mirrors/fdroidserver
1
0
Fork 0
mirror of https://github.com/f-droid/fdroidserver.git synced 2025-11-04 06:30:27 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

dscanner - Drozer based post-build dynamic vulnerability scanner command

Browse source 
* New command `dscanner`, enables one to scan signed APKs with Drozer
 * Drozer is a dynamic vulnerability scanner for Android
 * Drozer runs in a emulator or on-device, this new `dscanner` command...
  * starts a docker image with Drozer and the Android Emulator pre-installed,
  * loads the signed APK into the emulator
  * activates Drozer automated tests for the APK
  * gathers the report output and places it next to the original APK
 * The Drozer docker image can be:
  * cached locally for re-use (just don't run --clean*)
  * retrieved from dockerhub.com for more efficient runtime
  * or be built from scratch (in the new "./docker" directory)
 * New "Vulnerability Scanning" documentation section (run gendocs.sh)
This commit is contained in:
Kevin C. Krinke 2016-12-06 13:57:04 +01:00 committed by Hans-Christoph Steiner
parent f439266303
commit df27bae6a0
13 changed files with 1063 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -76,3 +76,19 @@ Then here's how to install:
source env/bin/activate
pip3 install -e .
python3 setup.py install
### Drozer Scanner
There is a new feature under development that can scan any APK in a
repo, or any build, using Drozer. Drozer is a dynamic exploit
scanner, it runs an app in the emulator and runs known exploits on it.
This setup requires specific versions of two Python modules:
_docker-py_ 1.9.0 and _requests_ older than 2.11. Other versions
might cause the docker-py connection to break with the containers.
Newer versions of docker-py might have this fixed already.
For Debian based distributions:
apt-get install libffi-dev libssl-dev python-docker