Merge 3.7.6 (#177)

* HOTFIX: EFR01 Enterprise feature request (MobSF#1908)

* Replace Warning with Medium and added Hotspot
* Add file analysis to hotspot
* Enterprise Feature Request Flag
* EFR01 changes
* version bump

* update quark & frida (MobSF#1903)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Update tldextract from 3.1.2 to 3.2.0 (MobSF#1910)

* upgrade apktool to 2.6.1 (MobSF#1915)

* Hotfix: Update slack link

* Hotfix: update slack link

* Hotfix: Slack link

* Hotfix:Slack link

* Hotfix:Slack link

* Introduce jadx decompilation timeout with env var (MobSF#1916)

* Introduce jadx decompilation timeout with env var
- exception for timeout
- replace subprocess.call for run


Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Update ip2location from 8.6.4 to 8.7.2 (MobSF#1926)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Scheduled weekly dependency update for week 13 (MobSF#1931)

* Update quark-engine from 22.2.1 to 22.3.1

* update lief

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* update apkid (MobSF#1939)

* Fix dynamic report_json api bug (MobSF#1934)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Hotfix: LIEF

* Update README.md (MobSF#1951)

* update jadx to 1.3.4 (MobSF#1941)

* update jadx to 1.3.4
* update lief
* update jadx and requirements

* Scheduled weekly dependency update for week 22 (MobSF#1972)

* Update ip2location from 8.7.3 to 8.7.4

* Update quark-engine from 22.4.1 to 22.5.1

* Update frida from 15.1.17 to 15.1.23

* Update tldextract from 3.2.1 to 3.3.0

* Check for updates via GitHub releases (MobSF#1957)

* Check the GitHub releases page for latest version number

* Update utils.py

Only log distro if not empty (or spaces)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Update cert_analysis.py (MobSF#1948)

* Update cert_analysis.py

Flag on MD5 hash algorithm in signer certificate

* Update cert_analysis.py

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* HOTFIX: Update Readme with Rewards Banner

* Update frida from 15.1.23 to 15.1.24 (MobSF#1975)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* HOTFIX: openSSL link and readme update

* Hotfix: Broken slack channel link fix

* Hotfix: Windows setup script

* Feature Parity Allow iOS IPA download (MobSF#1977)

* Allow iOS IPA download

* Code QA

* Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905)

* Add the checking of the parent element of the permission-related elements to manifest analysis

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Remove RELRO (MobSF#1978)

* Revert "Add the checking of the parent element of the permission-related elements to manifest analysis (MobSF#1905)" (MobSF#1984)

HOTFIX: Revert MobSF#1905

* Scheduled weekly dependency update for week 26 (MobSF#1986)

* Update ip2location from 8.7.4 to 8.8.0

* Update frida from 15.1.24 to 15.1.27

* Update quark-engine from 22.5.1 to 22.6.1 (MobSF#1989)

* Scheduled weekly dependency update for week 28 (MobSF#1993)

* Update frida from 15.1.27 to 15.1.28

* Update tldextract from 3.3.0 to 3.3.1

* HOTFIX: libsast, iOS Rule, M1 Mac support

* Hotfix MobSF#1999

* Update frida from 15.1.28 to 15.2.2 (MobSF#2002)

* Update README.md (MobSF#2020)

add Badge App

* Fix bug MobSF#1917 where checking for stripped debugging symbols produces false positives in iOS. (MobSF#2023)

Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Update ip2location from 8.8.0 to 8.8.1 (MobSF#2035)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* update apkid to 2.1.4 (MobSF#2037)

* Adding tarfile member sanitization to extractall() (MobSF#2039)

Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* fix res directory not exist (MobSF#2042)

Fix the problem that the res resource folder does not exist, the solution is to copy from the apktool_out directory

* [EFR-02]Enterprise Feature Request - False Positive Triaging (MobSF#2000)

* Suppression logic

* Android code analysis suppression

* Fixes MobSF#1981

* iOS source support bundle id extraction

* iOS Source Code - Suppression support

* Remove check in CFBundleURLName

* iOS Binary code analysis suppression support

* Add Code QL

* Suppression support for Manifest analysis

* Fixes MobSF#2014

* REST API + Docs

* Address review comments

* update suppression wordings

* Fixes MobSF#2043

* Icon analysis code QA

* Unit Test for False Positive Triaging

* Adding numeric_owner as a keyword argument (MobSF#2050)

numeric_owner needs to be a keyword argument.

* Scheduled weekly dependency update for week 41 (MobSF#2046)

* Update quark-engine from 22.6.1 to 22.9.1

* Update frida from 15.2.2 to 16.0.1

* Update tldextract from 3.3.1 to 3.4.0

* Update openstep-parser from 1.5.3 to 1.5.4

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* HOTFIX: revert frida to 15.X

* HOTFIX: UI changes and warning on mobsf.live (MobSF#2051)

* UI changes and warning on mobsf.live

* Update home.html

* HOTFIX: Split certificate analysis out, suppression list fixes (MobSF#2052)

* Hotfix: ui on donate page

* Hotfix: Homescreen Navbar

* Hotfix: UI icon

* hotfix for quyark rules location (MobSF#2053)

* HOTFIX: jadx update to 1.4.5  (MobSF#2064)

* jadx update to 1.4.5
* MobSF version bump
* Fixes CVE-2022-42889 in third party dependency

* Installation script error: Solving spelling error (MobSF#2067)

changed "installtion" to "installation"

* Android APK support extracting icon SVG from XML (MobSF#2060)

* Added support for SVG icon extraction
* Add jar binaries
* code refactoring
* Update settings.py

* HOTFIX: Setup improvement (MobSF#2078)

* Improve setup scripts.
* Python support to 3.8 - 3.10
* Delete MobSF data directory on running setup.
* Bump applicable dependencies.

* Apktool 2.7.0 update (MobSF#2082)

* Update apktool to version 2.7.0

* HOTFIX: Icon should be a file

* version bump

* New Android Manifest Rule: App support vulnerable android versions (MobSF#2114)

* add a new rule: dangerous os version

* qa

* lint checks

* run lint test on one os

* Support for filenames containing & (MobSF#2129)

Co-authored-by: none <none@none.com>

* HOTFIX: Fix docker build (MobSF#2135)

* Fix Scorecard Severity Distribution chart data (MobSF#2140)

* HOTIX: Update Dockerfile to install jq (MobSF#2149)

* Update Dockerfile

* Update tox.ini

* [HOTFIX] Add support for environment variable for MobSF config (MobSF#2150)

* add support for environment variable config
* Fixes MobSF#2109
* update lief

* HOTFIX: Fixes MobSF#2144

* HOTFIX: Android min SDK check on janus vulnerability detection (MobSF#2159)

* Android min SDK  check on janus check

* Update README.md

* [Enterprise Feature Request EFR02] Support summary of severity in each section. (MobSF#2160)

* Summary for Android and iOS SCA

* [EFR05] Enterprise Feature Request: AAR and JAR support (MobSF#2163)

* AAR and JAR support

* Enable binary analysis for aar/jar

* Scheduled weekly dependency update for week 24 (MobSF#2187)

* Update ip2location from 8.9.0 to 8.10.0

* Update quark-engine from 22.10.1 to 23.5.1

* Update LIEF from to 0.13.1

* Update tldextract from 3.4.0 to 3.4.4

* Update requirements.txt

---------

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* Update requirements.txt

0.13.1 not available.

* HOTFIX: update lief

* Revert Hotfix

* HOTFIX: Feature updates and Bug Fixes (MobSF#2197)

* OFAC, jquery bump, tox fix
* AAR handle multiple application tags

* HOTFIX: MobSF Android Dynamic Analysis Docker Support (MobSF#2214)

* MobSF Android Docker Support

* Pin pip version

* Update mobsf-test.yml

* Update setup.py

* Hotfix: Docker error fixes

* Hotfix: Add Corellium support message

* Hotfix: Broken donate link fix

* Update dynamic_analysis.html (MobSF#2218)

* Hotfix: Handle Docker <-> ADB connectivity internally (MobSF#2219)

* host.docker.internal transilation for localhost

* Replace urlparse with re

* version bump

* update ascii art

* update apktool to 2.8.1 (MobSF#2220)

* update apktool (MobSF#2225)

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* HOTFIX: translate upstream proxy ip for docker

* Dynamic Analysis support alert (MobSF#2227)

* [HOTFIX] Regex + Rule Update (MobSF#2232)

* IOS Swift Rules updates
  *  Updated or added rules `ios_biometric_bool`, `ios_biometric_acl`, `ios_keychain_weak_acl_device_passcode`, `ios_keychain_weak_accessibility_value`, `ios_insecure_random_no_generator`, `ios_biometry_hardened`
 * Regex Hardening: Fixes possible Regex DoS in rules and MobSF code base

* [HOTFIX][EFR06] Independent Shared Object (.so) Scan and Improved String search (MobSF#2228)

* String extraction from APK, Source, AAR, JAR, SO
* Strings sections to show source of strings extracted
* Strings Refactor
* Support for independent .SO scan
* Android SCA rules update
* Entropies scan support for strings
* URLs/Email extraction refactor
* Bug Fixes
  * iOS Source Report Fix
  * Frida APK Patcher (WIP)
  * Dynamic Analyzer identifier not available
  * Settings env var not working fix for enabled by default features
  * AppSec Score fix
  * Recent `scan not completed` fix for iOS zip

* HOTFIX: Improve code string extraction

* Update macho_analysis.py - SYMBOLS STRIPPED False Negative (MobSF#2234)

* Update macho_analysis.py

PR for this issue: 
MobSF#2233

* Update macho_analysis.py


Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* HOTFIX: fix IPA download support

* [HOTFIX][EFR-08] Dylib + Symbols + Other Features (MobSF#2239)

* Dylib analysis support + PDF for iOS Binary
* Dylib string extraction
* Improved iOS Plist secret extraction
* iOS/Android Form Validation QA
* Independent Dylib scan
* Symbols view for dylib and so
* Trackers support for so

* Fix missing exported components (MobSF#2176)

Components which are exported and have no permission were not listed in the results because of a wrong template description key.
Also added a warning if this happens again.

Co-authored-by: Ajin Abraham <ajin25@gmail.com>

* [HOTFIX][EFR09] AAR/JAR obfuscation and debug check + Exception Handed strings and symbols extraction (MobSF#2240)

* AAR/JAR obfuscation and debug check
* Exception handling symbols and strings from so/dylib

* [HOTFIX][EFR10] Independent Static Library(.a) ELF/MachO Analysis + Graceful Analysis (MobSF#2242)

* Independent Static Library(.a) ELF/MachO Analysis
   * Mac FAT binary only supported on Mac
* Static and Dynamic Binary Analysis QA
* Refactor Dex permissions
* Fallback certificate analysis using apksigtool
* Refactor Androguard `apk.APK()` usage

* Pip to Poetry,  Ubuntu Base image Bump, Dockerfile QA, Python 3.11 support (MobSF#2244)

* Docker base image update
* Docker file QA
* Github Actions version update
* Removed unwanted pinned repository
* Pip to Poetry migration
* Bump httptools
* Jump yara-python-dex
* Python 3.11 support

* [HOTFIX] Docker Buildx test (MobSF#2247)

* Docker image build test for PRs

* [HOTFIX] bs4 malformed xml parsing + xml namespace detection (MobSF#2248)

* Use BeautifulSoup4 to prettify malformed XML
* Detect non standard XML namespace in AndroidManifest.xml (Fixes : MobSF#2198) 
* Updated android permissions list
* Updated android permission update check script

* [HOTFIX] Migrate from setup.py to poetry, tox QA (MobSF#2249)

* Migrate from setup.py to use poetry build and publish
* Tox QA
* Version is now configured only at pyproject.toml
* Added poetry build test
* Updated mobsf PyPI publishing workflow 
* Update local DBs

* Updates for 3.7.6

* Lint fixes

* More lint fixes

* self.data to data fix

* Template context fixes

* Lint fixes

* Lint fix

* context['template'] fix

* Lint fix

* Fixed bug in Compare UI

* Unit text fix

---------

Co-authored-by: Ajin Abraham <ajin25@gmail.com>
Co-authored-by: superpoussin22 <vincent.nadal@orange.fr>
Co-authored-by: pyup.io bot <github-bot@pyup.io>
Co-authored-by: Matej Soroka <hi@matejsoroka.com>
Co-authored-by: N1neSun <917549681@qq.com>
Co-authored-by: Ajin.Abraham <ajin.abraham@chime.com>
Co-authored-by: Dapo Adedire <adedireadedapo19@gmail.com>
Co-authored-by: Atarii <atarii@users.noreply.github.com>
Co-authored-by: Han0nly <byxiaohanzhang@foxmail.com>
Co-authored-by: rustaska <11994805+rustaska@users.noreply.github.com>
Co-authored-by: Toor <toor@DES-macOS-pentest.local>
Co-authored-by: TrellixVulnTeam <112716341+TrellixVulnTeam@users.noreply.github.com>
Co-authored-by: TrellixVulnTeam <kasimir.schulz@trellix.com>
Co-authored-by: ohyeah521 <ohyeah521@gmail.com>
Co-authored-by: th3-d4v1d-c0de <116191845+th3-d4v1d-c0de@users.noreply.github.com>
Co-authored-by: evmxattr <evmxattr@users.noreply.github.com>
Co-authored-by: none <none@none.com>
Co-authored-by: antoinbo <87284775+antoinbo@users.noreply.github.com>
Co-authored-by: Karmaz <51202595+Karmaz95@users.noreply.github.com>
Co-authored-by: Abb4d0n <Abb4d0n@users.noreply.github.com>

.dockerignore

@@ -5,16 +5,17 @@
 .dockerignore
 .sonarcloud.properties
 .pyup.yml
+.python-version
 tox.ini
 mobsf/db.sqlite3
 Dockerfile
 dist
+build
+.DS_Store
 *.egg-info
 docker-compose.yml
 *.md
 venv
-setup.py
-MANIFEST.in
 setup.bat
 run.bat
 setup.sh

.github/workflows/docker-test.yml

@@ -0,0 +1,28 @@
+name: 'Docker Images (amd64/arm64) test'
+
+on:
+  pull_request:
+    branches: [ master ]
+
+jobs:
+    buildx:
+        runs-on: ubuntu-latest
+        steps:
+        -
+            name: Checkout
+            uses: actions/checkout@v3
+        - 
+            name: Set up QEMU
+            uses: docker/setup-qemu-action@v2
+        -   
+            name: Set up Docker Buildx
+            uses: docker/setup-buildx-action@v2
+        -
+            name: Build and push
+            id: docker_build
+            uses: docker/build-push-action@v4
+            with:
+                push: false
+                context: .
+                platforms: linux/amd64,linux/arm64
+                tags: opensecurity/mobile-security-framework-mobsf:latest

.github/workflows/mobsf-test.yml

@@ -9,52 +9,67 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-20.04]
-        python-version: ['3.10']
+        os: [ubuntu-22.04]
+        python-version: ['3.11']
         # exclude:
           # excludes py38, py39 on Windows
           # - os: windows-latest
           #   python-version: 3.8
 
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Set up Python ${{ matrix.python-version }}
-      uses: actions/setup-python@v1
+      uses: actions/setup-python@v3
       with:
         python-version: ${{ matrix.python-version }}
-    - name: Setup Pip
+
+    - name: Setup Pip and Poetry
       run: |
-        python -m pip install pip==22.3.1
-    - name: Lint
+        python -m pip install pip==22.3.1 poetry==1.6.1
+
+    - name: Lint on Ubuntu
       if: startsWith(matrix.os, 'ubuntu')
       run: |
         python -m pip install --upgrade tox
         tox -e lint
+
     - name: Install Ubuntu Dependencies
       if: startsWith(matrix.os, 'ubuntu')
       run: |
-        sudo apt update && sudo apt install -y xfonts-75dpi xfonts-base
-        export WKHTML_URL=https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/
-        export WKHTML_DEB=wkhtmltox_0.12.6-1.focal_amd64.deb
+        sudo apt update && sudo apt install -y xfonts-75dpi xfonts-base libssl3
+        export WKHTML_URL=https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-2/
+        export WKHTML_DEB=wkhtmltox_0.12.6.1-2.jammy_amd64.deb
         wget ${WKHTML_URL}${WKHTML_DEB} && sudo dpkg -i ${WKHTML_DEB} && rm -rf ${WKHTML_DEB}
+
     - name: Install macOS Dependencies
       if: startsWith(matrix.os, 'macOS')
       run: |
         brew install --cask wkhtmltopdf
+
     - name: Install Windows Dependencies
       if: startsWith(matrix.os, 'windows')
       run: |
         choco install wkhtmltopdf
+
     - name: Install Python dependencies
       run: |
-        pip install --use-deprecated=legacy-resolver -r requirements.txt
+        poetry install --only main --no-root --no-interaction --no-ansi || poetry install --only main --no-root --no-interaction --no-ansi || poetry install --only main --no-root --no-interaction --no-ansi
+
     - name: Migrate Database
       run: |
-        python manage.py makemigrations
-        python manage.py makemigrations StaticAnalyzer
-        python manage.py migrate
-    - name: Unit Tests
+        poetry run python manage.py makemigrations
+        poetry run python manage.py makemigrations StaticAnalyzer
+        poetry run python manage.py migrate
+
+    - name: Unit Tests on Ubuntu, macOS and Windows
       run: |
         git submodule update --init --recursive
-        python manage.py test mobsf
+        poetry run python manage.py test mobsf
+
+    - name: Python Package Test in Ubuntu and macOS
+      if: startsWith(matrix.os, 'ubuntu') || startsWith(matrix.os, 'macOS')
+      run: |
+        poetry build
+        python -m pip install dist/*.whl
+        mobsf db

.gitignore

@@ -69,6 +69,7 @@ classes-error.zip
 */migrations/*
 .fuse_hidden*
 .tox
+.python-version
 
 #MobSF Files
 mobsf/debug.log

.sonarcloud.properties

@@ -1,3 +1,4 @@
 sonar.sources=.
 sonar.exclusions=mobsf/static/**/*,mobsf/templates/**/*
 sonar.sourceEncoding=UTF-8
+sonar.python.version=3.7, 3.8, 3.9, 3.10, 3.11

Dockerfile

@@ -1,5 +1,5 @@
 # Base image
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 # Labels and Credits
 LABEL \
@@ -10,16 +10,7 @@ LABEL \
     contributor_2="Vincent Nadal <vincent.nadal@orange.fr>" \
     description="Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis."
 
-# Environment vars
-ENV DEBIAN_FRONTEND="noninteractive" \
-    ANALYZER_IDENTIFIER="" \
-    JDK_FILE="openjdk-16.0.1_linux-x64_bin.tar.gz" \
-    JDK_FILE_ARM="openjdk-16.0.1_linux-aarch64_bin.tar.gz" \
-    WKH_FILE="wkhtmltox_0.12.6-1.focal_amd64.deb" \
-    WKH_FILE_ARM="wkhtmltox_0.12.6-1.focal_arm64.deb" \
-    JAVA_HOME="/jdk-16.0.1"
-
-ENV PATH="$JAVA_HOME/bin:$PATH"
+ENV DEBIAN_FRONTEND=noninteractive
 
 # See https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#run
 RUN apt update -y && apt install -y  --no-install-recommends \
@@ -34,33 +25,46 @@ RUN apt update -y && apt install -y  --no-install-recommends \
     fontconfig \
     xfonts-75dpi \
     xfonts-base \
-    python3.9 \
+    python3 \
     python3-dev \
     python3-pip \
     wget \
     curl \
     git \
     jq \
-    android-tools-adb
-
-# Set locales
-RUN locale-gen en_US.UTF-8
-ENV LANG='en_US.UTF-8' LANGUAGE='en_US:en' LC_ALL='en_US.UTF-8'
+    android-tools-adb && \
+    locale-gen en_US.UTF-8 
+
+ENV MOBSF_USER=mobsf \
+    MOBSF_PLATFORM=docker \
+    MOBSF_ADB_BINARY=/usr/bin/adb \
+    JDK_FILE=openjdk-20.0.2_linux-x64_bin.tar.gz \
+    JDK_FILE_ARM=openjdk-20.0.2_linux-aarch64_bin.tar.gz \
+    WKH_FILE=wkhtmltox_0.12.6.1-2.jammy_amd64.deb \
+    WKH_FILE_ARM=wkhtmltox_0.12.6.1-2.jammy_arm64.deb \
+    JAVA_HOME=/jdk-20.0.2 \
+    PATH=$JAVA_HOME/bin:$PATH \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US:en \
+    LC_ALL=en_US.UTF-8 \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PYTHONFAULTHANDLER=1 \
+    POETRY_VERSION=1.6.1
 
 # Install wkhtmltopdf & OpenJDK
 ARG TARGETPLATFORM
 
 COPY scripts/install_java_wkhtmltopdf.sh .
 RUN ./install_java_wkhtmltopdf.sh
 
-RUN groupadd -g 9901 mobsf
-RUN adduser mobsf --shell /bin/false -u 9901 --ingroup mobsf --gecos "" --disabled-password
-
+RUN groupadd -g 9901 $MOBSF_USER
+RUN adduser $MOBSF_USER --shell /bin/false -u 9901 --ingroup $MOBSF_USER --gecos "" --disabled-password
 
-# Install Requirements
-COPY requirements.txt .
-RUN pip3 install --upgrade --no-cache-dir pip && \
-    pip3 install --quiet --no-cache-dir -r requirements.txt
+COPY poetry.lock pyproject.toml ./
+RUN python3 -m pip install --upgrade --no-cache-dir pip poetry==${POETRY_VERSION} && \
+    poetry config virtualenvs.create false && \
+    poetry install --only main --no-root --no-interaction --no-ansi
 
 # Cleanup
 RUN \
@@ -80,27 +84,23 @@ WORKDIR /home/mobsf/Mobile-Security-Framework-MobSF
 # Copy source code
 COPY . .
 
-# Set adb binary path and create apktool framework directory
-ENV MOBSF_ADB_BINARY=/usr/bin/adb
-RUN mkdir -p /home/mobsf/.local/share/apktool/framework
-
 # Enable Postgres support by default
 ARG POSTGRES=True
 
-ENV POSTGRES_USER=postgres
-ENV POSTGRES_PASSWORD=password
-ENV POSTGRES_DB=mobsf
-ENV POSTGRES_HOST=postgres
+ENV POSTGRES_USER=postgres \
+    POSTGRES_PASSWORD=password \
+    POSTGRES_DB=mobsf \
+    POSTGRES_HOST=postgres
 
-# Check if Postgres support needs to be enabled
 RUN ./scripts/postgres_support.sh $POSTGRES
 
 HEALTHCHECK CMD curl --fail http://host.docker.internal:8000/ || exit 1
 
 # Expose MobSF Port and Proxy Port
 EXPOSE 8000 8000 1337 1337
 
-RUN chown -R mobsf:mobsf /home/mobsf/Mobile-Security-Framework-MobSF
+RUN chown -R $MOBSF_USER:$MOBSF_USER /home/mobsf
 USER mobsf
+
 # Run MobSF
 CMD ["/home/mobsf/Mobile-Security-Framework-MobSF/scripts/entrypoint.sh"]

README.md

@@ -1,13 +1,13 @@
 # Mobile Security Framework (MobSF)
-Version: v3.6 beta
+Version: v3.7 beta
 
 ![](https://cloud.githubusercontent.com/assets/4301109/20019521/cc61f7fc-a2f2-11e6-95f3-407030d9fdde.png)
 
 Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF supports mobile app binaries (APK, XAPK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.
 
 Made with ![Love](https://cloud.githubusercontent.com/assets/4301109/16754758/82e3a63c-4813-11e6-9430-6015d98aeaab.png) in India
 
-[![python](https://img.shields.io/badge/python-3.8+-blue.svg?logo=python&labelColor=yellow)](https://www.python.org/downloads/)
+[![python](https://img.shields.io/badge/python-3.9+-blue.svg?logo=python&labelColor=yellow)](https://www.python.org/downloads/)
 [![PyPI version](https://badge.fury.io/py/mobsf.svg)](https://badge.fury.io/py/mobsf)
 [![platform](https://img.shields.io/badge/platform-osx%2Flinux%2Fwindows-green.svg)](https://github.com/MobSF/Mobile-Security-Framework-MobSF/)
 [![License](https://img.shields.io/:license-GPL--3.0--only-blue.svg)](https://www.gnu.org/licenses/gpl-3.0.html)
@@ -25,7 +25,7 @@ Made with ![Love](https://cloud.githubusercontent.com/assets/4301109/16754758/82
 [![Blackhat Arsenal Asia 2015](https://img.shields.io/badge/Black%20Hat%20Arsenal-Asia%202015-blue.svg)](https://www.blackhat.com/asia-15/arsenal.html#yso-mobile-security-framework)
 [![Blackhat Arsenal Asia 2018](https://img.shields.io/badge/Black%20Hat%20Arsenal-Asia%202018-blue.svg)](https://www.blackhat.com/asia-18/arsenal.html#mobile-security-framework-mobsf)
 
-MobSF is also bundled with [Android Tamer](https://androidtamer.com/tamer4-release), [BlackArch](https://blackarch.org/mobile.html) and [Pentoo](https://www.pentoo.ch/).
+MobSF is also bundled with [Android Tamer](https://tamerplatform.com), [BlackArch](https://blackarch.org/mobile.html) and [Pentoo](https://www.pentoo.ch/).
 
 ## Support MobSF
 

background_tasks.bat

@@ -1,4 +1,4 @@
 @echo off
 
-.\venv\Scripts\python manage.py process_tasks
+poetry run python manage.py process_tasks
 exit /b