Mobile Security Framework (MobSF)
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.
Buy us a Coffee!
Your generous donations will keep us motivated.
MobSF Static Analyzer Docker Image
Automated prebuilt docker image of MobSF Static Analyzer is available from DockerHub
docker pull opensecurity/mobile-security-framework-mobsf docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
Other docker options: MobSF Docker Options
- OWASP APPSEC EU 2016 - Slides, Video
- NULLCON 2016 - Slides
- c0c0n 2015 - Slides
- G4H Webcast 2015 - Video
e-Learning Courses & Certifications
- Automated Mobile Application Security Assessment with MobSF -MAS (Currently being updated)
- Android Security Tools Expert -ATX
Contribution, Feature Requests & Bugs
- Read CONTRIBUTING.md before opening bugs, feature requests and pull request.
- Feature Requests: @ajinabraham or @OpenSecurity_IN.
- For discussions, questions and support, use our Slack Channel mobsf.slack.com: Join MobSF Channel
- Open Bugs after reading Guidelines to Report a Bug
Static Analysis - Android APK
Static Analysis - iOS IPA
Dynamic Analysis - Android APK
Web API Viewer
- Abhinav Sejpal (@Abhinav_Sejpal) - For poking me with bugs, feature requests, and UI & UX suggestions.
- Amrutha VC (@amruthavc) - For the new MobSF logo
- Anant Srivastava (@anantshri) - For Activity Tester Idea
- Anto Joseph (@antojosep007) - For the help with SuperSU.
- Bharadwaj Machiraju (@tunnelshade_) - For writing pyWebProxy from scratch
- Dominik Schlecht - For the awesome work on adding Windows Phone App Static Analysis to MobSF
- Esteban - Better Android Manifest Analysis and Static Analysis Improvement.
- Matan Dobrushin - For adding Android ARM Emulator support to MobSF - Special thanks goes for cuckoo-droid, I got inspired by their code and idea for this implementation.
- MindMac - For writing Android Blue Pill
- Rahul (@c0dist) - Kali Support
- Shuxin - Android Binary Analysis
- Thomas Abraham - For JS Hacks on UI.
- Tim Brown (@timb_machine) - For the iOS Binary Analysis Ruleset.
- Oscar Alfonso Diaz - (@OscarAkaElvis) - For Dockerfile contributions
- Abhinav Saxena - (@xandfury) - For Travis CI and Logging integration