1. Documentation

Ajin Abraham edited this page Oct 20, 2018 · 102 revisions

Mobile Security Framework (MobSF) Configuration


Requirements

Static Analysis

NOTE:

  • On Linux and Mac, install Oracle Java 1.7 or above and make it the default one.
  • On Linux, make sure you have 32 bit execution support enabled.

Dynamic Analysis

  • If you are going to use MobSF x86 Android VM, it requires Oracle VirtualBox - VirtualBox Download.
  • If you are going to use MobSF Android AVD (ARM Emulator), It requires Android Studio and a configured AVD.
  • Hardware Requirements: Min 4GB RAM, 5GB HDD/SSD and Virtualization Support for running MobSF VM and Intel HAXM if you are running MobSF ARM Emulator.

Installation

Run MobSF Docker image

Lazy to setup Static Analysis? Use the latest MobSF docker image. (Dynamic analysis mostly need you to configure MobSF in host OS than inside a container.)

docker pull opensecurity/mobile-security-framework-mobsf
docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest

Configuring Static Analyzer

Tested on Windows (7, 8, 8.1, 10), Kali (2016.2), Ubuntu (14.04, 16.04) , OSX (Mavericks, Yosemite, El Capitan), OS (Sierra, High Sierra)

If you need Dynamic Analysis do not setup MobSF inside a VM or use Docker, set it up in your Host OS.

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
./setup.sh # For Linux and Mac
setup.bat # For Windows
PDF Report Generation
  • You need to install wkhtmltopdf binary separately for generating PDF reports.
  • Check wkhtmltopdf downloads and Installing wkhtmltopdf wiki for more information.
  • In Windows, you need to add the folder that contains wkhtmltopdf binary to environment variable PATH.

Running MobSF

  • For Linux and Mac: ./run.sh
  • For Windows: run.bat

If everything goes right, you will get an output like the one below.

Mobile Security Framework (MobSF) Running

You can navigate to http://localhost:8000/ to access the MobSF Web interface.

If you need to run on a specific port number try python manage.py runserver PORT_NO. To expose MobSF to a particular IP, you can try python manage.py runserver IP:PORT_NO. This needs to be executed from within the virtualenv.


Configuring Dynamic Analyzer

MobSF Dynamic Analysis currently supports Android and can be done in four ways.

  1. Dynamic Analysis with MobSF Android 4.4.2 x86 VirtualBox VM - default (Fast, not all Apps work)
  2. Dynamic Analysis with MobSF Android 4.1.2 arm Emulator - (Slow, Most Apps work) (Not Supported Anymore)
  3. Dynamic Analysis using a Rooted Android 4.03 - 4.4 Device (Very Fast, All Apps work)
  4. Dynamic Analysis using a Rooted Android 4.03 - 4.4 VM (not tested)

Updating MobSF

If you are updating MobSF, In most cases you might have to perform database migrations or you will see errors such as

[ERROR] Saving to DB (E:\Mobile-Security-Framework-MobSF\StaticAnalyzer\views\android\db_interaction.py, LINE 236 "static_db.save()"): table StaticAnalyzer_staticanalyzerandroid has no column named 

Run the below command to migrate your db

python3 manage.py makemigrations
python3 manage.py migrate

If the above changes didn't work, you might have to run clean.sh(present in scripts) in Mac/Linux. After that run the above commands.

NOTE: This will remove the previously saved MobSF scan results.


Disabled Components

Some components are disabled by default as they are experimental

APKiD

APKiD is disabled by default. Before enabling you will have to install the rednaga fork of yara-python.

git clone --recursive https://github.com/rednaga/yara-python-1 yara-python
cd yara-python
python3 setup.py build --enable-dex install

Enable APKiD in settings.py by setting APKID_ENABLED to True.

VirusTotal

VirusTotal Scan is disabled by default. You need to add your VirusTotal API Key before enabling it. If you don't have an API Key, Register at https://www.virustotal.com/#/join-us and access your API Key from https://www.virustotal.com/en/user/[username]/apikey/. In settings.py, add your API Key to VT_API_KEY and set VT_ENABLED to True

Mass Static Analysis

MobSF supports mass static analysis: Run Mass Static Analysis with MobSF

Using Postgres DB instead of SQLite:

How to Configure Postgres DB

Home Directory Support

If you want all user uploads, downloads and user configurations to be created in home directory, enable home directory support: Home Directory Support

Docker Image for MobSF Static Analysis

Dockerfile and Docker Image

REST API

MobSF REST API Docs: API Docs

CI/CD

MobSF CI/CD Pipeline

Running Tests

You can run all the unit tests with python manage.py test

You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.