To secure your information, you have to protect your own smartphone, because the easy way to spy on you all the time is with your smartphone. Attacker usually use malicious mobile applications to spy on your device. But with Mobile Security Framework (MobSF) you can detect the malicous application with static and dynamic analysis.
Overview
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.
MobSF is also bundled with Android Tamer and BlackArch
Features or Enhancements
- Dynamic Analysis Support for Genymotion Android VMs 4.1 -9.0 x86
- Improved Recent Scan
- Replaced CapFuzz with HTTPtools
- Automatic MobSFy with Xposed and Frida
- Streaming logcat
- Live API Monitor
- Better SQlite DB View
- Inbuilt Frida scripts for basic tasks
- Custom Frida Script support
- Frida Log Viewer
- UI Changes
- Browser PDF print support
- Updated Tools
- Baksmali performance improvements
- Improved malware domain check
- Multi OS Travis Support
- Code QA
Requirements
Static Analysis
- Git, Python 3.6+, JDK 8+
- Mac OS users, install command-line tools. OS Mojave and above, install headers:
sudo installer -pkg /Library/Developer/CommandLineTools/Packages/macOS_SDK_headers_for_macOS_10.14.pkg -target /
- Ubuntu/Debian based Linux:
sudo apt install python3-venv python3-pip python3-dev build-essential \ libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev
- Windows users, install Microsoft Visual C++ Build Tools and OpenSSL
- Windows App Static analysis requires a Windows Host or Windows VM for Mac and Linux. More Info
NOTE:
- Set
JAVA_HOMEenvironment variable. - iOS IPA Analysis works only on Mac, Linux and Docker containers.
Installation
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git cd Mobile-Security-Framework-MobSF ./setup.sh # For Linux and Mac setup.bat # For Windows
Screenshots
Static Analysis – Android APK
Static Analysis – iOS IPA
Dynamic Analysis – Android APK
Web API Viewer
Documentation
e-Learning Courses & Certifications
- Automated Mobile Application Security Assessment with MobSF -MAS (Currently being updated)
- Android Security Tools Expert -ATX
