In my previous post I described how I started working on v2 of Intro TO Android Security VM.
To view that post, click HERE.
Anyway, I can finally say… I AM DONE WITH THE VM!
What’s different between version 1.1.2 to version 2. Well… keep reading
In version 2 I added more dynamic analysis tools such as MARA, PIDCat, QARK. In the pentesting section, I added Metasploit. I also added MobSF (a one stop shop with dynamic scanning for android applications) in a docker container. In version 1.1.2 I tried to upgrade my python version to 3.7.5 and broke my Linux build (could not update the distro).
After speaking with Anant (owner/creator of @AndroidTamer) we decided to put MobSF into a docker container to keep it contained and not break our build.
I also created the virtual machine from a vagrant machine, as I realized with version 1, I severely underestimated the storage I needed to include all the programs I wanted. I also included insecure android apps to test in the Documents folder.
Interested in learning more – download/use the virtual machine at the following location:
SourceForge –> IntroAndroidSecurity download | SourceForge.net, click on External Link
Finally, make sure to read the README.md file as most issues can be solved in that file!
Hope everyone enjoy the virtual machine. If you have any questions or want to see an application added – let me know!
Where is the readme?
The readme is inside of the virtual machine. It’s titled – README.md. Also you can look on my Github to see it as well – it’s under Instructions.md. https://github.com/thefluffy007/IntroToAndroidSecurityVM/blob/master/Instructions.md
The –exploit-apk option on qark doesn’t work because you have the wrong version of the sdk on the VM
Hmm – let me check it out. Thanks.
Also I have a github for this VM – put the above response as an issue, so I can track and look into it. https://github.com/thefluffy007/IntroToAndroidSecurityVM