Skip to content

vagrant mobsf (fixes #1519) #1593

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

vagrant mobsf (fixes #1519) #1593

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
6c52da1
first full attempt
Sep 12, 2020
2b4899e
clarification of dir location
Sep 12, 2020
eeee10f
back at it again :)
Sep 18, 2020
d8d1ee6
updated docs
Sep 18, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions Vagrantfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,17 +38,41 @@ Vagrant.configure("2") do |config|
docker pull codeclimate/codeclimate
wget https://raw.githubusercontent.com/codeclimate/codeclimate/master/codeclimate-wrapper -O /usr/local/bin/codeclimate
chmod +x /usr/local/bin/codeclimate
#mobsf documentation
echo 'MobSF USAGE\n-----------' >> mobsf-README
echo 'During Vagrant setup, a MobSF server was initiated with the command: docker run -itd -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest\n' >> mobsf-README
echo 'With MobSF, you are able to run a static analysis on the remote source code with the following steps\n\n' >> mobsf-README
echo '0. Retrieve and store your API key by running: wget http://localhost:8000/api_docs; MOBSF_API_KEY=$\(grep "REST API Key" api_docs\); MOBSF_API_KEY=$\{MOBSF_API_KEY:42:64\}; rm api_docs\n' >> mobsf-README
echo '1. Zip the source code for app/ directory inside remote/ and compute the hash: zip -d source_code app/; HASH=$\(md5sum source_code.zip\); HASH=\$\{HASH:0:32\}\n' >> mobsf-README
echo '2. Upload the file to MobSF: curl -F \"file=\@source_code.zip\" http://localhost:8000/api/v1/upload -H \"Authorization:$MOBSF_API_KEY\"\n' >> mobsf-README
echo '3. Perform the security scan: curl -X POST --url http://localhost:8000/api/v1/scan --data \"scan_type=zip\&file_name=source_code.zip\&hash=$HASH\" -H \"Authorization:\$MOBSF_API_KEY\"\n' >> mobsf-README
echo '4. Download the results as PDF: curl -X POST --url http://localhost:8000/api/v1/download_pdf --data \"hash=$HASH\" -H \"Authorization:$MOBSF_API_KEY\" --output mobsf-security-scan.pdf' >> mobsf-README
echo '\nEnjoy! :)' >> mobsf-README
SHELL

# Run binding on each startup make sure the mount is available on VM restart
remote.vm.provision "shell", run: "always", inline: <<-SHELL
docker pull codeclimate/codeclimate
echo
echo
docker pull opensecurity/mobile-security-framework-mobsf
docker run -itd -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
echo
echo
echo
echo "CODECLIMATE USAGE"
echo "vagrant ssh"
echo "cd remote"
echo "git checkout <branch>"
echo "codeclimate help"
echo
echo
echo "MOBSF USAGE"
echo "vagrant ssh"
echo "cat mobsf-README"
echo
echo
echo
SHELL
end
end