Mobile Security Framework (MobSF)

Version: v3.8 beta

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF supports mobile app binaries (APK, XAPK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.

Made with Love in India

GitHub closed issues

MobSF is also bundled with Android Tamer, BlackArch and Pentoo.

Support MobSF

If you liked MobSF and find it useful, please consider donating.

It's easy to build open source, try maintaining a project once. Long live open source!

Documentation

Quick setup

docker pull opensecurity/mobile-security-framework-mobsf:latest
docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest

Try MobSF Static Analyzer Online: mobsf.live
MobSF in CI/CD: mobsfscan
Conference Presentations: Slides & Videos
MobSF Online Course: OpSecX MAS
What's New: See Changelog

Collaborators

Ajin Abraham india | Magaofei china | Matan Dobrushin israel | Vincent Nadal france

e-Learning Courses & Certifications

MobSF Course Automated Mobile Application Security Assessment with MobSF -MAS

Android Security Tools Course Android Security Tools Expert -ATX

MobSF Support

Free Support: Free limited support, questions, help and discussions, join our Slack channel
Enterprise Support: Priority feature requests, live support & onsite training, see

Contribution, Feature Requests & Bugs

Read CONTRIBUTING.md before opening bugs, feature requests and pull request.
For Project updates and announcements, follow @ajinabraham or @OpenSecurity_IN.
Github Issues are only for tracking bugs and feature requests. Do not post support or help queries there. We have a slack channel for that.

Static Analysis - Android

mobsf_android_static_analysis

Static Analysis - Android Source Tree-view

mobsf_android_static_analysis_tree_view

Static Analysis - iOS

mobsf_ios_ipa_static_analysis

Dynamic Analysis - Android APK

mobsf_dynamic_analysis

Web API Viewer

mobsf_web_api_fuzzing_with_burp

Past Collaborators

Dominik Schlecht

Honorable Contributors

Amrutha VC - For the new MobSF logo
Dominik Schlecht - For the awesome work on adding Windows Phone App Static Analysis to MobSF
Esteban - Better Android Manifest Analysis and Static Analysis Improvement.
Matan Dobrushin - For adding Android ARM Emulator support to MobSF - Special thanks goes for cuckoo-droid
Shuxin - Android Binary Analysis
Abhinav Saxena - (@xandfury) - For Travis CI and Logging integration
Netguru (@karolpiateknet, @mtbrzeski) - For iOS Swift support, Rule contributions and SAST refactoring.
Maxime Fawe - (@Arenash13) - For Matching Strategy implementation of SAST pattern matching algorithms.

Shoutouts

Abhinav Sejpal (@Abhinav_Sejpal) - For poking me with bugs, feature requests, and UI & UX suggestions
Anant Srivastava (@anantshri) - For Activity Tester Idea
Anto Joseph (@antojoseph) - For the help with SuperSU
Bharadwaj Machiraju (@tunnelshade) - For writing pyWebProxy from scratch
Rahul (@c0dist) - Kali Support
MindMac - For writing Android Blue Pill
Oscar Alfonso Diaz - (@OscarAkaElvis) - For Dockerfile contributions
Thomas Abraham - For JS Hacks on UI
Tim Brown (@timb_machine) - For the iOS Binary Analysis Ruleset
Shanil Prasad (@Rajuraju14) - For improving iOS ATS Analysis
Jovan Petrovic (@JovanPetrovic) - For sponsoring a server to host mobsf.live

Project Name	Stars	Repos Using This	Packages Using This	Most Recent Commit	Total Releases	Latest Release	Open Issues	License	Language
X64dbg	42,138			3 days ago			571	other	C++
An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis.
Mobile Security Framework Mobsf	15,413			a day ago	13	August 28, 2023	11	gpl-3.0	JavaScript
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Trufflehog	12,856	6	6	12 hours ago	42	April 28, 2021	198	agpl-3.0	Go
Find and verify credentials
Android Security Awesome	7,325			14 days ago			3	apache-2.0	Shell
A collection of android security related resources
Mobileapp Pentest Cheatsheet	4,158			2 months ago			13
The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.
Bap	1,904			18 days ago			40	mit	OCaml
Binary Analysis Platform
Enlightn	833		1	21 days ago	37	November 17, 2023	2	other	PHP
Your performance & security consultant, an artisan command away.
Jackhammer	599			5 years ago			70	other	Java
Jackhammer - One Security vulnerability assessment/management tool to solve all the security team problems.
Habomalhunter	567			4 years ago			6	other	Python
HaboMalHunter is a sub-project of Habo Malware Analysis System (https://habo.qq.com), which can be used for automated malware analysis and security assessment on the Linux system.
Packj	538			3 months ago	15	February 01, 2023	9	agpl-3.0	Python
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain

Mobile Security Framework Mobsf