Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
https://github.com/MobSF/Mobile-Security-Framework-MobSF
MobSF Documentation: https://mobsf.github.io/docs/#/
Linux requirements:
- Install Git:
sudo apt-get install git - Install Python 3.8-3.9:
sudo apt-get install python3.8 - Install JDK 8+:
sudo apt-get install openjdk-8-jdk - Install the following dependencies:
sudo apt install python3-dev python3-venv python3-pip build-essential libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev wkhtmltopdf
For the Dynamic Analyzer to run, Genymotion and Android Studio Emulator can be used.
(According to the framework documentation the prefered option is Genymotion)
Installation:
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
./setup.shRunning:
./run.sh 127.0.0.1:8000
In your web browser, navigate to http://localhost:8000/ to access MobSF web interface.
To test the Framework, this vulnerable Android app can be used:
https://github.com/dineshshetty/Android-InsecureBankv2
Possible Errors:
# TypeError: expected str, bytes or os.PathLike object, not NoneType on file: /usr/lib/python3.8/genericpath.py
Workaround:
$ sudo nano /usr/lib/python3.8/genericpath.py
st = os.stat(str(path))