Mobile Security Framework

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android, iOS and Windows Mobile Applications and supports both binaries (APK, IPA & APPX ) and zipped source code. MobSF can also perform Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.

Screenshots

Static Analysis – Android APK

Static Analysis – iOS IPA

Static Analysis – Windows APPX

Dynamic Analysis – Android APK

Web API Fuzzer

Changelog v3.4.3

• Features or Enhancements
  • Android Dynamic Analysis TLS/SSL Security Tester
  • Dynamic Analysis without Static Analysis
  • Support Dynamic Analysis of third party apps in VM/AVD
  • Download and perform static analysis of third party apps from VM/AVD
  • Dynamic Analysis enhancement to preserve app config/data
  • Improved SSL Pinning Bypass script
  • Added Intent dumper auxiliary Frida script
  • Added an auxiliary method bypass template script
  • Security Hardening
  • Addressing LGTM issues and QA
  • Android Permissions Mapping update and Typo fix
  • VirusTotal Code QA
  • Refactored Logcat log viewer to show only app specific logs
  • Xposed Improvements and updates of agents
  • Updated frontend libraries for CodeMirror and EnligherJS
  • New REST API exposed for TLS/SSL tests
  • General Code QA
• Bug Fixes
  • Fixed Windows Setup script
  • Fixed typo and incomplete description in Android permission mapping

Download & Tutorial

Copyright (C) 2015 Ajin Abraham