Pip to Poetry, Ubuntu Base image Bump, Dockerfile QA, Python 3.11 support (MobSF#2244) * Docker base image update * Docker file QA * Github Actions version update * Removed unwanted pinned repository * Pip to Poetry migration * Bump httptools * Jump yara-python-dex * Python 3.11 support * [HOTFIX] Docker Buildx test (MobSF#2247) * Docker image build test for PRs * [HOTFIX] bs4 malformed xml parsing + xml namespace detection (MobSF#2248) * Use BeautifulSoup4 to prettify malformed XML * Detect non standard XML namespace in AndroidManifest.xml (Fixes : MobSF#2198) * Updated android permissions list * Updated android permission update check script * [HOTFIX] Migrate from setup.py to poetry, tox QA (MobSF#2249) * Migrate from setup.py to use poetry build and publish * Tox QA * Version is now configured only at pyproject.toml * Added poetry build test * Updated mobsf PyPI publishing workflow * Update local DBs * Updates for 3.7.6 * Lint fixes * More lint fixes * self.data to data fix * Template context fixes * Lint fixes * Lint fix * context['template'] fix * Lint fix * Fixed bug in Compare UI * Unit text fix --------- Co-authored-by: Ajin Abraham <ajin25@gmail.com> Co-authored-by: superpoussin22 <vincent.nadal@orange.fr> Co-authored-by: pyup.io bot <github-bot@pyup.io> Co-authored-by: Matej Soroka <hi@matejsoroka.com> Co-authored-by: N1neSun <917549681@qq.com> Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com> Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com> Co-authored-by: Atarii <atarii@users.noreply.github.com> Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com> Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com> Co-authored-by: Toor <toor@DES-macOS-pentest.local> Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com> Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com> Co-authored-by: ohyeah521 <ohyeah521@gmail.com> Co-authored-by: th3-d4v1d-c0de <116191845+th3-d4v1d-c0de@users.noreply.github.com> Co-authored-by: evmxattr <evmxattr@users.noreply.github.com> Co-authored-by: none <none@none.com> Co-authored-by: antoinbo <87284775+antoinbo@users.noreply.github.com> Co-authored-by: Karmaz <51202595+Karmaz95@users.noreply.github.com> Co-authored-by: Abb4d0n <Abb4d0n@users.noreply.github.com>
crickard-sl
added a commit
that referenced
this pull request
Dec 27, 2025
* [HOTFIX][EFR09] AAR/JAR obfuscation and debug check + Exception Handed strings and symbols extraction (#2240)
* AAR/JAR obfuscation and debug check
* Exception handling symbols and strings from so/dylib
* [HOTFIX][EFR10] Independent Static Library(.a) ELF/MachO Analysis + Graceful Analysis (#2242)
* Independent Static Library(.a) ELF/MachO Analysis
* Mac FAT binary only supported on Mac
* Static and Dynamic Binary Analysis QA
* Refactor Dex permissions
* Fallback certificate analysis using apksigtool
* Refactor Androguard `apk.APK()` usage
* Pip to Poetry, Ubuntu Base image Bump, Dockerfile QA, Python 3.11 support (#2244)
* Docker base image update
* Docker file QA
* Github Actions version update
* Removed unwanted pinned repository
* Pip to Poetry migration
* Bump httptools
* Jump yara-python-dex
* Python 3.11 support
* [HOTFIX] Docker Buildx test (#2247)
* Docker image build test for PRs
* [HOTFIX] bs4 malformed xml parsing + xml namespace detection (#2248)
* Use BeautifulSoup4 to prettify malformed XML
* Detect non standard XML namespace in AndroidManifest.xml (Fixes : https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2198)
* Updated android permissions list
* Updated android permission update check script
* [HOTFIX] Migrate from setup.py to poetry, tox QA (#2249)
* Migrate from setup.py to use poetry build and publish
* Tox QA
* Version is now configured only at pyproject.toml
* Added poetry build test
* Updated mobsf PyPI publishing workflow
* Update local DBs
* Performance Improvements on SAST (#2251)
* Performance improvements in SAST scans (Code Analysis, API Analysis, NIAP etc.) with libsast bump
* Android API rule QA
* Manifest analysis continuation on apktool failure
* Linux setup script fix
* Disable NIAP by default
* [HOTFIX] add apksigner.jar for reading signatures (#2254)
* Add `apksigner.jar`
* Use apksigner to extract signature versions (v1, v2, v3, v4)
* Fix: #2120
* [HOTFIX] add jar (#2255)
* Add apksigner jar
* [HOTFIX] Bump Frida to address crash on M1 Mac (#2258)
* Update frida to 16.1.4 to resolve segmentation faults on Docker arm image
---------
Co-authored-by: Mark Sowell <mark@marksowell.com>
* [HOTFIX] simplify scan api (#2259)
* Simplify Scan API
* Need only scan hash to trigger a scan
* Updated API Docs
* [HOTFIX] iOS Framework Analysis + Multiple Feature QA (#2260)
* iOS Framework Analysis
* Static Analysis URL simplification
* Replace hardcoded urls in template with `{% url %}`
* Code QA
* Remove unwanted template file
* Remove `rescan` query param from url
* Android icon SVG guessing improvements
* Icon analysis refactoring, change icon storage location
* Remove SVG to PNG converter. Support PNG and SVG icon.
* Github docker release action update
* Merge 3.6.9 (#174)
* HOTFIX: EFR01 Enterprise feature request (#1908)
* Replace Warning with Medium and added Hotspot
* Add file analysis to hotspot
* Enterprise Feature Request Flag
* EFR01 changes
* version bump
* update quark & frida (#1903)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update tldextract from 3.1.2 to 3.2.0 (#1910)
* upgrade apktool to 2.6.1 (#1915)
* Hotfix: Update slack link
* Hotfix: update slack link
* Hotfix: Slack link
* Hotfix:Slack link
* Hotfix:Slack link
* Introduce jadx decompilation timeout with env var (#1916)
* Introduce jadx decompilation timeout with env var
- exception for timeout
- replace subprocess.call for run
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.6.4 to 8.7.2 (#1926)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Scheduled weekly dependency update for week 13 (#1931)
* Update quark-engine from 22.2.1 to 22.3.1
* update lief
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid (#1939)
* Fix dynamic report_json api bug (#1934)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Hotfix: LIEF
* Update README.md (#1951)
* update jadx to 1.3.4 (#1941)
* update jadx to 1.3.4
* update lief
* update jadx and requirements
* Scheduled weekly dependency update for week 22 (#1972)
* Update ip2location from 8.7.3 to 8.7.4
* Update quark-engine from 22.4.1 to 22.5.1
* Update frida from 15.1.17 to 15.1.23
* Update tldextract from 3.2.1 to 3.3.0
* Check for updates via GitHub releases (#1957)
* Check the GitHub releases page for latest version number
* Update utils.py
Only log distro if not empty (or spaces)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update cert_analysis.py (#1948)
* Update cert_analysis.py
Flag on MD5 hash algorithm in signer certificate
* Update cert_analysis.py
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: Update Readme with Rewards Banner
* Update frida from 15.1.23 to 15.1.24 (#1975)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: openSSL link and readme update
* Hotfix: Broken slack channel link fix
* Hotfix: Windows setup script
* Feature Parity Allow iOS IPA download (#1977)
* Allow iOS IPA download
* Code QA
* Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)
* Add the checking of the parent element of the permission-related elements to manifest analysis
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Remove RELRO (#1978)
* Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)" (#1984)
HOTFIX: Revert #1905
* Scheduled weekly dependency update for week 26 (#1986)
* Update ip2location from 8.7.4 to 8.8.0
* Update frida from 15.1.24 to 15.1.27
* Update quark-engine from 22.5.1 to 22.6.1 (#1989)
* Scheduled weekly dependency update for week 28 (#1993)
* Update frida from 15.1.27 to 15.1.28
* Update tldextract from 3.3.0 to 3.3.1
* HOTFIX: libsast, iOS Rule, M1 Mac support
* Hotfix #1999
* Update frida from 15.1.28 to 15.2.2 (#2002)
* Update README.md (#2020)
add Badge App
* Fix bug #1917 where checking for stripped debugging symbols produces false positives in iOS. (#2023)
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.8.0 to 8.8.1 (#2035)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid to 2.1.4 (#2037)
* Adding tarfile member sanitization to extractall() (#2039)
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* fix res directory not exist (#2042)
Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory
* [EFR-02]Enterprise Feature Request - False Positive Triaging (#2000)
* Suppression logic
* Android code analysis suppression
* Fixes #1981
* iOS source support bundle id extraction
* iOS Source Code - Suppression support
* Remove check in CFBundleURLName
* iOS Binary code analysis suppression support
* Add Code QL
* Suppression support for Manifest analysis
* Fixes #2014
* REST API + Docs
* Address review comments
* update suppression wordings
* Fixes #2043
* Icon analysis code QA
* Unit Test for False Positive Triaging
* Adding numeric_owner as a keyword argument (#2050)
numeric_owner needs to be a keyword argument.
* Scheduled weekly dependency update for week 41 (#2046)
* Update quark-engine from 22.6.1 to 22.9.1
* Update frida from 15.2.2 to 16.0.1
* Update tldextract from 3.3.1 to 3.4.0
* Update openstep-parser from 1.5.3 to 1.5.4
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: revert frida to 15.X
* HOTFIX: UI changes and warning on mobsf.live (#2051)
* UI changes and warning on mobsf.live
* Update home.html
* HOTFIX: Split certificate analysis out, suppression list fixes (#2052)
* Hotfix: ui on donate page
* Hotfix: Homescreen Navbar
* Hotfix: UI icon
* hotfix for quyark rules location (#2053)
* HOTFIX: jadx update to 1.4.5 (#2064)
* jadx update to 1.4.5
* MobSF version bump
* Fixes CVE-2022-42889 in third party dependency
* Installation script error: Solving spelling error (#2067)
changed "installtion" to "installation"
* Android APK support extracting icon SVG from XML (#2060)
* Added support for SVG icon extraction
* Add jar binaries
* code refactoring
* Update settings.py
* HOTFIX: Setup improvement (#2078)
* Improve setup scripts.
* Python support to 3.8 - 3.10
* Delete MobSF data directory on running setup.
* Bump applicable dependencies.
* Apktool 2.7.0 update (#2082)
* Update apktool to version 2.7.0
* HOTFIX: Icon should be a file
* version bump
* New Android Manifest Rule: App support vulnerable android versions (#2114)
* add a new rule: dangerous os version
* qa
* lint checks
* run lint test on one os
* Support for filenames containing & (#2129)
Co-authored-by: none <none@none.com>
* HOTFIX: Fix docker build (#2135)
* Fix Scorecard Severity Distribution chart data (#2140)
* HOTIX: Update Dockerfile to install jq (#2149)
* Update Dockerfile
* Update tox.ini
* [HOTFIX] Add support for environment variable for MobSF config (#2150)
* add support for environment variable config
* Fixes #2109
* update lief
* HOTFIX: Fixes #2144
* HOTFIX: Android min SDK check on janus vulnerability detection (#2159)
* Android min SDK check on janus check
* Update README.md
* [Enterprise Feature Request EFR02] Support summary of severity in each section. (#2160)
* Summary for Android and iOS SCA
* [EFR05] Enterprise Feature Request: AAR and JAR support (#2163)
* AAR and JAR support
* Enable binary analysis for aar/jar
* Scheduled weekly dependency update for week 24 (#2187)
* Update ip2location from 8.9.0 to 8.10.0
* Update quark-engine from 22.10.1 to 23.5.1
* Update LIEF from to 0.13.1
* Update tldextract from 3.4.0 to 3.4.4
* Update requirements.txt
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update requirements.txt
0.13.1 not available.
* HOTFIX: update lief
* Revert Hotfix
* HOTFIX: Feature updates and Bug Fixes (#2197)
* OFAC, jquery bump, tox fix
* AAR handle multiple application tags
* HOTFIX: MobSF Android Dynamic Analysis Docker Support (#2214)
* MobSF Android Docker Support
* Pin pip version
* Update mobsf-test.yml
* updated requirements.txt to most recent django backend version and returned the data object internal to the class method scan_apk in mobsf/MobSF/views/scanning.py instead of the class's self.data.
* had to remove all returns of self.data from the scanning methods in mobsf/MobSF/views/scanning.py and just return the data object local to the method.
* Bug and lint fixes
* Lint fixes, JAR/AAR fix
* Lint fix
* Spell check update
* Attempt at fixing template error
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: superpoussin22 <vincent.nadal@orange.fr>
Co-authored-by: pyup.io bot <github-bot@pyup.io>
Co-authored-by: Matej Soroka <hi@matejsoroka.com>
Co-authored-by: N1neSun <917549681@qq.com>
Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com>
Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com>
Co-authored-by: Atarii <atarii@users.noreply.github.com>
Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com>
Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com>
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com>
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: ohyeah521 <ohyeah521@gmail.com>
Co-authored-by: th3-d4v1d-c0de <116191845+th3-d4v1d-c0de@users.noreply.github.com>
Co-authored-by: evmxattr <evmxattr@users.noreply.github.com>
Co-authored-by: none <none@none.com>
Co-authored-by: antoinbo <87284775+antoinbo@users.noreply.github.com>
Co-authored-by: brice-syslogic <65510350+brice-syslogic@users.noreply.github.com>
* Addressing 3.6.9 build issue (#175)
* HOTFIX: EFR01 Enterprise feature request (#1908)
* Replace Warning with Medium and added Hotspot
* Add file analysis to hotspot
* Enterprise Feature Request Flag
* EFR01 changes
* version bump
* update quark & frida (#1903)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update tldextract from 3.1.2 to 3.2.0 (#1910)
* upgrade apktool to 2.6.1 (#1915)
* Hotfix: Update slack link
* Hotfix: update slack link
* Hotfix: Slack link
* Hotfix:Slack link
* Hotfix:Slack link
* Introduce jadx decompilation timeout with env var (#1916)
* Introduce jadx decompilation timeout with env var
- exception for timeout
- replace subprocess.call for run
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.6.4 to 8.7.2 (#1926)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Scheduled weekly dependency update for week 13 (#1931)
* Update quark-engine from 22.2.1 to 22.3.1
* update lief
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid (#1939)
* Fix dynamic report_json api bug (#1934)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Hotfix: LIEF
* Update README.md (#1951)
* update jadx to 1.3.4 (#1941)
* update jadx to 1.3.4
* update lief
* update jadx and requirements
* Scheduled weekly dependency update for week 22 (#1972)
* Update ip2location from 8.7.3 to 8.7.4
* Update quark-engine from 22.4.1 to 22.5.1
* Update frida from 15.1.17 to 15.1.23
* Update tldextract from 3.2.1 to 3.3.0
* Check for updates via GitHub releases (#1957)
* Check the GitHub releases page for latest version number
* Update utils.py
Only log distro if not empty (or spaces)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update cert_analysis.py (#1948)
* Update cert_analysis.py
Flag on MD5 hash algorithm in signer certificate
* Update cert_analysis.py
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: Update Readme with Rewards Banner
* Update frida from 15.1.23 to 15.1.24 (#1975)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: openSSL link and readme update
* Hotfix: Broken slack channel link fix
* Hotfix: Windows setup script
* Feature Parity Allow iOS IPA download (#1977)
* Allow iOS IPA download
* Code QA
* Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)
* Add the checking of the parent element of the permission-related elements to manifest analysis
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Remove RELRO (#1978)
* Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)" (#1984)
HOTFIX: Revert #1905
* Scheduled weekly dependency update for week 26 (#1986)
* Update ip2location from 8.7.4 to 8.8.0
* Update frida from 15.1.24 to 15.1.27
* Update quark-engine from 22.5.1 to 22.6.1 (#1989)
* Scheduled weekly dependency update for week 28 (#1993)
* Update frida from 15.1.27 to 15.1.28
* Update tldextract from 3.3.0 to 3.3.1
* HOTFIX: libsast, iOS Rule, M1 Mac support
* Hotfix #1999
* Update frida from 15.1.28 to 15.2.2 (#2002)
* Update README.md (#2020)
add Badge App
* Fix bug #1917 where checking for stripped debugging symbols produces false positives in iOS. (#2023)
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.8.0 to 8.8.1 (#2035)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid to 2.1.4 (#2037)
* Adding tarfile member sanitization to extractall() (#2039)
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* fix res directory not exist (#2042)
Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory
* [EFR-02]Enterprise Feature Request - False Positive Triaging (#2000)
* Suppression logic
* Android code analysis suppression
* Fixes #1981
* iOS source support bundle id extraction
* iOS Source Code - Suppression support
* Remove check in CFBundleURLName
* iOS Binary code analysis suppression support
* Add Code QL
* Suppression support for Manifest analysis
* Fixes #2014
* REST API + Docs
* Address review comments
* update suppression wordings
* Fixes #2043
* Icon analysis code QA
* Unit Test for False Positive Triaging
* Adding numeric_owner as a keyword argument (#2050)
numeric_owner needs to be a keyword argument.
* Scheduled weekly dependency update for week 41 (#2046)
* Update quark-engine from 22.6.1 to 22.9.1
* Update frida from 15.2.2 to 16.0.1
* Update tldextract from 3.3.1 to 3.4.0
* Update openstep-parser from 1.5.3 to 1.5.4
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: revert frida to 15.X
* HOTFIX: UI changes and warning on mobsf.live (#2051)
* UI changes and warning on mobsf.live
* Update home.html
* HOTFIX: Split certificate analysis out, suppression list fixes (#2052)
* Hotfix: ui on donate page
* Hotfix: Homescreen Navbar
* Hotfix: UI icon
* hotfix for quyark rules location (#2053)
* HOTFIX: jadx update to 1.4.5 (#2064)
* jadx update to 1.4.5
* MobSF version bump
* Fixes CVE-2022-42889 in third party dependency
* Installation script error: Solving spelling error (#2067)
changed "installtion" to "installation"
* Android APK support extracting icon SVG from XML (#2060)
* Added support for SVG icon extraction
* Add jar binaries
* code refactoring
* Update settings.py
* HOTFIX: Setup improvement (#2078)
* Improve setup scripts.
* Python support to 3.8 - 3.10
* Delete MobSF data directory on running setup.
* Bump applicable dependencies.
* Apktool 2.7.0 update (#2082)
* Update apktool to version 2.7.0
* HOTFIX: Icon should be a file
* version bump
* New Android Manifest Rule: App support vulnerable android versions (#2114)
* add a new rule: dangerous os version
* qa
* lint checks
* run lint test on one os
* Support for filenames containing & (#2129)
Co-authored-by: none <none@none.com>
* HOTFIX: Fix docker build (#2135)
* Fix Scorecard Severity Distribution chart data (#2140)
* HOTIX: Update Dockerfile to install jq (#2149)
* Update Dockerfile
* Update tox.ini
* [HOTFIX] Add support for environment variable for MobSF config (#2150)
* add support for environment variable config
* Fixes #2109
* update lief
* HOTFIX: Fixes #2144
* HOTFIX: Android min SDK check on janus vulnerability detection (#2159)
* Android min SDK check on janus check
* Update README.md
* [Enterprise Feature Request EFR02] Support summary of severity in each section. (#2160)
* Summary for Android and iOS SCA
* [EFR05] Enterprise Feature Request: AAR and JAR support (#2163)
* AAR and JAR support
* Enable binary analysis for aar/jar
* Scheduled weekly dependency update for week 24 (#2187)
* Update ip2location from 8.9.0 to 8.10.0
* Update quark-engine from 22.10.1 to 23.5.1
* Update LIEF from to 0.13.1
* Update tldextract from 3.4.0 to 3.4.4
* Update requirements.txt
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update requirements.txt
0.13.1 not available.
* HOTFIX: update lief
* Revert Hotfix
* HOTFIX: Feature updates and Bug Fixes (#2197)
* OFAC, jquery bump, tox fix
* AAR handle multiple application tags
* HOTFIX: MobSF Android Dynamic Analysis Docker Support (#2214)
* MobSF Android Docker Support
* Pin pip version
* Update mobsf-test.yml
* updated requirements.txt to most recent django backend version and returned the data object internal to the class method scan_apk in mobsf/MobSF/views/scanning.py instead of the class's self.data.
* had to remove all returns of self.data from the scanning methods in mobsf/MobSF/views/scanning.py and just return the data object local to the method.
* Bug and lint fixes
* Lint fixes, JAR/AAR fix
* Lint fix
* Spell check update
* Attempt at fixing template error
* Locking http-tools to fix unit test failure
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: superpoussin22 <vincent.nadal@orange.fr>
Co-authored-by: pyup.io bot <github-bot@pyup.io>
Co-authored-by: Matej Soroka <hi@matejsoroka.com>
Co-authored-by: N1neSun <917549681@qq.com>
Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com>
Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com>
Co-authored-by: Atarii <atarii@users.noreply.github.com>
Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com>
Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com>
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com>
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: ohyeah521 <ohyeah521@gmail.com>
Co-authored-by: th3-d4v1d-c0de <116191845+th3-d4v1d-c0de@users.noreply.github.com>
Co-authored-by: evmxattr <evmxattr@users.noreply.github.com>
Co-authored-by: none <none@none.com>
Co-authored-by: antoinbo <87284775+antoinbo@users.noreply.github.com>
Co-authored-by: Jared Dembrun <Jdembrun@syslogicinc.com>
* Expired API key visual support (#176)
* HOTFIX: EFR01 Enterprise feature request (#1908)
* Replace Warning with Medium and added Hotspot
* Add file analysis to hotspot
* Enterprise Feature Request Flag
* EFR01 changes
* version bump
* update quark & frida (#1903)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update tldextract from 3.1.2 to 3.2.0 (#1910)
* upgrade apktool to 2.6.1 (#1915)
* Hotfix: Update slack link
* Hotfix: update slack link
* Hotfix: Slack link
* Hotfix:Slack link
* Hotfix:Slack link
* Introduce jadx decompilation timeout with env var (#1916)
* Introduce jadx decompilation timeout with env var
- exception for timeout
- replace subprocess.call for run
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.6.4 to 8.7.2 (#1926)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Scheduled weekly dependency update for week 13 (#1931)
* Update quark-engine from 22.2.1 to 22.3.1
* update lief
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid (#1939)
* Fix dynamic report_json api bug (#1934)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Hotfix: LIEF
* Update README.md (#1951)
* update jadx to 1.3.4 (#1941)
* update jadx to 1.3.4
* update lief
* update jadx and requirements
* Scheduled weekly dependency update for week 22 (#1972)
* Update ip2location from 8.7.3 to 8.7.4
* Update quark-engine from 22.4.1 to 22.5.1
* Update frida from 15.1.17 to 15.1.23
* Update tldextract from 3.2.1 to 3.3.0
* Check for updates via GitHub releases (#1957)
* Check the GitHub releases page for latest version number
* Update utils.py
Only log distro if not empty (or spaces)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update cert_analysis.py (#1948)
* Update cert_analysis.py
Flag on MD5 hash algorithm in signer certificate
* Update cert_analysis.py
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: Update Readme with Rewards Banner
* Update frida from 15.1.23 to 15.1.24 (#1975)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: openSSL link and readme update
* Hotfix: Broken slack channel link fix
* Hotfix: Windows setup script
* Feature Parity Allow iOS IPA download (#1977)
* Allow iOS IPA download
* Code QA
* Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)
* Add the checking of the parent element of the permission-related elements to manifest analysis
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Remove RELRO (#1978)
* Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)" (#1984)
HOTFIX: Revert #1905
* Scheduled weekly dependency update for week 26 (#1986)
* Update ip2location from 8.7.4 to 8.8.0
* Update frida from 15.1.24 to 15.1.27
* Update quark-engine from 22.5.1 to 22.6.1 (#1989)
* Scheduled weekly dependency update for week 28 (#1993)
* Update frida from 15.1.27 to 15.1.28
* Update tldextract from 3.3.0 to 3.3.1
* HOTFIX: libsast, iOS Rule, M1 Mac support
* Hotfix #1999
* Update frida from 15.1.28 to 15.2.2 (#2002)
* Update README.md (#2020)
add Badge App
* Fix bug #1917 where checking for stripped debugging symbols produces false positives in iOS. (#2023)
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.8.0 to 8.8.1 (#2035)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid to 2.1.4 (#2037)
* Adding tarfile member sanitization to extractall() (#2039)
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* fix res directory not exist (#2042)
Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory
* [EFR-02]Enterprise Feature Request - False Positive Triaging (#2000)
* Suppression logic
* Android code analysis suppression
* Fixes #1981
* iOS source support bundle id extraction
* iOS Source Code - Suppression support
* Remove check in CFBundleURLName
* iOS Binary code analysis suppression support
* Add Code QL
* Suppression support for Manifest analysis
* Fixes #2014
* REST API + Docs
* Address review comments
* update suppression wordings
* Fixes #2043
* Icon analysis code QA
* Unit Test for False Positive Triaging
* Adding numeric_owner as a keyword argument (#2050)
numeric_owner needs to be a keyword argument.
* Scheduled weekly dependency update for week 41 (#2046)
* Update quark-engine from 22.6.1 to 22.9.1
* Update frida from 15.2.2 to 16.0.1
* Update tldextract from 3.3.1 to 3.4.0
* Update openstep-parser from 1.5.3 to 1.5.4
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: revert frida to 15.X
* HOTFIX: UI changes and warning on mobsf.live (#2051)
* UI changes and warning on mobsf.live
* Update home.html
* HOTFIX: Split certificate analysis out, suppression list fixes (#2052)
* Hotfix: ui on donate page
* Hotfix: Homescreen Navbar
* Hotfix: UI icon
* hotfix for quyark rules location (#2053)
* HOTFIX: jadx update to 1.4.5 (#2064)
* jadx update to 1.4.5
* MobSF version bump
* Fixes CVE-2022-42889 in third party dependency
* Installation script error: Solving spelling error (#2067)
changed "installtion" to "installation"
* Android APK support extracting icon SVG from XML (#2060)
* Added support for SVG icon extraction
* Add jar binaries
* code refactoring
* Update settings.py
* HOTFIX: Setup improvement (#2078)
* Improve setup scripts.
* Python support to 3.8 - 3.10
* Delete MobSF data directory on running setup.
* Bump applicable dependencies.
* Apktool 2.7.0 update (#2082)
* Update apktool to version 2.7.0
* HOTFIX: Icon should be a file
* version bump
* New Android Manifest Rule: App support vulnerable android versions (#2114)
* add a new rule: dangerous os version
* qa
* lint checks
* run lint test on one os
* Support for filenames containing & (#2129)
Co-authored-by: none <none@none.com>
* HOTFIX: Fix docker build (#2135)
* Fix Scorecard Severity Distribution chart data (#2140)
* HOTIX: Update Dockerfile to install jq (#2149)
* Update Dockerfile
* Update tox.ini
* [HOTFIX] Add support for environment variable for MobSF config (#2150)
* add support for environment variable config
* Fixes #2109
* update lief
* HOTFIX: Fixes #2144
* HOTFIX: Android min SDK check on janus vulnerability detection (#2159)
* Android min SDK check on janus check
* Update README.md
* [Enterprise Feature Request EFR02] Support summary of severity in each section. (#2160)
* Summary for Android and iOS SCA
* [EFR05] Enterprise Feature Request: AAR and JAR support (#2163)
* AAR and JAR support
* Enable binary analysis for aar/jar
* Scheduled weekly dependency update for week 24 (#2187)
* Update ip2location from 8.9.0 to 8.10.0
* Update quark-engine from 22.10.1 to 23.5.1
* Update LIEF from to 0.13.1
* Update tldextract from 3.4.0 to 3.4.4
* Update requirements.txt
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update requirements.txt
0.13.1 not available.
* HOTFIX: update lief
* Revert Hotfix
* HOTFIX: Feature updates and Bug Fixes (#2197)
* OFAC, jquery bump, tox fix
* AAR handle multiple application tags
* HOTFIX: MobSF Android Dynamic Analysis Docker Support (#2214)
* MobSF Android Docker Support
* Pin pip version
* Update mobsf-test.yml
* updated requirements.txt to most recent django backend version and returned the data object internal to the class method scan_apk in mobsf/MobSF/views/scanning.py instead of the class's self.data.
* had to remove all returns of self.data from the scanning methods in mobsf/MobSF/views/scanning.py and just return the data object local to the method.
* Bug and lint fixes
* Lint fixes, JAR/AAR fix
* Lint fix
* Spell check update
* Attempt at fixing template error
* Locking http-tools to fix unit test failure
* Visual support for expired API keys
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: superpoussin22 <vincent.nadal@orange.fr>
Co-authored-by: pyup.io bot <github-bot@pyup.io>
Co-authored-by: Matej Soroka <hi@matejsoroka.com>
Co-authored-by: N1neSun <917549681@qq.com>
Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com>
Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com>
Co-authored-by: Atarii <atarii@users.noreply.github.com>
Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com>
Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com>
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com>
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: ohyeah521 <ohyeah521@gmail.com>
Co-authored-by: th3-d4v1d-c0de <116191845+th3-d4v1d-c0de@users.noreply.github.com>
Co-authored-by: evmxattr <evmxattr@users.noreply.github.com>
Co-authored-by: none <none@none.com>
Co-authored-by: antoinbo <87284775+antoinbo@users.noreply.github.com>
Co-authored-by: Jared Dembrun <Jdembrun@syslogicinc.com>
* [HOTFIX] Support webp for icon (#2267)
* [HOTFIX] Fixed that the icon cannot be found (#2265)
fixed that the icon cannot be found when the suffix name is uppercase
* Allow jpeg icons (#2268)
* [HOTFIX] Fix jadx and apktool failure due to JDK changes (#2269)
* Fix jadx and apktool failure due to JDK zip64 changes
* Merge 3.7.6 (#177)
* HOTFIX: EFR01 Enterprise feature request (#1908)
* Replace Warning with Medium and added Hotspot
* Add file analysis to hotspot
* Enterprise Feature Request Flag
* EFR01 changes
* version bump
* update quark & frida (#1903)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update tldextract from 3.1.2 to 3.2.0 (#1910)
* upgrade apktool to 2.6.1 (#1915)
* Hotfix: Update slack link
* Hotfix: update slack link
* Hotfix: Slack link
* Hotfix:Slack link
* Hotfix:Slack link
* Introduce jadx decompilation timeout with env var (#1916)
* Introduce jadx decompilation timeout with env var
- exception for timeout
- replace subprocess.call for run
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.6.4 to 8.7.2 (#1926)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Scheduled weekly dependency update for week 13 (#1931)
* Update quark-engine from 22.2.1 to 22.3.1
* update lief
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid (#1939)
* Fix dynamic report_json api bug (#1934)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Hotfix: LIEF
* Update README.md (#1951)
* update jadx to 1.3.4 (#1941)
* update jadx to 1.3.4
* update lief
* update jadx and requirements
* Scheduled weekly dependency update for week 22 (#1972)
* Update ip2location from 8.7.3 to 8.7.4
* Update quark-engine from 22.4.1 to 22.5.1
* Update frida from 15.1.17 to 15.1.23
* Update tldextract from 3.2.1 to 3.3.0
* Check for updates via GitHub releases (#1957)
* Check the GitHub releases page for latest version number
* Update utils.py
Only log distro if not empty (or spaces)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update cert_analysis.py (#1948)
* Update cert_analysis.py
Flag on MD5 hash algorithm in signer certificate
* Update cert_analysis.py
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: Update Readme with Rewards Banner
* Update frida from 15.1.23 to 15.1.24 (#1975)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: openSSL link and readme update
* Hotfix: Broken slack channel link fix
* Hotfix: Windows setup script
* Feature Parity Allow iOS IPA download (#1977)
* Allow iOS IPA download
* Code QA
* Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)
* Add the checking of the parent element of the permission-related elements to manifest analysis
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Remove RELRO (#1978)
* Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)" (#1984)
HOTFIX: Revert #1905
* Scheduled weekly dependency update for week 26 (#1986)
* Update ip2location from 8.7.4 to 8.8.0
* Update frida from 15.1.24 to 15.1.27
* Update quark-engine from 22.5.1 to 22.6.1 (#1989)
* Scheduled weekly dependency update for week 28 (#1993)
* Update frida from 15.1.27 to 15.1.28
* Update tldextract from 3.3.0 to 3.3.1
* HOTFIX: libsast, iOS Rule, M1 Mac support
* Hotfix #1999
* Update frida from 15.1.28 to 15.2.2 (#2002)
* Update README.md (#2020)
add Badge App
* Fix bug #1917 where checking for stripped debugging symbols produces false positives in iOS. (#2023)
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.8.0 to 8.8.1 (#2035)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid to 2.1.4 (#2037)
* Adding tarfile member sanitization to extractall() (#2039)
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* fix res directory not exist (#2042)
Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory
* [EFR-02]Enterprise Feature Request - False Positive Triaging (#2000)
* Suppression logic
* Android code analysis suppression
* Fixes #1981
* iOS source support bundle id extraction
* iOS Source Code - Suppression support
* Remove check in CFBundleURLName
* iOS Binary code analysis suppression support
* Add Code QL
* Suppression support for Manifest analysis
* Fixes #2014
* REST API + Docs
* Address review comments
* update suppression wordings
* Fixes #2043
* Icon analysis code QA
* Unit Test for False Positive Triaging
* Adding numeric_owner as a keyword argument (#2050)
numeric_owner needs to be a keyword argument.
* Scheduled weekly dependency update for week 41 (#2046)
* Update quark-engine from 22.6.1 to 22.9.1
* Update frida from 15.2.2 to 16.0.1
* Update tldextract from 3.3.1 to 3.4.0
* Update openstep-parser from 1.5.3 to 1.5.4
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: revert frida to 15.X
* HOTFIX: UI changes and warning on mobsf.live (#2051)
* UI changes and warning on mobsf.live
* Update home.html
* HOTFIX: Split certificate analysis out, suppression list fixes (#2052)
* Hotfix: ui on donate page
* Hotfix: Homescreen Navbar
* Hotfix: UI icon
* hotfix for quyark rules location (#2053)
* HOTFIX: jadx update to 1.4.5 (#2064)
* jadx update to 1.4.5
* MobSF version bump
* Fixes CVE-2022-42889 in third party dependency
* Installation script error: Solving spelling error (#2067)
changed "installtion" to "installation"
* Android APK support extracting icon SVG from XML (#2060)
* Added support for SVG icon extraction
* Add jar binaries
* code refactoring
* Update settings.py
* HOTFIX: Setup improvement (#2078)
* Improve setup scripts.
* Python support to 3.8 - 3.10
* Delete MobSF data directory on running setup.
* Bump applicable dependencies.
* Apktool 2.7.0 update (#2082)
* Update apktool to version 2.7.0
* HOTFIX: Icon should be a file
* version bump
* New Android Manifest Rule: App support vulnerable android versions (#2114)
* add a new rule: dangerous os version
* qa
* lint checks
* run lint test on one os
* Support for filenames containing & (#2129)
Co-authored-by: none <none@none.com>
* HOTFIX: Fix docker build (#2135)
* Fix Scorecard Severity Distribution chart data (#2140)
* HOTIX: Update Dockerfile to install jq (#2149)
* Update Dockerfile
* Update tox.ini
* [HOTFIX] Add support for environment variable for MobSF config (#2150)
* add support for environment variable config
* Fixes #2109
* update lief
* HOTFIX: Fixes #2144
* HOTFIX: Android min SDK check on janus vulnerability detection (#2159)
* Android min SDK check on janus check
* Update README.md
* [Enterprise Feature Request EFR02] Support summary of severity in each section. (#2160)
* Summary for Android and iOS SCA
* [EFR05] Enterprise Feature Request: AAR and JAR support (#2163)
* AAR and JAR support
* Enable binary analysis for aar/jar
* Scheduled weekly dependency update for week 24 (#2187)
* Update ip2location from 8.9.0 to 8.10.0
* Update quark-engine from 22.10.1 to 23.5.1
* Update LIEF from to 0.13.1
* Update tldextract from 3.4.0 to 3.4.4
* Update requirements.txt
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update requirements.txt
0.13.1 not available.
* HOTFIX: update lief
* Revert Hotfix
* HOTFIX: Feature updates and Bug Fixes (#2197)
* OFAC, jquery bump, tox fix
* AAR handle multiple application tags
* HOTFIX: MobSF Android Dynamic Analysis Docker Support (#2214)
* MobSF Android Docker Support
* Pin pip version
* Update mobsf-test.yml
* Update setup.py
* Hotfix: Docker error fixes
* Hotfix: Add Corellium support message
* Hotfix: Broken donate link fix
* Update dynamic_analysis.html (#2218)
* Hotfix: Handle Docker <-> ADB connectivity internally (#2219)
* host.docker.internal transilation for localhost
* Replace urlparse with re
* version bump
* update ascii art
* update apktool to 2.8.1 (#2220)
* update apktool (#2225)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: translate upstream proxy ip for docker
* Dynamic Analysis support alert (#2227)
* [HOTFIX] Regex + Rule Update (#2232)
* IOS Swift Rules updates
* Updated or added rules `ios_biometric_bool`, `ios_biometric_acl`, `ios_keychain_weak_acl_device_passcode`, `ios_keychain_weak_accessibility_value`, `ios_insecure_random_no_generator`, `ios_biometry_hardened`
* Regex Hardening: Fixes possible Regex DoS in rules and MobSF code base
* [HOTFIX][EFR06] Independent Shared Object (.so) Scan and Improved String search (#2228)
* String extraction from APK, Source, AAR, JAR, SO
* Strings sections to show source of strings extracted
* Strings Refactor
* Support for independent .SO scan
* Android SCA rules update
* Entropies scan support for strings
* URLs/Email extraction refactor
* Bug Fixes
* iOS Source Report Fix
* Frida APK Patcher (WIP)
* Dynamic Analyzer identifier not available
* Settings env var not working fix for enabled by default features
* AppSec Score fix
* Recent `scan not completed` fix for iOS zip
* HOTFIX: Improve code string extraction
* Update macho_analysis.py - SYMBOLS STRIPPED False Negative (#2234)
* Update macho_analysis.py
PR for this issue:
https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2233
* Update macho_analysis.py
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: fix IPA download support
* [HOTFIX][EFR-08] Dylib + Symbols + Other Features (#2239)
* Dylib analysis support + PDF for iOS Binary
* Dylib string extraction
* Improved iOS Plist secret extraction
* iOS/Android Form Validation QA
* Independent Dylib scan
* Symbols view for dylib and so
* Trackers support for so
* Fix missing exported components (#2176)
Components which are exported and have no permission were not listed in the results because of a wrong template description key.
Also added a warning if this happens again.
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* [HOTFIX][EFR09] AAR/JAR obfuscation and debug check + Exception Handed strings and symbols extraction (#2240)
* AAR/JAR obfuscation and debug check
* Exception handling symbols and strings from so/dylib
* [HOTFIX][EFR10] Independent Static Library(.a) ELF/MachO Analysis + Graceful Analysis (#2242)
* Independent Static Library(.a) ELF/MachO Analysis
* Mac FAT binary only supported on Mac
* Static and Dynamic Binary Analysis QA
* Refactor Dex permissions
* Fallback certificate analysis using apksigtool
* Refactor Androguard `apk.APK()` usage
* Pip to Poetry, Ubuntu Base image Bump, Dockerfile QA, Python 3.11 support (#2244)
* Docker base image update
* Docker file QA
* Github Actions version update
* Removed unwanted pinned repository
* Pip to Poetry migration
* Bump httptools
* Jump yara-python-dex
* Python 3.11 support
* [HOTFIX] Docker Buildx test (#2247)
* Docker image build test for PRs
* [HOTFIX] bs4 malformed xml parsing + xml namespace detection (#2248)
* Use BeautifulSoup4 to prettify malformed XML
* Detect non standard XML namespace in AndroidManifest.xml (Fixes : https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2198)
* Updated android permissions list
* Updated android permission update check script
* [HOTFIX] Migrate from setup.py to poetry, tox QA (#2249)
* Migrate from setup.py to use poetry build and publish
* Tox QA
* Version is now configured only at pyproject.toml
* Added poetry build test
* Updated mobsf PyPI publishing workflow
* Update local DBs
* Updates for 3.7.6
* Lint fixes
* More lint fixes
* self.data to data fix
* Template context fixes
* Lint fixes
* Lint fix
* context['template'] fix
* Lint fix
* Fixed bug in Compare UI
* Unit text fix
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: superpoussin22 <vincent.nadal@orange.fr>
Co-authored-by: pyup.io bot <github-bot@pyup.io>
Co-authored-by: Matej Soroka <hi@matejsoroka.com>
Co-authored-by: N1neSun <917549681@qq.com>
Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com>
Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com>
Co-authored-by: Atarii <atarii@users.noreply.github.com>
Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com>
Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com>
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com>
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: ohyeah521 <ohyeah521@gmail.com>
Co-authored-by: th3-d4v1d-c0de <116191845+th3-d4v1d-c0de@users.noreply.github.com>
Co-authored-by: evmxattr <evmxattr@users.noreply.github.com>
Co-authored-by: none <none@none.com>
Co-authored-by: antoinbo <87284775+antoinbo@users.noreply.github.com>
Co-authored-by: Karmaz <51202595+Karmaz95@users.noreply.github.com>
Co-authored-by: Abb4d0n <Abb4d0n@users.noreply.github.com>
* Updating background task Dockerfile (#178)
* HOTFIX: EFR01 Enterprise feature request (#1908)
* Replace Warning with Medium and added Hotspot
* Add file analysis to hotspot
* Enterprise Feature Request Flag
* EFR01 changes
* version bump
* update quark & frida (#1903)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update tldextract from 3.1.2 to 3.2.0 (#1910)
* upgrade apktool to 2.6.1 (#1915)
* Hotfix: Update slack link
* Hotfix: update slack link
* Hotfix: Slack link
* Hotfix:Slack link
* Hotfix:Slack link
* Introduce jadx decompilation timeout with env var (#1916)
* Introduce jadx decompilation timeout with env var
- exception for timeout
- replace subprocess.call for run
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.6.4 to 8.7.2 (#1926)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Scheduled weekly dependency update for week 13 (#1931)
* Update quark-engine from 22.2.1 to 22.3.1
* update lief
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid (#1939)
* Fix dynamic report_json api bug (#1934)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Hotfix: LIEF
* Update README.md (#1951)
* update jadx to 1.3.4 (#1941)
* update jadx to 1.3.4
* update lief
* update jadx and requirements
* Scheduled weekly dependency update for week 22 (#1972)
* Update ip2location from 8.7.3 to 8.7.4
* Update quark-engine from 22.4.1 to 22.5.1
* Update frida from 15.1.17 to 15.1.23
* Update tldextract from 3.2.1 to 3.3.0
* Check for updates via GitHub releases (#1957)
* Check the GitHub releases page for latest version number
* Update utils.py
Only log distro if not empty (or spaces)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update cert_analysis.py (#1948)
* Update cert_analysis.py
Flag on MD5 hash algorithm in signer certificate
* Update cert_analysis.py
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: Update Readme with Rewards Banner
* Update frida from 15.1.23 to 15.1.24 (#1975)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: openSSL link and readme update
* Hotfix: Broken slack channel link fix
* Hotfix: Windows setup script
* Feature Parity Allow iOS IPA download (#1977)
* Allow iOS IPA download
* Code QA
* Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)
* Add the checking of the parent element of the permission-related elements to manifest analysis
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Remove RELRO (#1978)
* Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)" (#1984)
HOTFIX: Revert #1905
* Scheduled weekly dependency update for week 26 (#1986)
* Update ip2location from 8.7.4 to 8.8.0
* Update frida from 15.1.24 to 15.1.27
* Update quark-engine from 22.5.1 to 22.6.1 (#1989)
* Scheduled weekly dependency update for week 28 (#1993)
* Update frida from 15.1.27 to 15.1.28
* Update tldextract from 3.3.0 to 3.3.1
* HOTFIX: libsast, iOS Rule, M1 Mac support
* Hotfix #1999
* Update frida from 15.1.28 to 15.2.2 (#2002)
* Update README.md (#2020)
add Badge App
* Fix bug #1917 where checking for stripped debugging symbols produces false positives in iOS. (#2023)
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.8.0 to 8.8.1 (#2035)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid to 2.1.4 (#2037)
* Adding tarfile member sanitization to extractall() (#2039)
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* fix res directory not exist (#2042)
Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory
* [EFR-02]Enterprise Feature Request - False Positive Triaging (#2000)
* Suppression logic
* Android code analysis suppression
* Fixes #1981
* iOS source support bundle id extraction
* iOS Source Code - Suppression support
* Remove check in CFBundleURLName
* iOS Binary code analysis suppression support
* Add Code QL
* Suppression support for Manifest analysis
* Fixes #2014
* REST API + Docs
* Address review comments
* update suppression wordings
* Fixes #2043
* Icon analysis code QA
* Unit Test for False Positive Triaging
* Adding numeric_owner as a keyword argument (#2050)
numeric_owner needs to be a keyword argument.
* Scheduled weekly dependency update for week 41 (#2046)
* Update quark-engine from 22.6.1 to 22.9.1
* Update frida from 15.2.2 to 16.0.1
* Update tldextract from 3.3.1 to 3.4.0
* Update openstep-parser from 1.5.3 to 1.5.4
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: revert frida to 15.X
* HOTFIX: UI changes and warning on mobsf.live (#2051)
* UI changes and warning on mobsf.live
* Update home.html
* HOTFIX: Split certificate analysis out, suppression list fixes (#2052)
* Hotfix: ui on donate page
* Hotfix: Homescreen Navbar
* Hotfix: UI icon
* hotfix for quyark rules location (#2053)
* HOTFIX: jadx update to 1.4.5 (#2064)
* jadx update to 1.4.5
* MobSF version bump
* Fixes CVE-2022-42889 in third party dependency
* Installation script error: Solving spelling error (#2067)
changed "installtion" to "installation"
* Android APK support extracting icon SVG from XML (#2060)
* Added support for SVG icon extraction
* Add jar binaries
* code refactoring
* Update settings.py
* HOTFIX: Setup improvement (#2078)
* Improve setup scripts.
* Python support to 3.8 - 3.10
* Delete MobSF data directory on running setup.
* Bump applicable dependencies.
* Apktool 2.7.0 update (#2082)
* Update apktool to version 2.7.0
* HOTFIX: Icon should be a file
* version bump
* New Android Manifest Rule: App support vulnerable android versions (#2114)
* add a new rule: dangerous os version
* qa
* lint checks
* run lint test on one os
* Support for filenames containing & (#2129)
Co-authored-by: none <none@none.com>
* HOTFIX: Fix docker build (#2135)
* Fix Scorecard Severity Distribution chart data (#2140)
* HOTIX: Update Dockerfile to install jq (#2149)
* Update Dockerfile
* Update tox.ini
* [HOTFIX] Add support for environment variable for MobSF config (#2150)
* add support for environment variable config
* Fixes #2109
* update lief
* HOTFIX: Fixes #2144
* HOTFIX: Android min SDK check on janus vulnerability detection (#2159)
* Android min SDK check on janus check
* Update README.md
* [Enterprise Feature Request EFR02] Support summary of severity in each section. (#2160)
* Summary for Android and iOS SCA
* [EFR05] Enterprise Feature Request: AAR and JAR support (#2163)
* AAR and JAR support
* Enable binary analysis for aar/jar
* Scheduled weekly dependency update for week 24 (#2187)
* Update ip2location from 8.9.0 to 8.10.0
* Update quark-engine from 22.10.1 to 23.5.1
* Update LIEF from to 0.13.1
* Update tldextract from 3.4.0 to 3.4.4
* Update requirements.txt
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update requirements.txt
0.13.1 not available.
* HOTFIX: update lief
* Revert Hotfix
* HOTFIX: Feature updates and Bug Fixes (#2197)
* OFAC, jquery bump, tox fix
* AAR handle multiple application tags
* HOTFIX: MobSF Android Dynamic Analysis Docker Support (#2214)
* MobSF Android Docker Support
* Pin pip version
* Update mobsf-test.yml
* Update setup.py
* Hotfix: Docker error fixes
* Hotfix: Add Corellium support message
* Hotfix: Broken donate link fix
* Update dynamic_analysis.html (#2218)
* Hotfix: Handle Docker <-> ADB connectivity internally (#2219)
* host.docker.internal transilation for localhost
* Replace urlparse with re
* version bump
* update ascii art
* update apktool to 2.8.1 (#2220)
* update apktool (#2225)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: translate upstream proxy ip for docker
* Dynamic Analysis support alert (#2227)
* [HOTFIX] Regex + Rule Update (#2232)
* IOS Swift Rules updates
* Updated or added rules `ios_biometric_bool`, `ios_biometric_acl`, `ios_keychain_weak_acl_device_passcode`, `ios_keychain_weak_accessibility_value`, `ios_insecure_random_no_generator`, `ios_biometry_hardened`
* Regex Hardening: Fixes possible Regex DoS in rules and MobSF code base
* [HOTFIX][EFR06] Independent Shared Object (.so) Scan and Improved String search (#2228)
* String extraction from APK, Source, AAR, JAR, SO
* Strings sections to show source of strings extracted
* Strings Refactor
* Support for independent .SO scan
* Android SCA rules update
* Entropies scan support for strings
* URLs/Email extraction refactor
* Bug Fixes
* iOS Source Report Fix
* Frida APK Patcher (WIP)
* Dynamic Analyzer identifier not available
* Settings env var not working fix for enabled by default features
* AppSec Score fix
* Recent `scan not completed` fix for iOS zip
* HOTFIX: Improve code string extraction
* Update macho_analysis.py - SYMBOLS STRIPPED False Negative (#2234)
* Update macho_analysis.py
PR for this issue:
https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2233
* Update macho_analysis.py
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: fix IPA download support
* [HOTFIX][EFR-08] Dylib + Symbols + Other Features (#2239)
* Dylib analysis support + PDF for iOS Binary
* Dylib string extraction
* Improved iOS Plist secret extraction
* iOS/Android Form Validation QA
* Independent Dylib scan
* Symbols view for dylib and so
* Trackers support for so
* Fix missing exported components (#2176)
Components which are exported and have no permission were not listed in the results because of a wrong template description key.
Also added a warning if this happens again.
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* [HOTFIX][EFR09] AAR/JAR obfuscation and debug check + Exception Handed strings and symbols extraction (#2240)
* AAR/JAR obfuscation and debug check
* Exception handling symbols and strings from so/dylib
* [HOTFIX][EFR10] Independent Static Library(.a) ELF/MachO Analysis + Graceful Analysis (#2242)
* Independent Static Library(.a) ELF/MachO Analysis
* Mac FAT binary only supported on Mac
* Static and Dynamic Binary Analysis QA
* Refactor Dex permissions
* Fallback certificate analysis using apksigtool
* Refactor Androguard `apk.APK()` usage
* Pip to Poetry, Ubuntu Base image Bump, Dockerfile QA, Python 3.11 support (#2244)
* Docker base image update
* Docker file QA
* Github Actions version update
* Removed unwanted pinned repository
* Pip to Poetry migration
* Bump httptools
* Jump yara-python-dex
* Python 3.11 support
* [HOTFIX] Docker Buildx test (#2247)
* Docker image build test for PRs
* [HOTFIX] bs4 malformed xml parsing + xml namespace detection (#2248)
* Use BeautifulSoup4 to prettify malformed XML
* Detect non standard XML namespace in AndroidManifest.xml (Fixes : https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2198)
* Updated android permissions list
* Updated android permission update check script
* [HOTFIX] Migrate from setup.py to poetry, tox QA (#2249)
* Migrate from setup.py to use poetry build and publish
* Tox QA
* Version is now configured only at pyproject.toml
* Added poetry build test
* Updated mobsf PyPI publishing workflow
* Update local DBs
* Updates for 3.7.6
* Lint fixes
* More lint fixes
* self.data to data fix
* Template context fixes
* Lint fixes
* Lint fix
* context['template'] fix
* Lint fix
* Fixed bug in Compare UI
* Unit text fix
* Updating background Dockerfile
* Lint fix
* Lint fix
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: superpoussin22 <vincent.nadal@orange.fr>
Co-authored-by: pyup.io bot <github-bot@pyup.io>
Co-authored-by: Matej Soroka <hi@matejsoroka.com>
Co-authored-by: N1neSun <917549681@qq.com>
Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com>
Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com>
Co-authored-by: Atarii <atarii@users.noreply.github.com>
Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com>
Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com>
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com>
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: ohyeah521 <ohyeah521@gmail.com>
Co-authored-by: th3-d4v1d-c0de <116191845+th3-d4v1d-c0de@users.noreply.github.com>
Co-authored-by: evmxattr <evmxattr@users.noreply.github.com>
Co-authored-by: none <none@none.com>
Co-authored-by: antoinbo <87284775+antoinbo@users.noreply.github.com>
Co-authored-by: Karmaz <51202595+Karmaz95@users.noreply.github.com>
Co-authored-by: Abb4d0n <Abb4d0n@users.noreply.github.com>
* Fix for timestamp scan error (#179)
* HOTFIX: EFR01 Enterprise feature request (#1908)
* Replace Warning with Medium and added Hotspot
* Add file analysis to hotspot
* Enterprise Feature Request Flag
* EFR01 changes
* version bump
* update quark & frida (#1903)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update tldextract from 3.1.2 to 3.2.0 (#1910)
* upgrade apktool to 2.6.1 (#1915)
* Hotfix: Update slack link
* Hotfix: update slack link
* Hotfix: Slack link
* Hotfix:Slack link
* Hotfix:Slack link
* Introduce jadx decompilation timeout with env var (#1916)
* Introduce jadx decompilation timeout with env var
- exception for timeout
- replace subprocess.call for run
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.6.4 to 8.7.2 (#1926)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Scheduled weekly dependency update for week 13 (#1931)
* Update quark-engine from 22.2.1 to 22.3.1
* update lief
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid (#1939)
* Fix dynamic report_json api bug (#1934)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Hotfix: LIEF
* Update README.md (#1951)
* update jadx to 1.3.4 (#1941)
* update jadx to 1.3.4
* update lief
* update jadx and requirements
* Scheduled weekly dependency update for week 22 (#1972)
* Update ip2location from 8.7.3 to 8.7.4
* Update quark-engine from 22.4.1 to 22.5.1
* Update frida from 15.1.17 to 15.1.23
* Update tldextract from 3.2.1 to 3.3.0
* Check for updates via GitHub releases (#1957)
* Check the GitHub releases page for latest version number
* Update utils.py
Only log distro if not empty (or spaces)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update cert_analysis.py (#1948)
* Update cert_analysis.py
Flag on MD5 hash algorithm in signer certificate
* Update cert_analysis.py
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: Update Readme with Rewards Banner
* Update frida from 15.1.23 to 15.1.24 (#1975)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: openSSL link and readme update
* Hotfix: Broken slack channel link fix
* Hotfix: Windows setup script
* Feature Parity Allow iOS IPA download (#1977)
* Allow iOS IPA download
* Code QA
* Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)
* Add the checking of the parent element of the permission-related elements to manifest analysis
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Remove RELRO (#1978)
* Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (#1905)" (#1984)
HOTFIX: Revert #1905
* Scheduled weekly dependency update for week 26 (#1986)
* Update ip2location from 8.7.4 to 8.8.0
* Update frida from 15.1.24 to 15.1.27
* Update quark-engine from 22.5.1 to 22.6.1 (#1989)
* Scheduled weekly dependency update for week 28 (#1993)
* Update frida from 15.1.27 to 15.1.28
* Update tldextract from 3.3.0 to 3.3.1
* HOTFIX: libsast, iOS Rule, M1 Mac support
* Hotfix #1999
* Update frida from 15.1.28 to 15.2.2 (#2002)
* Update README.md (#2020)
add Badge App
* Fix bug #1917 where checking for stripped debugging symbols produces false positives in iOS. (#2023)
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update ip2location from 8.8.0 to 8.8.1 (#2035)
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* update apkid to 2.1.4 (#2037)
* Adding tarfile member sanitization to extractall() (#2039)
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* fix res directory not exist (#2042)
Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory
* [EFR-02]Enterprise Feature Request - False Positive Triaging (#2000)
* Suppression logic
* Android code analysis suppression
* Fixes #1981
* iOS source support bundle id extraction
* iOS Source Code - Suppression support
* Remove check in CFBundleURLName
* iOS Binary code analysis suppression support
* Add Code QL
* Suppression support for Manifest analysis
* Fixes #2014
* REST API + Docs
* Address review comments
* update suppression wordings
* Fixes #2043
* Icon analysis code QA
* Unit Test for False Positive Triaging
* Adding numeric_owner as a keyword argument (#2050)
numeric_owner needs to be a keyword argument.
* Scheduled weekly dependency update for week 41 (#2046)
* Update quark-engine from 22.6.1 to 22.9.1
* Update frida from 15.2.2 to 16.0.1
* Update tldextract from 3.3.1 to 3.4.0
* Update openstep-parser from 1.5.3 to 1.5.4
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* HOTFIX: revert frida to 15.X
* HOTFIX: UI changes and warning on mobsf.live (#2051)
* UI changes and warning on mobsf.live
* Update home.html
* HOTFIX: Split certificate analysis out, suppression list fixes (#2052)
* Hotfix: ui on donate page
* Hotfix: Homescreen Navbar
* Hotfix: UI icon
* hotfix for quyark rules location (#2053)
* HOTFIX: jadx update to 1.4.5 (#2064)
* jadx update to 1.4.5
* MobSF version bump
* Fixes CVE-2022-42889 in third party dependency
* Installation script error: Solving spelling error (#2067)
changed "installtion" to "installation"
* Android APK support extracting icon SVG from XML (#2060)
* Added support for SVG icon extraction
* Add jar binaries
* code refactoring
* Update settings.py
* HOTFIX: Setup improvement (#2078)
* Improve setup scripts.
* Python support to 3.8 - 3.10
* Delete MobSF data directory on running setup.
* Bump applicable dependencies.
* Apktool 2.7.0 update (#2082)
* Update apktool to version 2.7.0
* HOTFIX: Icon should be a file
* version bump
* New Android Manifest Rule: App support vulnerable android versions (#2114)
* add a new rule: dangerous os version
* qa
* lint checks
* run lint test on one os
* Support for filenames containing & (#2129)
Co-authored-by: none <none@none.com>
* HOTFIX: Fix docker build (#2135)
* Fix Scorecard Severity Distribution chart data (#2140)
* HOTIX: Update Dockerfile to install jq (#2149)
* Update Dockerfile
* Update tox.ini
* [HOTFIX] Add support for environment variable for MobSF config (#2150)
* add support for environment variable config
* Fixes #2109
* update lief
* HOTFIX: Fixes #2144
* HOTFIX: Android min SDK check on janus vulnerability detection (#2159)
* Android min SDK check on janus check
* Update README.md
* [Enterprise Feature Request EFR02] Support summary of severity in each section. (#2160)
* Summary for Android and iOS SCA
* [EFR05] Enterprise Feature Request: AAR and JAR support (#2163)
* AAR and JAR support
* Enable binary analysis for aar/jar
* Scheduled weekly dependency update for week 24 (#2187)
* Update ip2location from 8.9.0 to 8.10.0
* Update quark-engine from 22.10.1 to 23.5.1
* Update LIEF from to 0.13.1
* Update tldextract from 3.4.0 to 3.4.4
* Update requirements.txt
---------
Co-authored-by: Ajin Abraham <ajin25@gmail.com>
* Update requirements.txt
0.13.1 not available.
…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Initial merge of MobSF v3.7.6 release