Mobile Security Framework (MobSF)

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

https://github.com/MobSF/Mobile-Security-Framework-MobSF

MobSF Documentation: https://mobsf.github.io/docs/#/

Linux requirements:

  • Install Git: sudo apt-get install git
  • Install Python 3.8-3.9: sudo apt-get install python3.8
  • Install JDK 8+: sudo apt-get install openjdk-8-jdk
  • Install the following dependencies:
    sudo apt install python3-dev python3-venv python3-pip build-essential libffi-dev libssl-dev libxml2-dev libxslt1-dev libjpeg8-dev zlib1g-dev wkhtmltopdf

For the Dynamic Analyzer to run, Genymotion and Android Studio Emulator can be used.
(According to the framework documentation the prefered option is Genymotion)

Installation:

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
./setup.sh

Running:

./run.sh 127.0.0.1:8000

In your web browser, navigate to http://localhost:8000/ to access MobSF web interface.

To test the Framework, this vulnerable Android app can be used:
https://github.com/dineshshetty/Android-InsecureBankv2

Possible Errors:

# TypeError: expected str, bytes or os.PathLike object, not NoneType on file: /usr/lib/python3.8/genericpath.py

Workaround:

$ sudo nano /usr/lib/python3.8/genericpath.py

st = os.stat(str(path))