mirror of
https://gitlab.com/fdroid/fdroidserver.git
synced 2024-11-05 06:50:10 +01:00
df27bae6a0
* New command `dscanner`, enables one to scan signed APKs with Drozer * Drozer is a dynamic vulnerability scanner for Android * Drozer runs in a emulator or on-device, this new `dscanner` command... * starts a docker image with Drozer and the Android Emulator pre-installed, * loads the signed APK into the emulator * activates Drozer automated tests for the APK * gathers the report output and places it next to the original APK * The Drozer docker image can be: * cached locally for re-use (just don't run --clean*) * retrieved from dockerhub.com for more efficient runtime * or be built from scratch (in the new "./docker" directory) * New "Vulnerability Scanning" documentation section (run gendocs.sh)
181 lines
6.4 KiB
Docker
181 lines
6.4 KiB
Docker
# This image is intended to be used with fdroidserver for the purpose
|
|
# of dynamic scanning of pre-built APKs during the fdroid build process.
|
|
|
|
# Start with ubuntu 12.04 (i386).
|
|
FROM ubuntu:14.04
|
|
MAINTAINER fdroid.dscanner <fdroid.dscanner@gmail.com>
|
|
|
|
ENV DROZER_URL https://github.com/mwrlabs/drozer/releases/download/2.3.4/drozer_2.3.4.deb
|
|
ENV DROZER_DEB drozer_2.3.4.deb
|
|
|
|
ENV AGENT_URL https://github.com/mwrlabs/drozer/releases/download/2.3.4/drozer-agent-2.3.4.apk
|
|
ENV AGENT_APK drozer-agent-2.3.4.apk
|
|
|
|
# Specially for SSH access and port redirection
|
|
ENV ROOTPASSWORD android
|
|
|
|
# Expose ADB, ADB control and VNC ports
|
|
EXPOSE 22
|
|
EXPOSE 5037
|
|
EXPOSE 5554
|
|
EXPOSE 5555
|
|
EXPOSE 5900
|
|
EXPOSE 5901
|
|
|
|
ENV DEBIAN_FRONTEND noninteractive
|
|
RUN echo "debconf shared/accepted-oracle-license-v1-1 select true" | debconf-set-selections
|
|
RUN echo "debconf shared/accepted-oracle-license-v1-1 seen true" | debconf-set-selections
|
|
|
|
# Update packages
|
|
RUN apt-get -y update
|
|
|
|
# Drozer packages
|
|
RUN apt-get install wget python2.7 python-dev python2.7-dev python-openssl python-twisted python-protobuf bash-completion -y
|
|
|
|
# First, install add-apt-repository, sshd and bzip2
|
|
RUN apt-get -y install python-software-properties bzip2 ssh net-tools
|
|
|
|
# ubuntu 14.04 needs this too
|
|
RUN apt-get -y install software-properties-common
|
|
|
|
# Add oracle-jdk7 to repositories
|
|
RUN add-apt-repository ppa:webupd8team/java
|
|
|
|
# Make sure the package repository is up to date
|
|
RUN echo "deb http://archive.ubuntu.com/ubuntu trusty main universe" > /etc/apt/sources.list
|
|
|
|
# Update apt
|
|
RUN apt-get update
|
|
|
|
# Add drozer
|
|
RUN useradd -ms /bin/bash drozer
|
|
|
|
# Install oracle-jdk7
|
|
RUN apt-get -y install oracle-java7-installer
|
|
|
|
# Install android sdk
|
|
RUN wget http://dl.google.com/android/android-sdk_r23-linux.tgz
|
|
RUN tar -xvzf android-sdk_r23-linux.tgz
|
|
RUN mv -v android-sdk-linux /usr/local/android-sdk
|
|
|
|
# Install apache ant
|
|
RUN wget http://archive.apache.org/dist/ant/binaries/apache-ant-1.8.4-bin.tar.gz
|
|
RUN tar -xvzf apache-ant-1.8.4-bin.tar.gz
|
|
RUN mv -v apache-ant-1.8.4 /usr/local/apache-ant
|
|
|
|
# Add android tools and platform tools to PATH
|
|
ENV ANDROID_HOME /usr/local/android-sdk
|
|
ENV PATH $PATH:$ANDROID_HOME/tools
|
|
ENV PATH $PATH:$ANDROID_HOME/platform-tools
|
|
|
|
# Add ant to PATH
|
|
ENV ANT_HOME /usr/local/apache-ant
|
|
ENV PATH $PATH:$ANT_HOME/bin
|
|
|
|
# Export JAVA_HOME variable
|
|
ENV JAVA_HOME /usr/lib/jvm/java-7-oracle
|
|
|
|
# Remove compressed files.
|
|
RUN cd /; rm android-sdk_r23-linux.tgz && rm apache-ant-1.8.4-bin.tar.gz
|
|
|
|
# Some preparation before update
|
|
RUN chown -R root:root /usr/local/android-sdk/
|
|
|
|
# Install latest android tools and system images
|
|
RUN echo "y" | android update sdk --filter platform-tool --no-ui --force
|
|
RUN echo "y" | android update sdk --filter platform --no-ui --force
|
|
RUN echo "y" | android update sdk --filter build-tools-22.0.1 --no-ui -a
|
|
RUN echo "y" | android update sdk --filter sys-img-x86-android-19 --no-ui -a
|
|
#RUN echo "y" | android update sdk --filter sys-img-x86-android-21 --no-ui -a
|
|
#RUN echo "y" | android update sdk --filter sys-img-x86-android-22 --no-ui -a
|
|
RUN echo "y" | android update sdk --filter sys-img-armeabi-v7a-android-19 --no-ui -a
|
|
#RUN echo "y" | android update sdk --filter sys-img-armeabi-v7a-android-21 --no-ui -a
|
|
#RUN echo "y" | android update sdk --filter sys-img-armeabi-v7a-android-22 --no-ui -a
|
|
|
|
# Update ADB
|
|
RUN echo "y" | android update adb
|
|
|
|
# Create fake keymap file
|
|
RUN mkdir /usr/local/android-sdk/tools/keymaps
|
|
RUN touch /usr/local/android-sdk/tools/keymaps/en-us
|
|
|
|
# Run sshd
|
|
RUN apt-get install -y openssh-server
|
|
RUN mkdir /var/run/sshd
|
|
RUN echo "root:$ROOTPASSWORD" | chpasswd
|
|
RUN sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/' /etc/ssh/sshd_config
|
|
RUN sed -i 's/PermitEmptyPasswords no/PermitEmptyPasswords yes/' /etc/ssh/sshd_config
|
|
|
|
# SSH login fix. Otherwise user is kicked off after login
|
|
RUN sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd
|
|
|
|
ENV NOTVISIBLE "in users profile"
|
|
RUN echo "export VISIBLE=now" >> /etc/profile
|
|
|
|
# Install socat
|
|
RUN apt-get install -y socat
|
|
|
|
# symlink android bins
|
|
RUN ln -sv /usr/local/android-sdk/tools/android /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/tools/emulator /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/tools/ddms /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/tools/scheenshot2 /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/tools/monkeyrunner /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/tools/monitor /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/tools/mksdcard /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/tools/uiautomatorviewer /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/tools/traceview /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/platform-tools/adb /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/platform-tools/fastboot /usr/local/bin/
|
|
RUN ln -sv /usr/local/android-sdk/platform-tools/sqlite3 /usr/local/bin/
|
|
|
|
# Setup DROZER...
|
|
# https://labs.mwrinfosecurity.com/tools/drozer/
|
|
|
|
# Run as drozer user
|
|
WORKDIR /home/drozer
|
|
|
|
# Site lists the shasums, however, I'm not sure the best way to integrate the
|
|
# checks here. No real idiomatic way for Dockerfile to do that and most of
|
|
# the examples online use chained commands but we want things to *BREAK* when
|
|
# the sha doesn't match. So far, I can't seem to reliably make Docker not
|
|
# finish the image build process.
|
|
|
|
# Download the console
|
|
RUN wget -c $DROZER_URL
|
|
|
|
# Install the console
|
|
RUN dpkg -i $DROZER_DEB
|
|
|
|
# Download agent
|
|
RUN wget -c $AGENT_URL
|
|
# Keep it version agnostic for other scripts such as install_drozer.py
|
|
RUN mv -v $AGENT_APK drozer-agent.apk
|
|
|
|
# Port forwarding required by drozer
|
|
RUN echo 'adb forward tcp:31415 tcp:31415' >> /home/drozer/.bashrc
|
|
|
|
# Alias for Drozer
|
|
RUN echo "alias drozer='drozer console connect'" >> /home/drozer/.bashrc
|
|
|
|
# add extra scripting
|
|
COPY install_agent.py /home/drozer/install_agent.py
|
|
RUN chmod 755 /home/drozer/install_agent.py
|
|
COPY enable_service.py /home/drozer/enable_service.py
|
|
RUN chmod 755 /home/drozer/enable_service.py
|
|
COPY drozer.py /home/drozer/drozer.py
|
|
RUN chmod 755 /home/drozer/drozer.py
|
|
|
|
# fix ownerships
|
|
RUN chown -R drozer.drozer /home/drozer
|
|
|
|
RUN apt-get -y --force-yes install python-pkg-resources=3.3-1ubuntu1
|
|
RUN apt-get -y install python-pip python-setuptools git
|
|
RUN pip install "git+https://github.com/dtmilano/AndroidViewClient.git#egg=androidviewclient"
|
|
RUN apt-get -y install python-pexpect
|
|
|
|
# Add entrypoint
|
|
COPY entrypoint.sh /home/drozer/entrypoint.sh
|
|
RUN chmod +x /home/drozer/entrypoint.sh
|
|
ENTRYPOINT ["/home/drozer/entrypoint.sh"]
|