Mobile Security Framework (MobSF) v0.9.2
Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android and iOS Applications and supports both binaries (APK & IPA) and zipped source code. MobSF can also perform Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.
Changelog v0.9.2 Beta
Features
- Drag and Drop support, allows upto 8 files in Web GUI
- Mass Static Analysis – Mass static analysis on a directory of app binaries or zipped source code
- Domain Malware check
- CFR Decompiler updated to 0_115
- Added Google Enjarify
- Added procyon decompiler
- Allows user to skip inbuilt android classes. (Performance improvement ~ 20%)
- Android Code signing certificate check
- Detect hardcoded Keystores
- Static Analyzer rules updated for Android and iOS
- Better Android Manifest analysis rule set
- Dynamic Analysis Base64 Decoding
- Support for Home Directory – Move all user created files and settings to Home directory
Bug Fix
- Dynamic Analyzer report print in Landscape mode
- Windows fix for command prompt color support
- Fixed Upper case file extension bug
- PDF Creator unicode error fixed
- Fixed manifest analyzer bug
- Ptrace API recommendation enhancement
More Information: here
[button size=large style=round color=red align=none url=https://github.com/ajinabraham/Mobile-Security-Framework-MobSF]Download MobSF v0.9.2[/button]
Thanks to our friend Ajin Abraham for sharing this tool with us 😉
