{% extends "base/base_layout.html" %} {% load static %} {% block sidebar_option %} sidebar-mini {% endblock %} {% block extra_css %} {% endblock %} {% block sidebar %} {% endblock %} {% block content %}

APP SCORES

{% if average_cvss %} Average CVSS {{ average_cvss }}
{% endif %} Security Score {{ appsec.security_score }}/100
{% if trackers.detected_trackers > 0 %} Trackers Detection {{ trackers.detected_trackers }}/{{ trackers.total_trackers }}
{% else %} Trackers Detection {{ trackers.detected_trackers }}/{{ trackers.total_trackers }}
{% endif %}

MobSF Scorecard

FILE INFORMATION

File Name {{ file_name }}
Size {{ size }}
MD5 {{ md5 }}
SHA1 {{ sha1 }}
SHA256 {{ sha256 }}

APP INFORMATION

App Name {{ app_name }}
App Type {{ app_type }}
Identifier {{ bundle_id }}
SDK Name {{ sdk_name }}
Version {{ app_version }} Build {{ build }} Platform Version {{ platform }} Min OS Version {{ min_os_version }}
Supported Platforms {% for pl in bundle_supported_platforms %} {{pl}}, {% endfor %}
{% if not appstore_details.error %}

APP STORE INFORMATION

Title {{ appstore_details.title }}
Score {{ appstore_details.score}} Features {% for fea in appstore_details.features %} {{ fea }}, {% endfor %} Price {{ appstore_details.price }} Category {% for cat in appstore_details.category %} {{ cat }}, {% endfor %} App Store URL {{ appstore_details.app_id }}
Developer {{appstore_details.developer}}, Developer ID {{appstore_details.developer_id}}
Developer Website {{appstore_details.developer_website }}
Developer URL {{appstore_details.developer_url}}
Supported Devices {% for dev in appstore_details.supported_devices %} {{ dev }}, {% endfor %}
Description
{{ appstore_details.description }}
{% endif %}

CUSTOM URL SCHEMES

{% if bundle_url_types|length > 0 %}

{% for scheme in bundle_url_types %} {% endfor %}
URL NAME SCHEMES
{{scheme | key:"CFBundleURLName" }} {% if scheme|key:"CFBundleTypeRole" %}
{{scheme | key:"CFBundleTypeRole" }} {% endif %}
{% if scheme|key:"CFBundleURLSchemes" %} {% for ul in scheme.CFBundleURLSchemes %} {{ul}}
{% endfor %} {% endif %}
{% else %}

No URL Schemes found.

{% endif %}

APPLICATION PERMISSIONS

{% if permissions %}

{% for perm, desc in permissions.items %} {% endfor %}
PERMISSIONS STATUS INFO REASON IN MANIFEST
{{ perm }} {% if desc.status == 'dangerous' %} dangerous {% else %} normal {% endif %} {{ desc.info}} {{ desc.description }}
{% else %}

No Permissions required.

{% endif %}

iOS API

{% for rule, details in ios_api.items %} {% endfor %}
API FILES
{{ details.metadata.description }}
{% for file_path, lines in details.files.items %} {{ file_path }}
{% endfor %}

APP TRANSPORT SECURITY (ATS)

{% if ats_analysis and 'ats_summary' in ats_analysis and ats_analysis.ats_summary|length > 0 %}
HIGH
{{ ats_analysis.ats_summary.high }}
WARNING
{{ ats_analysis.ats_summary.warning }}
INFO
{{ ats_analysis.ats_summary.info }}
SECURE
{{ ats_analysis.ats_summary.secure }}
{% endif %} {% if ats_analysis and 'ats_findings' in ats_analysis %} {% for findings in ats_analysis.ats_findings %} {% endfor %} {% endif %}
NO ISSUE SEVERITY DESCRIPTION
{{ forloop.counter }} {{findings.issue}} {% if findings.severity == "high" %} high {% elif findings.severity == "secure" %} secure {% elif findings.severity == "warning" %} warning {% elif findings.severity == "info" %} info {% endif %} {{findings.description}}

CODE ANALYSIS

{% if code_analysis and 'summary' in code_analysis and code_analysis.summary|length > 0 %}
HIGH
{{ code_analysis.summary.high }}
WARNING
{{ code_analysis.summary.warning }}
INFO
{{ code_analysis.summary.info }}
SECURE
{{ code_analysis.summary.secure }}
SUPPRESSED
{{ code_analysis.summary.suppressed }}
{% endif %} {% if code_analysis and 'findings' in code_analysis %} {% for rule, details in code_analysis.findings.items %} {% endfor %} {% endif %}
NO ISSUE SEVERITY STANDARDS FILES OPTIONS
{{ forloop.counter }} {% if details.metadata|key:"ref" %} {{ details.metadata.description }} {% else %} {{ details.metadata.description }} {% endif %} {% if details.metadata.severity == "high" %} high {% elif details.metadata.severity == "good" %} secure {% elif details.metadata.severity == "warning" %} warning {% elif details.metadata.severity == "info" %} info {% endif %} {% if average_cvss %} CVSS V2: {{ details.metadata.cvss }} {% if details.metadata.cvss > 6 %} (high) {% elif details.metadata.cvss == 0 %} (info) {% elif details.metadata.cvss >= 4 %} (medium) {% elif details.metadata.cvss < 4 %} (low) {% endif %}
{% endif %} {% if details.metadata.cwe %} CWE: {{details.metadata.cwe }}{% endif %} {% if details.metadata|key:"owasp-mobile" %}
OWASP Top 10: {{ details.metadata|key:"owasp-mobile" }}{% endif %} {% if details.metadata.masvs %}
OWASP MASVS: {{ details.metadata.masvs }}{% endif %}
{% if details.files|length < 4 %} {% for file_path, lines in details.files.items %} {{ file_path }}
{% endfor %} {% else %}
{% for file_path, lines in details.files.items %} {{ file_path }}
{% endfor %}
{% endif %}

FILE ANALYSIS

{% for item in file_analysis %} {% endfor %}
NO ISSUE FILES
{{ forloop.counter }} {{ item.issue }} {% for file in item.files %} {% if file.type %} {{ file.file_path }} {% else %} {{ file.file_path }} {% endif %}
{% endfor %}

SERVER LOCATIONS

{% if domains %}


This app may communicate with the following OFAC sanctioned list of countries.

{% for domain, details in domains.items %} {% if details|key:"ofac" == True %} {% endif %} {% endfor %}
DOMAIN COUNTRY/REGION
{{domain}} IP: {{details|key:"geolocation"|key:"ip"}}
Country: {{details|key:"geolocation"|key:"country_long"}}
Region: {{details|key:"geolocation"|key:"region"}}
City: {{details|key:"geolocation"|key:"city"}}
{% endif %}

DOMAIN MALWARE CHECK

{% if domains %} {% for domain, details in domains.items %} {% endfor %}
DOMAIN STATUS GEOLOCATION
{{domain}} {% if details|key:"bad" == "yes" %} malware
                      URL: {{details|key:"domain_or_url"}}
                      IP: {{details|key:"ip"}}
                      Description: {{details|key:"desc"}}
                      
{% else %} ok
{% endif %}
{% if details|key:"geolocation" %} IP: {{details|key:"geolocation"|key:"ip"}}
Country: {{details|key:"geolocation"|key:"country_long"}}
Region: {{details|key:"geolocation"|key:"region"}}
City: {{details|key:"geolocation"|key:"city"}}
Latitude: {{details|key:"geolocation"|key:"latitude"}}
Longitude: {{details|key:"geolocation"|key:"longitude"}}
View: Google Map {% else %} No Geolocation information available. {% endif %}
{% endif %}

URLS

{% if urls %} {% for urldict in urls %} {% endfor %}
URL FILE
{% for u in urldict|key:"urls" %} {{ u }}
{% endfor %}
{{urldict|key:"path"}}
{% endif %}

FIREBASE DATABASE

{% if firebase_urls %} {% for item in firebase_urls %} {% endfor %}
FIREBASE URL DETAILS
{{ item.url }} {% if item.open %} high
Firebase Database is exposed publicly. {% else %} info
App talks to a Firebase database. {% endif %}
{% endif %}

EMAILS

{% if emails %} {% for email_dict in emails %} {% endfor %}
EMAIL FILE
{% for e in email_dict|key:"emails" %} {{ e }}
{% endfor %}
{{email_dict|key:"path"}}
{% endif %}

TRACKERS

{% if trackers %} {% for trk in trackers|key:"trackers" %} {% endfor %}
TRACKER NAME CATEGORIES URL
{{trk.name}} {{trk.categories}} {{trk.url}}
{% endif %}

POSSIBLE HARDCODED SECRETS

{% for val in secrets %} {{ val }}
{% endfor %}

STRINGS

{% include 'base/list.html' with list=strings type="strings" limit=100 %}

FILES

{% include 'base/list.html' with list=files type="files" limit=200 %}
{% endblock %} {% block extra_scripts %} {% endblock %}