Mobile Security Framework (MobSF) – All-in-one Mobile Application Security (Android/iOS/Windows)

Mobile Security Framework (MobSF) logo xploitlab

To secure your information, you have to protect your own smartphone, because the easy way to spy on you all the time is with your smartphone. Attacker usually use malicious mobile applications to spy on your device. But with Mobile Security Framework (MobSF) you can detect the malicous application with static and dynamic analysis.

Overview

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.

MobSF is also bundled with Android Tamer and BlackArch

Features or Enhancements

  • Dynamic Analysis Support for Genymotion Android VMs 4.1 -9.0 x86
  • Improved Recent Scan
  • Replaced CapFuzz with HTTPtools
  • Automatic MobSFy with Xposed and Frida
  • Streaming logcat
  • Live API Monitor
  • Better SQlite DB View
  • Inbuilt Frida scripts for basic tasks
  • Custom Frida Script support
  • Frida Log Viewer
  • UI Changes
  • Browser PDF print support
  • Updated Tools
  • Baksmali performance improvements
  • Improved malware domain check
  • Multi OS Travis Support
  • Code QA

Requirements

Static Analysis

  • Git, Python 3.6+, JDK 8+
  • Mac OS users, install command-line tools. OS Mojave and above, install headers:
    • sudo installer -pkg /Library/Developer/CommandLineTools/Packages/macOS_SDK_headers_for_macOS_10.14.pkg -target /
  • Ubuntu/Debian based Linux:
    • sudo apt install python3-venv python3-pip python3-dev build-essential \ libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev
  • Windows users, install Microsoft Visual C++ Build Tools and OpenSSL
  • Windows App Static analysis requires a Windows Host or Windows VM for Mac and Linux. More Info

NOTE:

  • Set JAVA_HOME environment variable.
  • iOS IPA Analysis works only on Mac, Linux and Docker containers.

Installation

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
./setup.sh # For Linux and Mac
setup.bat # For Windows 

Screenshots

Static Analysis – Android APK

Static Analysis – iOS IPA

Mobile Security Framework (MobSF) Static Analysis - iOS IPA xploitlab

Dynamic Analysis – Android APK

Web API Viewer

Mobile Security Framework (MobSF) Web API Viewer xploitlab

Documentation

e-Learning Courses & Certifications


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

19 + 14 =