search

infinite-omicron / pentesting-vm

Penetration Testing Virtual Machine
GNU General Public License v3.0
2 stars 2 forks source link

mobsf installation errors #13

Open oxr463 opened 2 years ago

oxr463 commented 2 years ago 
default: ERROR: Could not find a version that satisfies the requirement yara-python-dex>=1.0.0 (from apkid==2.1.2->-r requirements.txt (line 24)) (from versions: none)
default: ERROR: No matching distribution found for yara-python-dex>=1.0.0 (from apkid==2.1.2->-r requirements.txt (line 24))
    default: [INSTALL] Migrating Database
    default: Traceback (most recent call last):
    default:   File "manage.py", line 12, in <module>
    default:     from django.core.management import execute_from_command_line
    default: ModuleNotFoundError: No module named 'django'
    default: Traceback (most recent call last):
    default:   File "manage.py", line 12, in <module>
    default:     from django.core.management import execute_from_command_line
    default: ModuleNotFoundError: No module named 'django'
    default: Traceback (most recent call last):
    default:   File "manage.py", line 12, in <module>
    default:     from django.core.management import execute_from_command_line
    default: ModuleNotFoundError: No module named 'django'
    default: ./setup.sh: line 71: wkhtmltopdf: command not found
outzhu commented 2 years ago

What version is python3? Python3.10 breaks the setup.

Also might need to change apkid==2.1.2 to apkid==2.1.1 in requirements.txt

And add dependencies

oxr463 commented 2 years ago

What version is python3? Python3.10 https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1854#issuecomment-1115731963 the setup.

For Vagrant, we're using Python 3.9 on Alpine 3.14

Reference(s):

oxr463 commented 2 years ago

Also might need to change apkid==2.1.2 to apkid==2.1.1 in requirements.txt

That would need to be a PR upstream.

outzhu commented 2 years ago

I couldn't find the alternative packages for Alpine Is there an alternative solution for mobsf?

oxr463 commented 2 years ago

I couldn't find the alternative packages for Alpine

The names wouldn't be the same. Here is what I found.

Debian Alpine
python3-venv py3-virtualenv
python3-pip py3-pip
build-essential alpine-sdk
libssl-dev openssl3-dev
libxslt1-dev libxslt-dev
libjpeg8-dev jpeg-dev
zlib1g-dev zlib-dev
wkhtmltopdf wkhtmltopdf*

*looks like this was dropped in https://gitlab.alpinelinux.org/alpine/aports/-/issues/12888

Is there an alternative solution for mobsf?

No, we need this tool for mobile app testing.

outzhu commented 2 years ago

I've hit a block due to the packages requirements.

==> pentesting-vagrant.vagrant.alpine: ./setup.sh: line 72: wkhtmltopdf: command not found

package required:

==> pentesting-vagrant.vagrant.alpine: ERROR: unable to select packages:
    pentesting-vagrant.vagrant.alpine:   openssl3-dev (no such package):

unable to fetch packages:

oxr463 commented 2 years ago

We might be blocked on mobsf for now due to that dependency issue. Maybe for now we can comment it out to get our packer build to succeeded.

Reference(s):

outzhu commented 1 year ago

Do you have any resources that I can study to repackage wkhtmltopdf for Alpine?

Reading through this https://wiki.alpinelinux.org/wiki/APKBUILD_Reference.

oxr463 commented 1 year ago

Do you have any resources that I can study to repackage wkhtmltopdf for Alpine?

Reading through this https://wiki.alpinelinux.org/wiki/APKBUILD_Reference.

Alpine dropped the package due to security issues... We might be able to just build it from source as part of our Packer builds.

Also, looks like MobSF might replace that dependency per https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1982.

oxr463 commented 1 year ago

See also: https://github.com/wkhtmltopdf/packaging

outzhu commented 1 year ago

See also: https://github.com/wkhtmltopdf/packaging

They don't seem to have Alpine.