Mobile-Security-Framework (MobSF)

Penetration testing on mobile applications (iOS, Android).

For the Dynamic Analyzer, use Android Studio Emulator. See Android.

Installation – Docker Container

Prerequisites

Start Docker service

sudo service docker start

Pull the MobSF docker image

sudo docker pull opensecurity/mobile-security-framework-mobsf

Run container (no proxy)

sudo docker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest

Run container (with proxy, to validate)

sudo docker run -e "HTTP_PROXY=${HTTP_PROXY}" -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
# sudo docker run --net host -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest

Access the web application

http://127.0.0.1:8000/ with default credentials mobsf/mobsf.

Installation in Kali

NOT WORKING

# Prereq: python 3.6 and pip, Oracle JDK 1.7
apt install python3-pip

cd /usr/bin
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
cd Mobile-Security-Framework-MobSF
./setup.sh


Installation of the 64-bit JDK on Linux Platforms
# Download Oracle JDK 1.7 (tar.gz file)
https://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-javase7-521261.html
jdk-7u80-linux-x64.tar.gz

# Install Oracle JDK 1.7
cd /usr/bin
mv /root/Downloads/jdk-7u80-linux-x64.tar.gz ./jdk-7u80-linux-x64.tar.gz
tar zxvf jdk-7u80-linux-x64.tar.gz
rm ./jdk-7u80-linux-x64.tar.gz

# Set Oracle JDK path
In ./MobSF/settings.py, change:
JAVA_DIRECTORY = "/usr/bin/jdk1.7.0_80/bin"
#PYTHON3_PATH = "/usr/bin/python3"
PYTHON3_PATH = "/usr/bin/Mobile-Security-Framework-MobSF/venv/bin/python3"

./scripts/clean.sh

# makemigrations, which is responsible for creating new migrations based on the changes you have made to your models.
/usr/bin/Mobile-Security-Framework-MobSF/venv/bin/python3 manage.py makemigrations

# migrate, which is responsible for applying migrations, as well as unapplying and listing their status.
/usr/bin/Mobile-Security-Framework-MobSF/venv/bin/python3 manage.py migrate

# If it didn't fix the issue
mv /usr/bin/Mobile-Security-Framework-MobSF/db.sqlite3 /usr/bin/Mobile-Security-Framework-MobSF/db.sqlite3.bak

# Run unit tests
/usr/bin/Mobile-Security-Framework-MobSF/venv/bin/python3 manage.py test

/usr/bin/Mobile-Security-Framework-MobSF/run.sh