Security Test Tool ---- install MobSF (static analyzer configuration), test tool ---- mobsf

Security Test Tool ---- install MobSF (static analyzer configuration), test tool ---- mobsf

MobSF can perform Security Testing and Analysis on ios and android, and perform static and dynamic analysis on apps. Currently, ios can only perform dynamic analysis, while android can perform static analysis, you can also perform dynamic analysis. This time, it mainly describes the configuration of the static analyzer in windows, so you can perform basic static analysis.

The static analyzer should be configured as follows:

1. Install jdk and configure Environment Variables

Download jdk

Java environment variable configuration

Note: Do not change the default installation path. Otherwise, you must modify

2. Install python and configure Environment Variables

Python download

Python environment variable configuration

Note: We recommend that you install version 2.7. Other versions may report errors.

3. Download MobSF

Download MobSF

Decompress the downloaded compressed file, save it to drive C, and change the file name to MobSF for later installation.

4. Install MobSF

To install MobSF, run the pip command.

The first time I came into contact with pip, I was a little confused. In fact, I used python commands to install some dependent packages required by MobSF.

The installation process is as follows:

(1) Open the command window (or use the shortcut win + R)

Figure 1

(2) switch the file path in figure 1 to C: \ MobSF \

How to switch? What should I do if I do not switch during the first operation?

Step 1: Enter cd... and press enter (Figure 2) for two consecutive times to switch the directory to the C root directory, 3

Figure 2

Figure 3

Step 2: enter cdMobSF to switch the directory to C: \ MobSF \, 4

Figure 4

(3) install MobSF

Step 1: At the cursor in figure 4, enter the line command pip install-rrequirements.txt and press enter (5)

Figure 5

Step 2: Under C: \ MobSF \, enter the command: python manage. py runserver port number, 6 (the port number is any uncommon port number. We recommend that you enter a fixed port number, take 8001 as an example)

Then it will be installed automatically. During the installation process, the system will prompt that the dependency package is missing, and you need to use the command or install it directly. Not necessarily, step by step. What is missing, for installation instructions, Run "pip install package name". Note that the command must be entered in the C: \ MobSF \ directory.

Figure 6

Step 3: Check whether the installation is successful

If the installation is successful, the static analysis address shown in 7 can be opened in the browser (figure 8)

Figure 7

Figure 8

8. You can upload the App installation package for security testing and analysis.

The installation process seems simple, but there are too many exceptions in the middle.