Mobile Security Framework MobSF Versions Save

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.

v3.2.9

3 years ago

You can now install mobsf from pypi https://pypi.org/project/mobsf/ provided you have installed all the requirements in documentation.

python3 -m venv venv
source venv/bin/activate

pip wheel --wheel-dir=yara-python --build-option="build" --build-option="--enable-dex" git+https://github.com/VirusTotal/[email protected]
pip install --no-index --find-links=yara-python yara-python

pip install mobsf
mobsfdb # migrate database
mobsf 127.0.0.1:8000 # run mobsf

v3.2.9 Beta Changelog

  • Bug Fixes
    • MobSF python package fix

v3.2.8

3 years ago

v3.2.8 Beta Changelog

  • Features or Enhancements

    • OWASP MSTG Mapping to Rules
    • Python 3.9 support
    • Prebuilt DEX enabled yara-python wheels
    • Dynamic Downloading of frida-server binary
    • Code QA

  • Bug Fixes

    • Windows APPX bug fix

v3.2.6

3 years ago

IMPORTANT - IF YOU ARE UPDATING MOBSF

This release has database model changes. To update see: https://mobsf.github.io/docs/#/updating This release has a breaking change. Please rescan all existing scans after the update. Add &rescan=1 to the scan URL to perform rescan.

v3.2.6 Beta Changelog

  • Features or Enhancements

    • Added Support for Android 10 Dynamic Analysis
    • Published new REST APIs for Dynamic Analysis
    • New Source Tree Browser for Android Static Analysis
    • Improved Binary and Shared Object Analysis with LIEF
    • Added Support for NIAP v1.3
    • Added a world map UI plotting server locations
    • Added Maltrail Domain Check
    • Improved Android Permission Analysis
    • iOS Objective C Rule improvements
    • Android Kotlin Rule improvements
    • MobSF now available as a python package and published to pypi
    • Migrated CI from Travis to Github Action
    • Improved File Magic Check on Uploads
    • Post Install Check script
    • Static Analysis Hardcoded Secrets Section from strings.xml
    • Updated Dependencies
    • Custom Header for REST API Key

  • Bug Fixes

    • Fixed Install Verification bug on older Android versions
    • Fix a Regex DoS in rule
    • Fixed IPA Static Analysis Bug
    • Minor PDF template fix

v3.1.1

3 years ago

IMPORTANT - IF YOU ARE UPDATING MOBSF

This release has database model changes. To update see: https://mobsf.github.io/docs/#/updating This release has a breaking change. Please rescan all existing scans after the update. Add &rescan=1 to the scan URL to perform rescan.

v3.1.1 Beta Changelog

  • Features or Enhancements

    • Added Support for Android Network Security Config Analysis
    • Replace SAST core with libsast
    • Support for line numbers in source code
    • Replaced Code Viewer with EnlighterJS
    • Kotlin source scan support
    • Improved Certificate Analysis
    • Genymotion Cloud Support
    • Support Android Emulator AVD x86, ARM, ARM64
    • Verify Dynamic Analysis APK Installation
    • Dynamic Analysis: Support APK with test package requirements
    • Automatic MobSFy on Frida binary update
    • Expose App result compare REST API and Update REST API Docs
    • Clean up MobSF proxy on exit
    • IPA Binary Regex QA
    • Optimize Root Checking Frida Script
    • Environment Checks to see if API Level is supported and /system is writable
    • Prebuilt dex enabled yara-python and improved setup, tox, tests
    • Added Chinese documentation
    • Reduce Docker image size
    • Improved Postgresql Docker Support
    • Android Dynamic Analysis QA
    • Update Dependencies

  • Bug Fixes

    • Android Rule Fixes
    • Fixed API Monitor which was broken from Frida 12.8.19
    • Fixed iOS ATS bug
    • Fix Black PDF background issue
    • LGTM Scan Code QA

  • Security

    • Fixed Regex DoS in Email Extraction
    • Fixed insecure Default Bind to 0.0.0.0

v3.0.5

4 years ago

IMPORTANT - IF YOU ARE UPDATING MOBSF

This release have database model changes. To update see: https://mobsf.github.io/docs/#/updating

v3.0.5 Beta Changelog

  • Features or Enhancements

    • iOS Swift Source Code Support
    • Improved iOS Swift and Objective C rules
    • OWASP MASVS/MSTG Standard Support
    • Brand New PDF Reports
    • Improved SAST Core
    • Improved iOS Application Transport Security Checks
    • Improved iOS Permission Checks
    • Added IP to Geolocation Feature for Domain Malware Check
    • URL and IP extraction from IPA
    • App Risk Calculation from App Security Score
    • Improve Recent Scan View
    • Add Jtool2 support
    • Code QA
    • New Docs Site

  • Bug Fixes

    • Classdump bug fixes
    • Geolocation bug fixes

v3.0.1

4 years ago

IMPORTANT - IF YOU ARE UPDATING MOBSF

v3.0.1 Beta Changelog

  • Features or Enhancements

    • Simplified REST API
    • Improved Android App Name detection
    • Dynamic Analysis proper Root CA naming
    • Changes to Support Android x86 Docker
    • Dependency updates
    • Code QA

  • Bug Fixes

    • Handle Invalid ATS domain entries iOS
    • Fixes a Template Bug

v3.0.0

4 years ago

IMPORTANT - IF YOU ARE UPDATING MOBSF

This is a major release and has changes to database models and REST API schemas.

  • Run setup.sh or setup.bat depending on your OS.

v3.0.0 Beta Changelog

  • Features or Enhancements

    • OWASP Mobile Top 10 2016 is supported
    • Major UI Update for MobSF
    • Major Schema changes to rest API
    • iOS URLs Scheme
    • iOS ATS Analysis improved
    • New iOS Static Analysis Rules
    • New iOS Static Analysis Rules
    • New Android Manifest Analysis Rules
    • Updated dependencies
    • Optimized Windows Setup
    • Updated Scoring mechanisms
    • Improved Tracker detection
    • Remove Global Proxy after dynamic analysis
    • Android Permission database update
    • Added Play with Docker support
    • AppMonsta support
    • Code QA

  • Bug Fixes

    • Fix Security issue #1197 (Directory Traversal)
    • iOS Static Analyzer fixes
    • Typo Fix
    • Moved to oscrypto and distro
    • Windows binscope bug fix
    • Reduce False positives

v2.0.0

4 years ago

IMPORTANT - IF YOU ARE UPDATING MOBSF

This release have database model changes and core framework changes.

  • Run setup.sh or setup.bat depending on your OS.
  • Migrate Database 
    python manage.py makemigrations
python manage.py makemigrations StaticAnalyzer
python manage.py migrate

v2.0.0 Beta Changelog

  • Features or Enhancements

    • Dynamic Analysis Support for Genymotion Android VMs 4.1 -9.0 x86
    • Improved Recent Scan
    • Replaced CapFuzz with HTTPtools
    • Automatic MobSFy with Xposed and Frida
    • Streaming logcat
    • Live API Monitor
    • Better SQlite DB View
    • Inbuilt Frida scripts for basic tasks
    • Custom Frida Script support
    • Frida Log Viewer
    • UI Changes
    • Browser PDF print support
    • Updated Tools
    • Baksmali performance improvements
    • Improved malware domain check
    • Multi OS Travis Support
    • Code QA

  • Bug Fixes

    • Typo Fix
    • Reduce False positives

v1.1.6

4 years ago

IMPORTANT - IF YOU ARE UPDATING MOBSF

This release have database model changes and core framework changes.

  • Run setup.sh or setup.bat depending on your OS.
  • Migrate Database 
    python manage.py makemigrations
python manage.py makemigrations StaticAnalyzer
python manage.py migrate

v1.1.6 Beta Changelog

  • Features or Enhancements

    • 70x performance improvements for large APKs
    • CVSS, CWE tagging with results
    • Trackers Detection
    • App Store/ Playstore Details of supported packages
    • Added Security Score, Average CVSS Score, VirusTotal & Tracker Detection
    • Coloured logging
    • Better Logging and Exception Handling
    • Travis CI/CD integration
    • Optimized & Updated Dockerfile
    • Super fast java decompiling with JADX
    • Large scale Code QA
    • Enforced mandatory code linting
    • Integrated automated travis tests in Linux and OSX
    • Moved to proper production servers Gunicorn & Waitress
    • Improved icon detection
    • Android APK app real name
    • Moved from Oracle JDK to OpenJDK
    • Reduce False Positives
    • Enforced Least privilege mode
    • Improved Setup scripts
    • Moved to androguard based certificate printing
    • File less local db updates for better cross platform support
    • Static Analyzer rule updates and accuracy improvement
    • REST API - Recent Scans
    • classdump support for iOS swift binaries
    • Updated dependencies
    • SonarCloud Integration

  • Bug Fixes

    • Fixed bug in Appx Analysis
    • Dynamic Analysis Bug Fix
    • Fix plist bug in iOS SCA
    • Performance Improvements

v1.0.3Beta

5 years ago

IMPORTANT - IF YOU ARE UPDATING MOBSF

  • This release have database model changes. Read Updating MobSF
  • Run setup.sh or setup.bat

v1.0.3 Beta Changelog

  • Features or Enhancements

    • Android APK Scan Results Diffing Support
    • VirtualBox VM Headless mode
    • UI Changes
    • Improved Android icon analysis
    • CapFuzz for API Fuzzing
    • JSON Report REST API
    • Dependency Updates
    • Code QA and Refactoring
    • More unit tests
    • Update 3rd party tools
    • Improved APKiD Scans
    • Added Basic Environment Checks on first run
    • Docker support for PostgreSQL
    • Improved REST APIs
    • Android AVD 6 Support (Broken)
    • iOS IPA Analysis support in Linux
    • Improved Form Handling
    • REST API CORS Support
    • Improved Plist Parsing
    • Removed Faulty Binary Analysis
    • Improved Manifest Analysis
    • Updated Android Permission Mappings
    • New Setup and Run scripts for easy installation and usage
    • Updated Dockerfile
    • Multi Dex Support
    • Upstream Proxy Support
    • Improved String Extraction for Android

  • Bug Fixes

    • Fixed manifest view
    • Performance improvements
    • Find Java Bug fixes
    • Fixed APK String extraction
    • Fixed Regression Bug
    • Fixed Byte Bug