This is the mobile security toolchain project. It is loosely based on the MSTG testing tools section (https://github.com/OWASP/owasp-mstg/blob/master/Document/0x08-Testing-Tools.md).
The project is in early beta stage. Feel free to contribute! Note that developments are currently slow as the primary focus is now on developing the MSTG. There are quiet a few bugs when running this on Catalina. We hope to resolve them in 2021 (as Corona outbreak made our work a little harder) unless a volunteer arrives earlier ;-).
Have a Mac OS X based system (needs 10.13.x) with about 4 GB of RAM and 4 GB of free space. Next, install Docker for Mac on it and then:
if you want to have both the iOS and Android tools, as well as all the scaffolding, just use
if you want to have the iOS tools only: install brew and Ansible, then type:
ansible-galaxy install -r requirements.yml ansible-playbook -K ./iOS/generic_items.yml
if you want to have the Android tools only: install brew and Ansible, then type:
Please note: the iOS part requires you to install XCode using the Mac App Store (MAS) which will ask you to authenticate with a popup.
Brew, pip and Ansible will be installed first, if not available. Then generic, iOS and Android tools will be installed:
As we are still in development of 1.0, there are the following quirks:
chgrp -R admin /usr/local/* chmod -R g+w /usr/local/*
and otherwise you can follow this fix.
Does something not work? Create an issue, or even better: create a pull-request!
@clviper (reviewing), @andreaslindeboom for a lot of ansible improvements, @meetinthemiddle-be for testing & @sushi2k for contributing & @hierynomus for fixing travis issues & @RiieCco for motivating me to get the project started. @geerlingguy for creating awesome Ansible roles that speeded up the development tremendously. Xebia, as a company from which I used an private repo to start hacking at the project. My wife for supporting me in doing mobile security open source projects in my spare time.