Offensive Security Tool: Mobile Security Framework (MobSF)
Reading Time: 4 Minutes
Mobile Security Framework (MobSF)
Performing Pentesting on Mobile Application by the Red Team means you are dealing with either APK (Android), IPA (IOS), or EXE (Windows), you need to have a vast knowledge of how you can perform not only automated tests and attacks but also Dynamic, which requires a special setup and specific tools, with special knowledge on how you can look under the hood within the source code itself, trying to find various range of vulnerabilities.
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF supports mobile app binaries (APK, XAPK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline. The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing.
See Also: OSINT Tool: Metabigor
Documentation
- Try MobSF Static Analyzer Online: mobsf.live
- MobSF in CI/CD: mobsfscan
- Conference Presentations: Slides & Videos
- What’s New: See Changelog
Static Analysis – Android
Static Analysis – Android Source Tree-view
Static Analysis – iOS
Dynamic Analysis – Android APK
Web API Viewer
See Also: The Difference between Vulnerability Assessment and Pentesting