Command Line Interface usage

Credentials management

There are three options for using the mASAPP API credentials:

  1. Insert key and secret in command with params key and secret
masappcli -key T3STK3Y -secret T3STS3CR3T
  1. Configure: The credentials will be inserted by the user.
masappcli --configure
[?] Insert your MASSAP Access Key:
MASAPPKEY
[?] Insert your MASSAP Secret:
##This line will be invisible

3. Use stored credentials: If no one of the previous params are inserted, the script will try to find them in the environ variables as MASAPP_KEY and MASAPP_SECRET.

Riskscoring execution

It would analyse the given app throwing an error only if the risk is greater than the given with the param -r. This operation can not being thrown simultaneously with standard execution.

Usage example:

masappci -r float -a path/to/the/app.ipa (or apk) [-p packageNameOrigin] [-d] -key T3STK3Y -secret T3STS3CR3T

Standard execution:

It would analyse the given app throwing an error if there are more vulnerabilities or behaviors than the given in the in the json file. This operation can not being thrown simultaneously with riskscoring execution.

Usage example

masappci -s path/to/vulns_and_behaviors.json -a path/to/the/app.ipa (or apk) [-p packageNameOrigin] [-d] -key T3STK3Y -secret T3STS3CR3T

Additional params

  • PackageNameOrigin: The packageNameOrigin is an unequivocally value generated by mASAPP for identifying the applications. Giving this param you would help to the script to find your application in your user’s scans.

    If you don’t use this param, the script would look into the user scans using the name of your .apk or .ipa file but sometimes it doesn’t find because the packageNameOrigin not always contains the packageName or an error generating this field. If the script doesn’t find your app will show a list of all the scans that your user has, asking you to find your application and to execute it again using the param -p with the correct packageNameOrigin.

  • Detailed execution: If the user use this param, the following information will be shown after a successful execution:

    • A list of vulnerabilities, adding the tittle, risk, number of occurrences and the different occurrences with their evidences.
    • A list of behaviors, adding the tittle, number of occurrences, impact and the different occurrences with their evidences.