xebia / mobilehacktools

A repository for scripting a mobile attack toolchain
MIT License
63 stars 15 forks source link
android ios mobile-security mobile-security-testing pentest

Mobile Security Toolchain

Build Status

This is the mobile security toolchain project. It is loosely based on the MSTG testing tools section (https://github.com/OWASP/owasp-mstg/blob/master/Document/0x08-Testing-Tools.md).

Current status

The project is in early beta stage. Feel free to contribute! Note that developments are currently slow as the primary focus is now on developing the MSTG. There are quiet a few bugs when running this on Catalina. We hope to resolve them in 2021 (as Corona outbreak made our work a little harder) unless a volunteer arrives earlier ;-).

Pre-requisites

Have a Mac OS X based system (needs 10.13.x) with about 4 GB of RAM and 4 GB of free space. Next, install Docker for Mac on it and then:

  ansible-playbook ./Android/generic_items.yml

Please note: the iOS part requires you to install XCode using the Mac App Store (MAS) which will ask you to authenticate with a popup.

Tools

Brew, pip and Ansible will be installed first, if not available. Then generic, iOS and Android tools will be installed:

Generic Tools

Tools for Android

Tools for iOS

Quirks

As we are still in development of 1.0, there are the following quirks:

  chgrp -R admin /usr/local/*
  chmod -R g+w /usr/local/*

and otherwise you can follow this fix.

Contribution

Does something not work? Create an issue, or even better: create a pull-request!

Special thanks to

@clviper (reviewing), @andreaslindeboom for a lot of ansible improvements, @meetinthemiddle-be for testing & @sushi2k for contributing & @hierynomus for fixing travis issues & @RiieCco for motivating me to get the project started. @geerlingguy for creating awesome Ansible roles that speeded up the development tremendously. Xebia, as a company from which I used an private repo to start hacking at the project. My wife for supporting me in doing mobile security open source projects in my spare time.