In today’s detailed article, we will install and use MobSF aka Mobile Security Framework on Kali Linux. Then we can run digital forensic tests on any mobile application (Android, iPhone, and Windows) and learn much more about it. This will be very beneficial for digital forensics experts and ethical hackers.
Needless to say, we live in a digital era and attacks on our digital life come from everywhere. Mobile devices have a lot to do with this. Attackers and bad guys are doing their best to attack our mobile devices.
They create malicious apps, attach payloads to our favorite apps, create modified apps (the juicy ones) and insert spyware codes into them.
We must be very careful before downloading any application from third-party websites. Sometimes we can’t even trust app stores. Apps like Stalkerware have been banned from the Google Play Store for spying on users.
We use a lot of mobile apps on our Android and iPhone devices. It is not possible to check every line of every third-party application we use. Sometimes we can counter an unknown application and need to know “Is it safe?”
In that case, we can use MobSF. MobSF stands for Mobile Security Framework. We can analyze Android, iOS, and Windows mobile applications using the Mobile Security Framework. This automated open-source tool is built using the Python3 language.
Mobile Security Framework has a web-based GUI (Graphical User Interface) that makes it so practical and easy. Let’s see how we can install and run it on our Kali Linux system.
How does MobSF work?
Some of the security issues can be represented as a regular expression or a string. For example, you can find the use of weak hashes like MD5 with “CC_MD5”; MobSF looks for such patterns. Unfortunately, we can’t address all security issues this way, so please keep in mind that MobSF is no substitute for real security checks. However, you can use it to check for some issues or to support the security review process.
What does MobSF control?
We analyzed the OWASP Mobile Application Security Verification Standard and the OWASP Mobile Security Testing Guide to get as many patterns as possible. To see all Swift checks, please see the swift_rules and common_rules files. You can also look at the objc_rules file for Objective-C checks. Binary parsing rules can be found in the api_rules file.
Security Tools :
The security tools we want to use can be divided into the following categories.
- Static Analysis (SAST)
- Dynamic Analysis (DAST)
- Open Source Intelligence (OSINT)
- Offensive Scan Tools (IAST)
Each category or bucket can have anywhere from 6 to 12 tools to run against the mobile app depending on whether it is an Android APK or an iOS IPA. Some tools run on both platforms, like MobSF, and some don’t, like Quark (Android) and PassionFruit (iOS).
- Install Git
- Install Python3
- Install venv
- Install JDK 8+
Installation & Setup
This tool is available for Windows, Mac, and Linux. Windows have setup.bat and run.bat files, but Mac and Linux users can follow our article. We need to run the setup.sh file.
Installation – Cloud Shell
Google Cloud Shell is an online bash-based shell of Debian.    The free category (integrated with all Gmail accounts) includes 1.7 gigabytes of random access memory and a 5 gigabyte home directory. Aside from local and root scripts, Cloud Shell’s environment is ever-changing
Click and Open Google Cloud Shell and Follow All Linux Step
Install for Linux OS :
Step_1:- This tool is made in Python language, we will install some basic Requirements Packages of Python, after which no errors appear during the installation time. by using the following command
Step_2:- Next, we will install Mobile Security Framework using its git clone to install it on your Linux system. we need to clone it from its GitHub repository using the following command:
After using this command, Mobile Security Framework will be cloned to our system. It’s a big tool (around 300 MB) so it will take some time depending on our internet speed.
After cloning the tool, we just open the tool directory using the cd command:
Now we can see the files using the ls command:
Step_3:- This tool is available for Windows, Mac, and Linux. Windows have setup.bat and run.bat files, but Mac and Linux users can follow our article. We need to run the setup.sh file.
To run the setup.sh file, we run the following command:
This command will install all necessary dependencies to run Mobile Security Framework as we can see in the following step.
it may also take a few minutes to set up depending on our internet speed.
Step_4:- Once the installation is complete, we can use this tool using the run.sh command. As we said earlier that this is a web tool, and we need to run it on our localhost server. To run it on our localhost with port 8000 (we can use any other port) use the following command:
And the Mobile Security Framework will be running on 127.0.0.1:8080 as we can see in the following step:
If we just run the ./run.sh command without any localhost IP address and port, it will start at 0.0.0.0:8000 by default.
Now we can navigate to the localhost link using our browser and in the following screenshot, we can see that the Mobile Security Framework is running. We like the color theme of the main screen.
Here we upload any mobile application (APK, IPA & APPX). We can use drag & drop or click and select to upload a file.
Here for example we have a malicious APK file on our desktop.
Now we drag it to the Mobile Security Framework and the toolkit started analyzing our APK file as we can see in the following screenshot
Analyzing the application takes less than a few minutes. After the analysis is finished, it will show us the result in front of us, as we can see in the following screenshot:
Now we can see all the scan results. Here we can see different scan results. We can see file information and application information at the top and a lot of other things.
We can also see the decompiled codes using MobSF (Mobile Security Framework) as shown in the following screenshot:
From AndroidMainfest.xml we can see the permissions required by the application.
Inside the source code, we can get the Payload.java file and we have a chance to get the IP address of the attacker from it.
That’s the basics, there’s a lot to explore on this Mobile Security Framework. If we invest a little time, we can explore more in this amazing framework more.
Mobile Security Framework is a tool for digital forensic analysis of mobile applications. This is updated and very popular among digital forensics experts and ethical hackers.
Web Install :
Those who don’t have Linux and a computer can see it by opening the link in any browser.
Using Android User :
💥 Link: https://mobsf.live/
We were recently approached with a much longer list of applications to analyze. I’m not a big fan of automating the security process because I think that’s one area where humans are much better than machines at finding exploits.
However, finding good security engineers is not easy. So it seems we have no alternative as we cannot adapt our staff to meet these new demands.
You need the experience to know where to look and what tools to use. You have to be able to see where a small crack can be used to create a much bigger breach, and ultimately you have to be ridiculously stubborn to never let the app beat you. This skill set is very hard to find. There is also a timing issue as each audit takes at least 5 days.
So what happens when the number of tools increases and the number of applications you have to look at explodes? In this blog, I will talk about how we automated some of the analysis to speed up the process. We still use our engineers to look at the output of the tools, but we automate how and when the tools run so the wait is minimal.
As you can see, using MobSF locally is quite easy. Its integration with CI requires more work, but it will check every change you make. I believe we have gained a great Swift security analysis tool and our iOS team has gained a lot of knowledge. I encourage you to donate; MobSF is a great tool and with your help it can be even better.