diff --git a/README.md b/README.md index 1d3d6b3c..c56bd512 100644 --- a/README.md +++ b/README.md @@ -44,36 +44,52 @@ Currently trueseeing can detect the following class of vulnerabilities: ## Installation -Plain installation (esp. for interacting with actual devices): +We provide containers so you can use right away as follows; now this is also the recommended way to run: - $ pip3 install trueseeing - $ trueseeing --bootstrap + $ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing -From 2.1.7, we provide containers so you can use right away as follows (i.e. you don't need to bootstrap): +If you want to run statelessly you omit mounting volume onto /cache (not recommended for day-to-day use though): $ docker run --rm -v $(pwd):/out alterakey/trueseeing +Finally if you would like to use plain old installation (e.g. for interacting with devices), you can do as follows: + + $ pip3 install trueseeing + ## Usage The following command line is sufficient to scan a APK (target.apk), yielding findings listed in stderr: - $ trueseeing /path/to/target.apk + $ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing target.apk To generate a report in HTML format: - $ trueseeing -o report.html /path/to/target.apk - $ trueseeing --format=html -o report.html /path/to/target.apk + $ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing -o report.html target.apk + $ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --format=html -o report.html target.apk To generate a report in JSON format: - $ trueseeing --format=json -o report.json /path/to/target.apk + $ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --format=json -o report.json target.apk To get report generated in stdout, specify '-' as filename: - $ trueseeing -o - /path/to/target.apk > report.html - $ trueseeing --format=html -o - /path/to/target.apk > report.html - $ trueseeing --format=json -o - /path/to/target.apk > report.json + $ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing -o - target.apk > report.html + $ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --format=html -o - target.apk > report.html + $ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --format=json -o - target.apk > report.json To fix (not all) problems it catches: - $ trueseeing --patch-all /path/to/target.apk + $ docker run --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --patch-all target.apk + +From 2.1.8, we have rewritten the means of interactively analyzing apps; inspect mode II (hence, forget that I). You can try it as follows: + + $ docker run -it --rm -v $(pwd):/out -v ts2:/cache alterakey/trueseeing --inspect target.apk + [+] trueseeing 2.1.8 [inspect mode] + ts[target.apk]> ? + ... + ts[target.apk]> aa + ... + [+] done, found 6403 issues (174.94 sec.) + ts[target.apk]> i + ... + ts[target.apk]> gh report.html