Scrounger:一款功能强大的移动端应用程序安全测试套件
作者:CQITer小编 时间:2018-10-23 16:28
今天给大家介绍的是一款名叫Scrounger 的工具,广大研究人员可以使用这款工具来对移动端应用程序的安全性进行测试。首先,这款工具参考和借鉴了很多目前安全社区里优秀的测试工具,其次就是它能够有效地找出移动端应用程序中存在的安全漏洞。
虽然现在社区里有很多其他的移动端应用程序分析工具,但是没有一款是能够同时适用于Android和iOS端的。Scrounger这款类似于Metasploit的工具虽然不能完全自动化地对目标进行渗透测试,但是它可以帮助渗透测试人员完成各种安全评估工作。
区别Scrounger跟其他工具的区别主要在于:
1. 适用于Android和iOS;
2. 提供了类似Metasploit的命令控制台和模块;
3. 提供了多种功能模块;
4. 可轻松扩展其他功能;
技术细节首先提醒大家,所有由Scrounger发现并识别的内容大家都需要进行人工二次确认。
在使用功能模块时,需要用到Android或iOS设备,Scrounger要求目标设备已root或已越狱。
Scrounger已在iOS 11和Android 8.1上进行过测试,并且只支持Python 2.7。
工具安装git clone https://github.com/nettitude/scrounger.git
cd scrounger
bash setup.sh
pip install -r requirements.txt
python setup.py install
开发环境git pull https://github.com/nettitude/scrounger.git
cd scrounger
bash setup.sh
pip install -r requirements.txt
python setup.py develop
工具更新cd scrounger
git pull
python setup.py install –upgrade
依赖库 Android模块1. java()
2. jd-cli(https://github.com/kwart/jd-cmd)
3. apktool(https://ibotpeaches.github.io/Apktool/)
4. d2j-dex2jar(https://github.com/pxb1988/dex2jar)
5. adb(https://developer.android.com/studio/releases/platform-tools)
6. avdmanager(可选): ()
iOS模块1. jtool(Linux) ()
2. otool(MacOS) (https://developer.apple.com/xcode/)
3. ldid(https://github.com/daeken/ldid.git)
4. iproxy(Package: libimobiledevice)
5. lsusb(Package: usbutils)
6. unzip
iOS库dump_backup_flag
dump_file_protection
dump_keychain
dump_log
listapps
安装脚本 Linux#install iproxy lsusb
sudoapt-get install libimobiledevice usbutils
#install jd-cli
if [! -x "$(which jd-cli)" ]; then
curl -L -o /tmp/jdcli.ziphttps://github.com/kwart/jd-cmd/releases/download/jd-cmd-0.9.2.Final/jd-cli-0.9.2-dist.zip
unzip /tmp/jdcli.zip/usr/local/share/jd-cli
ln -s /usr/local/share/jd-cli/jd-cli/usr/local/bin/jd-cli
ln -s /usr/local/share/jd-cli/jd-cli.jar/usr/local/bin/jd-cli.jar
rm -rf /tmp/jdcli.zip
fi
#install apktool
if [! -x "$(which apktool)" ]; then
mkdir /usr/local/share/apktool
curl -L -o /usr/local/share/apktool/apktoolhttps://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/osx/apktool
curl -L -o/usr/local/share/apktool/apktool.jar https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.3.3.jar
chmod +x /usr/local/share/apktool/usr/local/share/apktool/apktool.jar
ln -s /usr/local/share/apktool/usr/local/bin/apktool
ln -s /usr/local/share/apktool.jar/usr/local/bin/apktool.jar
fi
#install dex2jar
if [! -x "$(which d2j-dex2jar)" ]; then
curl -L -o /tmp/d2j.ziphttps://github.com/pxb1988/dex2jar/files/1867564/dex-tools-2.1-SNAPSHOT.zip
unzip /tmp/d2j.zip -d /tmp/d2j
dirname=$(ls --color=none /tmp/d2j)
mv /tmp/d2j/$dirname/usr/local/share/d2j-dex2jar
ln -s/usr/local/share/d2j-dex2jar/d2j-dex2jar.sh /usr/local/bin/d2j-dex2jar.sh
ln -s/usr/local/share/d2j-dex2jar/d2j-apk-sign.sh /usr/local/bin/d2j-apk-sign.sh
rm -rf /tmp/d2j.zip
fi
if [! -x "$(which d2j-dex2jar)" ]; then
ln -s /usr/local/bin/d2j-dex2jar.sh/usr/local/bin/d2j-dex2jar
fi
#install adb
if [! -x "$(which adb)" ]; then
curl -L -o /tmp/platform-tools.ziphttps://dl.google.com/android/repository/platform-tools-latest-linux.zip
unzip /tmp/platform-tools.zip -d /tmp/pt
mv /tmp/pt/platform-tools /usr/local/share/
ln -s /usr/local/share/platform-tools/adb/usr/local/bin/adb
ln -s/usr/local/share/platform-tools/fastboot /usr/local/bin/fastboot
fi
#install ldid
if [! -x "$(which ldid)" ]; then
git clonehttps://github.com/daeken/ldid.git /tmp/ldid
cd /tmp/ldid
./make.sh
mv ldid /usr/local/bin/
cd /tmp
rm -rf /tmp/ldid
fi
#install jtool
if [! -x "$(which jtool)" ]; then
curl-L -o /tmp/jtool.tar
mkdir /tmp/jtool
tar xvf /tmp/jtool.tar -C /tmp/jtool
mv /tmp/jtool/jtool.ELF64/usr/local/bin/jtool
rm -rf /tmp/jtool.tar /tmp/jtool
fi
#install scrounger
gitclone git@github.com:nettitude/scrounger.git
cdscrounger
pipinstall -r requirements.txt
pythonsetup.py install
MacOS
#install iproxy ldid lsusb
brewtap jlhonora/lsusb && brew install lsusb libimobiledevice ldid
#install jd-cli
if [! -x "$(which jd-cli)" ]; then
curl -L -o /tmp/jdcli.ziphttps://github.com/kwart/jd-cmd/releases/download/jd-cmd-0.9.2.Final/jd-cli-0.9.2-dist.zip
unzip /tmp/jdcli.zip/usr/local/share/jd-cli
ln -s /usr/local/share/jd-cli/jd-cli/usr/local/bin/jd-cli
ln -s /usr/local/share/jd-cli/jd-cli.jar/usr/local/bin/jd-cli.jar
rm -rf /tmp/jdcli.zip
fi
#install apktool
if [! -x "$(which apktool)" ]; then
mkdir /usr/local/share/apktool
curl -L -o /usr/local/share/apktool/apktoolhttps://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/osx/apktool
curl -L -o/usr/local/share/apktool/apktool.jarhttps://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.3.3.jar
chmod +x /usr/local/share/apktool/usr/local/share/apktool/apktool.jar
ln -s /usr/local/share/apktool/usr/local/bin/apktool
ln -s /usr/local/share/apktool.jar/usr/local/bin/apktool.jar
fi
#install dex2jar
if [! -x "$(which d2j-dex2jar)" ]; then
curl -L -o /tmp/d2j.ziphttps://github.com/pxb1988/dex2jar/files/1867564/dex-tools-2.1-SNAPSHOT.zip
unzip /tmp/d2j.zip -d /tmp/d2j
dirname=$(ls --color=none /tmp/d2j)
mv /tmp/d2j/$dirname/usr/local/share/d2j-dex2jar
ln -s/usr/local/share/d2j-dex2jar/d2j-dex2jar.sh /usr/local/bin/d2j-dex2jar.sh
ln -s /usr/local/share/d2j-dex2jar/d2j-apk-sign.sh/usr/local/bin/d2j-apk-sign.sh
rm -rf /tmp/d2j.zip
fi
if [! -x "$(which d2j-dex2jar)" ]; then
ln -s /usr/local/bin/d2j-dex2jar.sh/usr/local/bin/d2j-dex2jar
fi
#install adb
if [! -x "$(which adb)" ]; then
curl -L -o /tmp/platform-tools.ziphttps://dl.google.com/android/repository/platform-tools-latest-darwin.zip
unzip /tmp/platform-tools.zip -d /tmp/pt
mv /tmp/pt/platform-tools /usr/local/share/
ln -s /usr/local/share/platform-tools/adb/usr/local/bin/adb
ln -s/usr/local/share/platform-tools/fastboot /usr/local/bin/fastboot
fi
#install Xcode / command line tools
xcode-select--install
#install scrounger
gitclone git@github.com:nettitude/scrounger.git
cdscrounger
pipinstall -r requirements.txt
pythonsetup.py install
添加自定义模块
;){kind=link}
;){kind=link}
;){kind=link}
;){kind=link}