Mobile Security Framework (MobSF) is an open-source, all-in-one mobile application (Android/iOS) pen-testing platform. It can be used for static, dynamic analysis and web API testing of mobile applications. It supports both binary and source code analysis and can be used to perform a variety of tasks including:
- Reverse engineering and decompiling of Android APK and iOS files
- Dynamic analysis of Android APK and iOS IPA files by using an emulator or by installing the mobile app on a real device
- Web API testing of mobile apps by using a proxy
- Scanning and finding vulnerabilities in the source code of mobile apps
- Generating reports with detailed information about the mobile app and its vulnerabilities
MobSF has a web-based user interface that allows users to easily upload and analyze mobile apps. It also has a REST API that can be used to integrate with other tools and automate mobile application testing.
Installation of MobSF on Kali Linux
I used the following steps to install and run MobSF on my Kali Linux.
Install Docker
sudo apt install docker.io
Install MobSF
sudo docker pull opensecurity/mobile-security-framework-mobsf
Run MobSF
sudo docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
Start MobSF on browser on 127.0.0.1:8080
┌──(kali㉿kali)-[/opt]
└─$ printf example.com | gau
https://www.example.com/?elqTrackId=39eeab9f88a4457185f7f0325a59ffc2&elq=acb0497316c94c28badacba861949145&elqaid=14298&elqat=1&elqCampaignId=6056
https://www.example.com/?test=1020c83f93de0c9d65aa209361eddd
https://www.example.com/?test=102c55c921257074da97ae3e31ccf0
http://example.com:8000/foo?bar=baz
https://example.com/repo.git/info/lfs
https://phab.example.com/
https://phab.example.com/D2
http://example.com/myFile.xml
http://example.com/MyText.txt