Mobile Application Penetration Testing with MobSF

Subscribe to my youtube channel for more videos here:

What is MobSF?

As per their Github link :

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic, and malware analysis. It can be used for effective and fast security analysis of Android, iOS, and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless.

How to Configure MobSF

If you have a docker installed, up and running just use below command :


docker pull opensecurity/mobile-security-framework-mobsf 

docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest 

Running and doing static analysis of MobSF

- On running the above command MobSF will open in a browser on http://0.0.0.0:8000/ localhost.

- Drag and drop the APK/ipa file 

- MobSF will start doing the Static Analysis

Analyzing Report

Once the analysis of the file is complete you will get the result along with the potential issue that can be there in the app.

Dig out about them in detail and seek developers' help about how we can avoid these vulnerabilities.

Conclusion

Quite a user friendly and easy to use interface will surely be going to make you go-go.

It can be easily integrated with most of the CI/CD available in the market.

You can also download the PDF and share it with the concerned stakeholder.