{"id":13529863,"url":"https://github.com/mpast/mobileAudit","last_synced_at":"2025-04-01T17:31:24.311Z","repository":{"id":42122667,"uuid":"314791475","full_name":"mpast/mobileAudit","owner":"mpast","description":"Django application that performs SAST and Malware Analysis for Android APKs","archived":false,"fork":false,"pushed_at":"2024-03-09T17:34:22.000Z","size":5563,"stargazers_count":189,"open_issues_count":1,"forks_count":43,"subscribers_count":9,"default_branch":"main","last_synced_at":"2024-03-09T18:33:13.537Z","etag":null,"topics":["androguard","android-security","apk","apk-analysis","code-security","defect-dojo","django","django-rest-framework","docker","malware","malware-analysis","mobile-audit","mobile-security","sast","virustotal"],"latest_commit_sha":null,"homepage":"https://owasp.org/www-project-mobile-audit/","language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mpast.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-11-21T11:01:32.000Z","updated_at":"2024-04-15T01:25:05.613Z","dependencies_parsed_at":"2023-02-18T09:16:04.749Z","dependency_job_id":"c3a7e8f8-182f-4268-b2bc-d6d0c34fa6e4","html_url":"https://github.com/mpast/mobileAudit","commit_stats":null,"previous_names":[],"tags_count":19,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mpast%2FmobileAudit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mpast%2FmobileAudit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mpast%2FmobileAudit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mpast%2FmobileAudit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mpast","download_url":"https://codeload.github.com/mpast/mobileAudit/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":222748189,"owners_count":17031897,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["androguard","android-security","apk","apk-analysis","code-security","defect-dojo","django","django-rest-framework","docker","malware","malware-analysis","mobile-audit","mobile-security","sast","virustotal"],"created_at":"2024-08-01T07:00:40.103Z","updated_at":"2024-11-02T16:31:19.388Z","avatar_url":"https://github.com/mpast.png","language":"HTML","readme":"## Mobile Audit\n\n![Icon](app/static/mobile_audit.png)\n\n**MobileAudit** - SAST and Malware Analysis for Android Mobile APKs\n\n- [Mobile Audit](#mobile-audit)\n  - [Components](#components)\n  - [Docker Base images](#docker-base-images)\n  - [Main features](#main-features)\n  - [Patterns](#patterns)\n  - [Models](#models)\n    - [Virus Total (API v3)](#virus-total-api-v3)\n    - [Defect Dojo (API v2)](#defect-dojo-api-v2)\n    - [MalwareDB \\\u0026 Maltrail](#malwaredb--maltrail)\n  - [Installation](#installation)\n  - [API v1](#api-v1)\n    - [Usage](#usage)\n    - [Swagger](#swagger)\n    - [ReDoc](#redoc)\n    - [Endpoints](#endpoints)\n  - [TLS](#tls)\n    - [Pre-requirements](#pre-requirements)\n    - [Nginx configuration](#nginx-configuration)\n    - [Docker configuration](#docker-configuration)\n  - [Environment variables](#environment-variables)\n---------------------------------------\n\nDjango Web application for performing Static Analysis and detecting malware in Android APKs\n\n![App](app/static/app.png)\n\nIn each of the scans, it would have the following information:\n\n* Application Info\n* Security Info\n* Components\n* SAST Findings\n* Best Practices Implemented\n* Virus Total Info\n* Certificate Info\n* Strings\n* Databases\n* Files\n\n![App](app/static/scan.png)\n\nFor easy access there is a sidebar on the left page of the scan:\n\n![Menu](app/static/menu.png)\n\n### Components\n\n![Schema](app/static/architecture.png)\n\n- **db**: PostgreSQL 3.11.5\n- **nginx**: Nginx 1.23.3\n- **rabbitmq**: RabbitMQ 3.11.5\n- **worker**: Celery 5.2.2\n- **web**: Mobile Audit App (Django 3.2.16)\n\n### Docker Base images\n\nImage is based on python buster. Link to [Docker Hub image](https://hub.docker.com/repository/docker/mpast/mobile_audit)\n\n| Image |  Tags | Base |\n|--------------------|-------|--------------------- |\n| mpast/mobile_audit | 3.0.0 | python:3.9.16-buster |\n| mpast/mobile_audit | 2.2.1 | python:3.9.7-buster  |\n| mpast/mobile_audit | 1.3.8 | python:3.9.4-buster  |\n| mpast/mobile_audit | 1.0.0 | python:3.9.0-buster  |\n\n### Main features\n\n- [x] Uses Docker for easy deployment in multiplatform environment\n- [x] Extract all information of the APK\n- [x] Analyze all the source code searching for weaknesses\n- [x] All findings are categorized and follows **CWE standards**\n- [x] All findings are categorized and include **Mobile Top 10 Risk**\n- [x] Also highlight the **Best Practices in Secure Android Implementation** in the APK\n- [x] The findings can be edited and the **false positives can be triaged and deleted**\n- [x] All scan results can be **exported to PDF**\n- [x] User authentication and user management\n- [x] API v1 with Swagger and ReDoc\n- [x] TLS\n- [x] Dynamic page reload (WIP)\n- [ ] LDAP integration\n- [ ] Export to Markdown\n- [ ] Export to CSV\n\n### Patterns\n\nThe application has an engine with different rules and patterns that are used though the findings scanning phase to detect vulnerabilities and/or malicious code into the apk.\n\nThese can be activated and deactivated in `/patterns`\n\n![Patterns](app/static/patterns.png)\n\nNote: some of the hardcoded patterns are from [apkleaks](https://github.com/dwisiswant0/apkleaks)\n\n### Models\nThe application has an created models for each of the entities of the scans' information to be able to create relations an abtain the best conclusions for each of the apks.\n\n![Models](app/static/models_snippet.png)\n\nTo see the whole model schema, go to [models](app/static/models.png)\n\n### Integrations\n\n#### Virus Total (API v3)\n\nIt checks if there has been an scan of the APK and extract all its information. Also, there is the possibility of uploading the APK is selected a property in the environment (Disabled by default).\n\n#### Defect Dojo (API v2)\n\nIt is possible to upload the findings to the defect manager.\n\n#### MalwareDB \u0026 Maltrail\n\nIt checks in the database if there are URLs in the APK that are related with Malware.\n\n### Installation\n\nUsing Docker-compose:\n\nThe provided `docker-compose.yml` file allows you to run the app locally in development.\n\nTo build the local image and if there are changes to the local Application Dockerfile, you can build the image with:\n\n```sh\ndocker-compose build\n```\n\nThen, to start the container, run:\n\n```sh\ndocker-compose up\n```\n\nOptional: run in detached mode (not see the logs)\n\n```sh\ndocker-compose up -d\n```\n\nOnce the application has launched, you can test the application by navigating to: http://localhost:8888/ to access the dashboard.\n\n![Dashboard](app/static/dashboard.png)\n\nAlso, there is a TLS version using `docker-compose.prod.yaml` running in port 443\n\n\nTo use it, execute\n```sh\n  docker-compose -f docker-compose.prod.yaml up\n```\n\nThen, you can test the application by navigating to: https://localhost/ to access the dashboard.\n\nFor more information, see [TLS](#tls)\n\nTo stop and remove the containers, run\n\n```sh\ndocker-compose down\n```\n\n### API v1\n\nREST API integration with Swagger and ReDoc.\n\n#### Usage\n\n* Endpoint to authenticate and get token:\n`/api/v1/auth-token/`\n\n![Auth token](app/static/auth_token.png)\n\n* Once authenticated, use header in all requests:\n`Authorization: Token \u003cApiKey\u003e`\n\n#### Swagger\n\n![Swagger](app/static/swagger.png)\n\n\n#### ReDoc\n\n![ReDoc](app/static/redoc.png)\n\n\n#### Endpoints\n\n* A JSON view of the API specification at `/swagger.json`\n* A YAML view of the API specification at `/swagger.yaml`\n* A swagger-ui view of the API specification at `/swagger/`\n* A ReDoc view of the API specification at `/redoc/`\n\n### TLS\n\n#### Pre-requirements\n\n* Add the certificates into `nginx/ssl`\n* To generate a self-signed certificate:\n\n```sh\nopenssl req -x509 -nodes -days 1 -newkey rsa:4096 -subj \"/C=ES/ST=Madrid/L=Madrid/O=Example/OU=IT/CN=localhost\" -keyout nginx/ssl/nginx.key -out nginx/ssl/nginx.crt\n```\n\n#### Nginx configuration\n\n* TLS - port 443: `nginx/app_tls.conf`\n* Standard - port 8888: `nginx/app.conf`\n\n#### Docker configuration\n\nBy default, there is a volume in `docker-compose.yml` with the configuration with 8888 available\n\n```yml\n- ./nginx/app.conf:/etc/nginx/conf.d/app.conf\n```\n\n**In a production environment** use `docker-compose.prod.yaml` with port 443\n```yml\n- ./nginx/app_tls.conf:/etc/nginx/conf.d/app_tls.conf\n```\n\n### Environment variables\n\nAll the environment variables are in a `.env` file, there is an `.env.example` with all the variables needed. Also there are collected in `app/config/settings.py`:\n\n```python\nCWE_URL = env('CWE_URL', 'https://cwe.mitre.org/data/definitions/')\n\nMALWARE_ENABLED = env('MALWARE_ENABLED', True)\nMALWAREDB_URL = env('MALWAREDB_URL', 'https://www.malwaredomainlist.com/mdlcsv.php')\nMALTRAILDB_URL = env('MALTRAILDB_URL', 'https://raw.githubusercontent.com/stamparm/aux/master/maltrail-malware-domains.txt')\n\nVIRUSTOTAL_ENABLED = env('VIRUSTOTAL_ENABLED', False)\nVIRUSTOTAL_URL = env('VIRUSTOTAL_URL', 'https://www.virustotal.com/')\nVIRUSTOTAL_FILE_URL = env('VIRUSTOTAL_FILE_URL', 'https://www.virustotal.com/gui/file/')\nVIRUSTOTAL_API_URL_V3 = env('VIRUSTOTAL_API_URL_V3', 'https://www.virustotal.com/api/v3/')\nVIRUSTOTAL_URL_V2 = env('VIRUSTOTAL_API_URL_V2', 'https://www.virustotal.com/vtapi/v2/file/')\nVIRUSTOTAL_API_KEY = env('VIRUSTOTAL_API_KEY', '')\nVIRUSTOTAL_UPLOAD = env('VIRUSTOTAL_UPLOAD', False)\n\nDEFECTDOJO_ENABLED = env('DEFECTDOJO_ENABLED', False)\nDEFECTDOJO_URL = env('DEFECTDOJO_URL', 'http://defectdojo:8080/finding/')\nDEFECTDOJO_API_URL = env('DEFECTDOJO_API_URL', 'http://defectdojo:8080/api/v2/')\nDEFECTDOJO_API_KEY = env('DEFECTDOJO_API_KEY', '')\n```\n\nIf you like to contribute, see [Contributing](CONTRIBUTING.md)\n\n---","funding_links":[],"categories":["Tools","HTML"],"sub_categories":["Static Analysis Tools"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmpast%2FmobileAudit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmpast%2FmobileAudit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmpast%2FmobileAudit/lists"}