[FEATURE] Split Analysis Process and Add API for Listing Analyzed APKs

[defencore]

Description:

I propose adding new features to MobSF to improve its flexibility:

1. Split the Analysis Process into Two Steps

The suggested feature splits the analysis process into:

• APK Unpacking: A step where the file is prepared for analysis.
• APK Analysis: The actual static analysis of the application.

This would allow users to intervene when issues arise during the unpacking stage, such as when MobSF's built-in tools fail to process an APK. Users could manually prepare the APK and then continue with the analysis.

2. API Endpoint to List Analyzed APKs

I propose adding an API endpoint to retrieve a list of APKs that have already been analyzed in MobSF. This endpoint would return:

• MD5 hash
• File name
• Package name

This feature would streamline MobSF integration with other tools and avoid redundant analysis of previously processed APKs.

Integration with Existing Logic:

• New routes have been added in urls.py:

  re_path(r'^api/v1/apk/unpack$', api_sz.api_apk_unpack),
  re_path(r'^api/v1/apk/analyze$', api_sz.api_apk_analyze),
  re_path(r'^api/v1/apk/list$', api_sz.api_apk_list),

• Two new methods handle the unpacking and analysis processes:
  • static_analyzer_apk_unpack(request, checksum, api=False)
  • static_analyzer_apk_analyze(request, checksum, api=False)
    These methods save the unpacked APK's context (app_dic) into a {checksum}.dic file, allowing users to resume the analysis after manual intervention.
• Added API endpoints:
  • api_apk_unpack(request): Handles APK unpacking via API.
  • api_apk_analyze(request): Handles APK analysis via API.
  • api_apk_list(request): Returns a list of MD5 hashes, file names, and package names for all analyzed APKs.

Expected Impact:

• Improved flexibility in handling non-standard APKs.
• Enhanced integration of MobSF with external systems through APIs to retrieve analysis data.

mobsf_api_static_analysis.patch mobsf_static_analyzer.patch mobsf_urls.patch

[github-actions[bot]]

👋 @defencore Issues is only for reporting a bug/feature request. For limited support, questions, and discussions, please join MobSF Slack channel Please include all the requested and relevant information when opening a bug report. Improper reports will be closed without any response.