Mobile Security Framework (MobSF)

Version: v2.0 beta

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.

Made with in India

MobSF is also bundled with Android Tamer and BlackArch

Buy us a Coffee!

Your generous donations will keep us motivated.

Paypal:

Bitcoin:

Documentation

• See MobSF Documentation

MobSF Static Analyzer Docker Image

Automated prebuilt docker image of MobSF Static Analyzer is available from DockerHub

docker pull opensecurity/mobile-security-framework-mobsf
docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest

Other docker options: MobSF Docker Options

Collaborators

• Ajin Abraham
• Dominik Schlecht
• Magaofei
• Matan Dobrushin
• Vincent Nadal

Presentations

• OWASP APPSEC EU 2016 - Slides, Video
• NULLCON 2016 - Slides
• c0c0n 2015 - Slides
• G4H Webcast 2015 - Video

e-Learning Courses & Certifications

• Automated Mobile Application Security Assessment with MobSF -MAS (Currently being updated)
• Android Security Tools Expert -ATX

What's New?

• See Changelog

Contribution, Feature Requests & Bugs

• Read CONTRIBUTING.md before opening bugs, feature requests and pull request.
• Feature Requests: @ajinabraham or @OpenSecurity_IN.
• For discussions, questions and support, use our Slack Channel mobsf.slack.com: Join MobSF Channel
• Open Bugs after reading Guidelines to Report a Bug

Screenshots

Static Analysis - Android APK

Static Analysis - iOS IPA

Dynamic Analysis - Android APK

Web API Viewer

Credits

• Abhinav Sejpal (@Abhinav_Sejpal) - For poking me with bugs, feature requests, and UI & UX suggestions.
• Amrutha VC (@amruthavc) - For the new MobSF logo
• Anant Srivastava (@anantshri) - For Activity Tester Idea
• Anto Joseph (@antojosep007) - For the help with SuperSU.
• Bharadwaj Machiraju (@tunnelshade_) - For writing pyWebProxy from scratch
• Dominik Schlecht - For the awesome work on adding Windows Phone App Static Analysis to MobSF
• Esteban - Better Android Manifest Analysis and Static Analysis Improvement.
• Matan Dobrushin - For adding Android ARM Emulator support to MobSF - Special thanks goes for cuckoo-droid, I got inspired by their code and idea for this implementation.
• MindMac - For writing Android Blue Pill
• Rahul (@c0dist) - Kali Support
• Shuxin - Android Binary Analysis
• Thomas Abraham - For JS Hacks on UI.
• Tim Brown (@timb_machine) - For the iOS Binary Analysis Ruleset.
• Oscar Alfonso Diaz - (@OscarAkaElvis) - For Dockerfile contributions
• Abhinav Saxena - (@xandfury) - For Travis CI and Logging integration