Quick Tutorial: MobSF Installation on Linux/Windows
MobSF framework is an awesome tool for the security analysis of mobile applications. This tool supports both static and dynamic analysis. This tutorial covers MobSF installation on Linux-based distributions (e.g. Ubuntu) and Windows systems. Click Here if you are interested in the Top 15 Android Mobile App Penetration Testing Tools.
- MobSF Installation on Linux
- Step 1: Download the MobSF installer on the system
- Step 2: Change the directory by using the cd command
- Step 3: Run
- Easy Method: Install MobSF on Linux using docker
- Step1: Install docker
- Step 2: Install MobSF
- Step 3: Run MobSF
- MobSF Installation on Windows
- First Test Run
- Conclusion
MobSF Installation on Linux
Step 1: Download the MobSF installer on the system
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
If git is not installed on the machine,
sudo apt-get install git-all
Step 2: Change the directory by using the cd command
cd Mobile-Security-Framework-MobSF
Step 3: Run
./setup.sh
Got Error.
[ERROR] MobSF dependencies require Python 3.8/3.9. You have Python version 3.5.2 or python3 points to Python 3.5.2.
Update python to python3.9 by using the below commands:
sudo apt-get update mkdir ~/tmp cd ~/tmp wget https://www.python.org/ftp/python/3.9.0/Python-3.9.0.tgz tar -xvzf Python-3.9.0.tgz cd Python-3.9.0 ./configure sudo make install
Again Run.
./setup.sh
After successful installation. Shoot below command to run MobSF.
./run.sh 127.0.0.1:8000
Now, you can access MobSF by browsing http://localhost:8000/
Easy Method: Install MobSF on Linux using docker
Step1: Install docker
sudo apt install docker.io
Step 2: Install MobSF
sudo docker pull opensecurity/mobile-security-framework-mobsf
Step 3: Run MobSF
sudo docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
Now, access MobSF on the browser by URL http://127.0.0.1:8000
MobSF Installation on Windows
You need to install a lot of prerequisites to install MobSF. Although, the MobSF installer guides you to install different programs. I am also listing some prerequisites with a download link.
Click Here to download the python3.9 installer. After downloading, set up python by clicking on the binary.
In addition, Install OpenSSL non-light version.
Click Here to download Visual Basic and install it by clicking on the binary file.
We are using git utility to download and install MobSF. Click Here to Download git. After installation, click on the setup file and install it. To check the proper installation, open Terminal and type git.
Now, Install MobSF on Windows using simple 3 steps:
Step 1: Open Command Terminal. Download by using the git command or else you can download by browsing the URL.
git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF.git
Step 2: Change the folder
cd Mobile-Security-Framework-MobSF
Step 3: Install
setup.bat
Run MobSF
run.bat 127.0.0.1:8000
Access MobSF by browsing http://localhost:8000/
First Test Run
I have downloaded a vulnerable Android banking application by using this link and uploaded it to the tool. The tool will give you a report containing all possible vulnerabilities found in the vulnerable application. Security Analyst needs to verify all vulnerabilities provided by the tool and identify false positives.
Conclusion
MobSF is a versatile tool and helps in the early start of the analysis of mobile applications. You can start analysis just by uploading apk or ipa file on the tool and you get a set of possible issues in applications.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
Great tutorial! I’m glad I found it. I’m new to testing and this tutorial helped me understand the process of setting up MobSF on Linux/Windows. Thanks for sharing!
thanks for the well documented process, it worked perfectly! omw to cracking my apk!