Added version configuration and sanitize_path

Author: ByteSnipers

CHANGELOG.md

@@ -1,5 +1,9 @@
 # ChangeLog
 
+### 0.7.57
+- CHANGE: 	Added sanitize_path in setup option
+- ADDED: 	Version configuration for tools
+
 ### 0.7.56
 - CHANGE: 	Updated build-tools
 

mpt/console.py

@@ -94,7 +94,8 @@ def setup_pentest(apk):
         log.info("Folder for security assessment {} created".format(Fore.CYAN + settings.PENTEST_FOLDER + Style.RESET_ALL))
 
         # Replace masked characters with "", fix errors with special chars in shell
-        new_apk_filename = re.sub(r'[^\w.-]', '', apk_file)
+        new_apk_filename = functions.sanitize_path(apk_file)
+
         if apk_file != new_apk_filename:
             log.warn(f"APK file renamed to {new_apk_filename}")
         app_pentest_file_location = os.path.join(settings.APP_FOLDER, os.path.basename(new_apk_filename))

mpt/functions.py

@@ -1,5 +1,6 @@
 import os
 import random
+import re
 import string
 import time
 
@@ -656,6 +657,19 @@ def get_device_architecture():
         return arch
 
 
+# sanitize path – replace unsafe characters in file name only
+def sanitize_path(path):
+    dir_name = os.path.dirname(path)
+    base_name = os.path.basename(path)
+
+    # Replace disallowed characters and whitespace with underscores
+    # Includes: < > : " / \ | ? * control chars, whitespace, (), []
+    safe_base = re.sub(r'[<>"\/\\|?*\[\]\(\)\x00-\x1F\s]', '_', base_name)
+
+    return os.path.join(dir_name, safe_base)
+
+
+
 # data for wifi username and password generation
 adjectives = [
     "Silly", "Wobbly", "Sneaky", "Clumsy", "Jolly", "Grumpy", "Nifty", "Goofy", "Zany", "Loopy",

mpt/settings.py

@@ -5,7 +5,7 @@
 import mpt.config
 from mpt.config import Config
 
-__version__ = '0.7.56'
+__version__ = '0.7.57'
 HOME_FOLDER = expanduser("~")
 DEFAULT_MOBILE_FOLDER = os.path.join(HOME_FOLDER, "tools/MOBILE/")
 MPT_BIN = os.path.join(DEFAULT_MOBILE_FOLDER, 'bin')
@@ -28,6 +28,32 @@
 # sh does not support source command and it was replaces with .
 # "The . is POSIX-compliant and also works in /bin/sh."
 
+
+# ANDROID_TOOLS Versions
+# for the tools without version use release date e.g. 2025.03.07
+VERSION_MOBSF = '4.3.0' # check: 'https://github.com/MobSF/Mobile-Security-Framework-MobSF'
+VERSION_RMS = '1.5.23' # check: https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security',
+VERSION_OBJECTION = '1.11.0'
+VERSION_SPOTBUGS = '4.9.3'
+VERSION_JADX = '1.5.1'
+VERSION_JD_GUI = '1.6.6'
+VERSION_LUYTEN = '0.5.4'
+VERSION_SQLITESTUDIO = '3.4.17'
+VERSION_PIDCAT = '2018.12.22' # check: https://github.com/healthluck/pidcat-ex
+VERSION_PIDCAT_EX = '2018.12.22' # check: https://github.com/healthluck/pidcat-ex.git
+VERSION_ADUS = '2025.03.19' # check https://github.com/ByteSnipers/adus
+VERSION_FRIDUMP = '2024.11.07' # check https://github.com/rootbsd/fridump3
+VERSION_AAPT = 'r34-rc3'
+VERSION_ADB = '35.0.2' # check version https://developer.android.com/tools/releases/platform-tools
+VERSION_ABE = '2025.01.15'
+VERSION_APKTOOL = '2.11.1'
+VERSION_DEX2JAR = '2.4'
+VERSION_JANUS = '2023.05.16'
+VERSION_LINUX_ROUTER = '2024.12.18'
+VERSION_KITTY = '0.40.1'
+VERSION_SCRCPY = '3.1'
+
+
 ANDROID_TOOLS = {
     # available parameters
     # bin
@@ -71,13 +97,15 @@
     'MobSF': {
         # check updates: 'https://github.com/MobSF/Mobile-Security-Framework-MobSF'
         # fix dependency in mobSF (remove if not required) ->  sed -i \'s/packaging = ">=21\.3,<22\.0"/packaging = ">=24\.2"/\' pyproject.toml
-        'url': 'https://github.com/MobSF/Mobile-Security-Framework-MobSF/archive/refs/tags/v4.3.0.zip',
+        # 'url': 'https://github.com/MobSF/Mobile-Security-Framework-MobSF/archive/refs/tags/v4.3.0.zip',
+        'version': VERSION_MOBSF,
+        'url': f'https://github.com/MobSF/Mobile-Security-Framework-MobSF/archive/refs/tags/v{VERSION_MOBSF}.zip',
         'info': 'Mobile Security Framework (MobSF)',
         'bin': 'cd {}; python -m venv venv; . ./venv/bin/activate; . ./run.sh'.format(os.path.join(conf.load_config('install-dir'), 'MobSF')),
         'bin_info': 'Open MobSF in browser: http://127.0.0.1:8000 (Press CTRL+C to quit)',
         'dir': 'MobSF',
         'install': 'http',
-        'post': 'mv Mobile-Security-Framework-MobSF-4.3.0 MobSF; cd MobSF; python -m venv venv; . ./venv/bin/activate; pip install poetry; . ./setup.sh',
+        'post': f'mv Mobile-Security-Framework-MobSF-{VERSION_MOBSF} MobSF; cd MobSF; python -m venv venv; . ./venv/bin/activate; pip install poetry; . ./setup.sh',
     },
 
     # RMS installation old version
@@ -95,7 +123,7 @@
     'RMS': {
         # check 'https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security',
         #
-        # HOW TO SELECT A RIGHT NODEJS VERSION ??
+        # HOW TO SELECT A RIGHT Node.js VERSION ??
         #   https://github.com/ChiChou/Grapefruit/wiki/How-do-I-decide-which-version-of-nodejs-to-use%3F
         #
         #   You need to find the right node version. To check which nodejs is supported, you can refer to these two pages:
@@ -107,16 +135,18 @@
         #       we need to install v22.12.0
         #       put the correct version in post command "... nodeenv --python-virtualenv --node 22.12.0 ..."
         #
+        'version': VERSION_RMS,
         'info': 'Runtime Mobile Security (RMS)',
         'dir': 'RMS',
         'bin': 'cd {}; . ./venv/bin/activate; rms'.format(os.path.join(conf.load_config('install-dir'), 'RMS')),
         'bin_info': 'Running on http://127.0.0.1:5491/ (Press CTRL+C to quit)',
         'install': 'local',
-        # install nodejs locally within the python virtual environment
+        # install Node.js locally within the python virtual environment
         'post': 'cd RMS; python -m venv venv; . ./venv/bin/activate; pip install nodeenv; nodeenv --python-virtualenv --node 22.12.0; npm install -g rms-runtime-mobile-security',
     },
     'objection': {
         # check: 'https://github.com/sensepost/objection',
+        'version': VERSION_OBJECTION,
         'info': 'Runtime Mobile Exploration Toolkit',
         'dir': 'objection',
         # 'bin_info': 'Please run "frida-ps -U" to find an app and start objection with the following command:\nobjection --gadget "<APP-NAME>" explore',
@@ -126,18 +156,21 @@
         'post': 'cd objection; python -m venv venv; . ./venv/bin/activate; pip install --upgrade setuptools; pip install -U objection'
     },
     'spotbugs': {
-        # check: 'https://github.com/spotbugs/spotbugs/releases',
-        'url': 'https://github.com/spotbugs/spotbugs/releases/download/4.9.3/spotbugs-4.9.3.zip',
+        #'url': 'https://github.com/spotbugs/spotbugs/releases/download/4.9.3/spotbugs-4.9.3.zip',
+        'version': VERSION_SPOTBUGS,
+        'url': f'https://github.com/spotbugs/spotbugs/releases/download/{VERSION_SPOTBUGS}/spotbugs-{VERSION_SPOTBUGS}.zip',
         'info': 'Static code analysis for vulnerabilities and bugs',
         'dir': 'spotbugs',
         'bin': f'cd {os.path.join(conf.load_config('install-dir'), 'spotbugs')}; ./bin/spotbugs',
         'install': 'http',
-        'post': 'mv spotbugs-4.9.3 spotbugs',
+        'post': f'mv spotbugs-{VERSION_SPOTBUGS} spotbugs',
         'bin_global': {'spotbugs': 'bin/spotbugs'}
     },
     'jadx': {
         # check updates: 'https://github.com/skylot/jadx/releases'
-        'url': 'https://github.com/skylot/jadx/releases/download/v1.5.1/jadx-1.5.1.zip',
+        # 'url': 'https://github.com/skylot/jadx/releases/download/v1.5.1/jadx-1.5.1.zip',
+        'version': VERSION_JADX,
+        'url': f'https://github.com/skylot/jadx/releases/download/v{VERSION_JADX}/jadx-{VERSION_JADX}.zip',
         'info': 'Dex to Java decompiler',
         'bin': os.path.join(conf.load_config('install-dir'), 'jadx/bin/jadx-gui'),
         'dir': 'jadx',
@@ -148,44 +181,54 @@
     },
     'jd-gui': {
         # check updates: 'https://github.com/java-decompiler/jd-gui/releases'
-        'url': 'https://github.com/java-decompiler/jd-gui/releases/download/v1.6.6/jd-gui-1.6.6.jar',
+        #'url': 'https://github.com/java-decompiler/jd-gui/releases/download/v1.6.6/jd-gui-1.6.6.jar',
+        'version': VERSION_JD_GUI,
+        'url': f'https://github.com/java-decompiler/jd-gui/releases/download/v{VERSION_JD_GUI}/jd-gui-{VERSION_JD_GUI}.jar',
         'info': 'Java Decompiler, dex2jar required',
         'bin': os.path.join(conf.load_config('install-dir'), 'jd-gui/jd-gui.jar'),
         'dir': 'jd-gui',
         'install': 'http',
     },
     'luyten': {
         # check updates https://github.com/deathmarine/Luyten/releases
-        'url': 'https://github.com/deathmarine/Luyten/releases/download/v0.5.4_Rebuilt_with_Latest_depenencies/luyten-0.5.4.jar',
+        # 'url': f'https://github.com/deathmarine/Luyten/releases/download/v0.5.4_Rebuilt_with_Latest_depenencies/luyten-0.5.4.jar',
+        'version': VERSION_LUYTEN,
+        'url': f'https://github.com/deathmarine/Luyten/releases/download/v{VERSION_LUYTEN}_Rebuilt_with_Latest_depenencies/luyten-{VERSION_LUYTEN}.jar',
         'info': 'Java Decompiler Gui for Procyon',
         'bin': os.path.join(conf.load_config('install-dir'), 'luyten/luyten.jar'),
         'dir': 'luyten',
         'install': 'http'
     },
     'sqlitestudio': {
         # check updates : https://github.com/pawelsalawa/sqlitestudio/releases
-        'url': 'https://github.com/pawelsalawa/sqlitestudio/releases/download/3.4.17/sqlitestudio-3.4.17-linux-x64.tar.xz',
+        #VERSION_SQLITESTUDIO
+        'version': VERSION_SQLITESTUDIO,
+        # 'url': 'https://github.com/pawelsalawa/sqlitestudio/releases/download/3.4.17/sqlitestudio-3.4.17-linux-x64.tar.xz',
+        'url': f'https://github.com/pawelsalawa/sqlitestudio/releases/download/{VERSION_SQLITESTUDIO}/sqlitestudio-{VERSION_SQLITESTUDIO}-linux-x64.tar.xz',
         'info': 'Multi-platform SQLite database manager',
         'dir': 'SQLiteStudio',
         'bin': os.path.join(conf.load_config('install-dir'), 'SQLiteStudio/sqlitestudio'),
         'install': 'http',
         'bin_global': {'sqlitestudio': 'sqlitestudio', 'sqlitestudiocli': 'sqlitestudiocli'}
     },
     'pidcat': {
+        'version': VERSION_PIDCAT,
         'url': 'https://github.com/JakeWharton/pidcat',
         'info': 'excellent logcat color script',
         'bin': os.path.join(conf.load_config('install-dir') + 'pidcat/pidcat.py'),
         'dir': 'pidcat',
         'install': 'git'
     },
     'pidcat-ex': {
+        'version': VERSION_PIDCAT_EX,
         'url': 'https://github.com/healthluck/pidcat-ex.git',
         'info': 'PID Cat (extended version)',
         'bin': os.path.join(conf.load_config('install-dir') + 'pidcat-ex/pidcat-ex.py'),
         'dir': 'pidcat-ex',
         'install': 'git'
     },
     'adus': {
+        'version': VERSION_ADUS,
         'url': 'https://github.com/ByteSnipers/adus',
         'info': 'Bash script to dump, build and sign apk',
         'bin': os.path.join(conf.load_config('install-dir') + 'adus/adus.sh'),
@@ -195,6 +238,7 @@
     'fridump': {
         # check https://github.com/rootbsd/fridump3 (updated version)
         # https://github.com/Nightbringer21/fridump (obsolete version)
+        'version': VERSION_FRIDUMP,
         'url': 'https://github.com/rootbsd/fridump3',
         'info': 'Memory dumping tool using frida',
         'bin': f'cd {os.path.join(conf.load_config('install-dir'),'fridump')}; . ./venv/bin/activate; python fridump3.py',
@@ -203,6 +247,7 @@
         'post': 'cd fridump; python -m venv venv; . ./venv/bin/activate; pip install --upgrade frida-tools; chmod +x fridump3.py'
     },
     'adb': {
+        'version' : VERSION_ADB,
         'url': 'https://dl.google.com/android/repository/platform-tools-latest-linux.zip',
         'info': 'Android Debug Bridge (adb)',
         'dir': 'platform-tools',
@@ -215,7 +260,8 @@
         # URL examples
         #  version + RC: https://dl.google.com/android/repository/build-tools_r34-rc3-linux.zip'
         #  version:      https://dl.google.com/android/repository/build-tools_r34-linux.zip  # android 14
-        'url': 'https://dl.google.com/android/repository/build-tools_r34-rc3-linux.zip', # android 14
+        'version' : VERSION_AAPT,
+        'url': f'https://dl.google.com/android/repository/build-tools_{VERSION_AAPT}-linux.zip', # android 14
         'info': 'Android Asset Packaging Tool',
         'bin': os.path.join(conf.load_config('install-dir'), 'build-tools/aapt'),
         'dir': 'build-tools',
@@ -227,35 +273,32 @@
     },
     'abe': {
         # check updates: https://github.com/nelenkov/android-backup-extractor/releases
+        'version' : VERSION_ABE,
         'url': 'https://github.com/nelenkov/android-backup-extractor/releases/download/latest/abe-0059753.jar', # 2024-11
         'info': 'Android backup extractor, android:allowBackup="true" required',
         'bin': os.path.join(conf.load_config('install-dir'), 'abe/abe.jar'),
         'dir': 'abe',
         'install': 'http'
     },
-    'signapk': {
-        'url': 'https://github.com/appium-boneyard/sign',
-        'info': 'sign an apk with the Android test certificate',
-        'bin': os.path.join(conf.load_config('install-dir'),'sign/dist/signapk.jar'), # not tested
-        'dir': 'sign',
-        'install': 'git'
-    },
     'apktool': {
         # check https://bitbucket.org/iBotPeaches/apktool/downloads/ and https://apktool.org/blog
-        'url': 'https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.11.1.jar',
+        'version': VERSION_APKTOOL,
+        # 'url': 'https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_2.11.1.jar',
+        'url': f'https://bitbucket.org/iBotPeaches/apktool/downloads/apktool_{VERSION_APKTOOL}.jar',
         'info': 'A tool for reverse engineering Android apk files',
         'bin': os.path.join(conf.load_config('install-dir'), 'apktool/apktool.jar'),
         'dir': 'apktool',
         'install': 'http'
     },
     'dex2jar': {
         # check https://github.com/pxb1988/dex2jar/
-        'url': 'https://github.com/pxb1988/dex2jar/releases/download/v2.4/dex-tools-v2.4.zip',
+        'version': VERSION_DEX2JAR,
+        'url': f'https://github.com/pxb1988/dex2jar/releases/download/v2.4/dex-tools-v{VERSION_DEX2JAR}.zip',
         'info': 'Convert the Dalvik Executable (.dex) file to jar',
         'bin': os.path.join(conf.load_config('install-dir'), 'dex2jar/d2j-dex2jar.sh'),
         'dir': 'dex2jar',
         'install': 'http',
-        'post': 'mv dex-tools-v2.4 dex2jar',
+        'post': f'mv dex-tools-v{VERSION_DEX2JAR} dex2jar',
         'bin_global': {
             'd2j-apk-sign.sh': 'd2j-apk-sign.sh', 'd2j-asm-verify.sh': 'd2j-asm-verify.sh', 'd2j-baksmali.sh': 'd2j-baksmali.sh',
             'd2j-class-version-switch.sh': 'd2j-class-version-switch.sh', 'd2j-decrypt-string.sh': 'd2j-decrypt-string.sh', 'd2j-dex2jar.sh': 'd2j-dex2jar.sh',
@@ -266,6 +309,7 @@
         }
     },
     'janus': {
+        'version': VERSION_JANUS,
         'url': 'https://github.com/ppapadatis/python-janus-vulnerability-scan',
         'info': 'scans an APK and an Android device for CVE-2017–13156',
         'bin': 'cd {}; . ./venv/bin/activate; python janus.py'.format(os.path.join(conf.load_config('install-dir'), 'python-janus-vulnerability-scan')),
@@ -274,6 +318,7 @@
         'post': 'cd python-janus-vulnerability-scan; python -m venv venv; . ./venv/bin/activate; pip install -r requirements.txt'
     },
     'linux-router': {
+        'version': VERSION_LINUX_ROUTER,
         'url': 'https://github.com/garywill/linux-router',
         'info': 'Set Linux as router in one command. Able to provide Internet, or create WiFi hotspot',
         'bin': 'cd {}; sudo ./lnxrouter'.format(os.path.join(conf.load_config('install-dir'), 'linux-router')),
@@ -284,6 +329,7 @@
     'kitty': {
         # check https://sw.kovidgoyal.net/kitty/binary/
         # requirement tool to objection execution with interactive cli
+        'version': VERSION_KITTY,
         'info': 'The fast, feature-rich, GPU based terminal emulator',
         'bin': os.path.join(conf.load_config('install-dir'), 'kitty/kitty.app/bin/kitty'),
         'dir': 'kitty',
@@ -292,7 +338,9 @@
     },
     'scrcpy': {
         # check version and replace file: https://github.com/Genymobile/scrcpy/releases
-        'url': 'https://github.com/Genymobile/scrcpy/releases/download/v3.1/scrcpy-linux-x86_64-v3.1.tar.gz',
+        'version': VERSION_SCRCPY,
+        # 'url': 'https://github.com/Genymobile/scrcpy/releases/download/v3.1/scrcpy-linux-x86_64-v3.1.tar.gz',
+        'url': f'https://github.com/Genymobile/scrcpy/releases/download/v{VERSION_SCRCPY}/scrcpy-linux-x86_64-v{VERSION_SCRCPY}.tar.gz',
         'info': 'Application mirrors Android devices (video and audio) connected via USB',
         'bin': os.path.join(conf.load_config('install-dir'), 'scrcpy/scrcpy'),
         'dir': 'scrcpy',