This post is regarding How to setup and use Mobile Security Framework(MobSF).
- Python 2.7,
- Oracle JDK 1.7 or above.
After this installation follows this steps.
Step 1: Search Mobile Security Framework. Download this Files.
Step 2: Open that File.
Step 3: Open Command Prompt in that file location.
Step 4: Type C:\Python27\python.exe -m pip install -r requirements.txt or python pip install and Press Enter.
Step 5: Output is like this.
Step 6: End of that. Type C:\Python27\python.exe manage.py runserver PORT_NOor python manage.py runserver PORT_NO and Press Enter.
Step 7: Copy this link.
Step 8: Open Browser and Paste here.
Step 9: Output is like this.
Step 10: Then download any APK file am download here Whatsapp APK. so, search Whatsapp APK download.
Step 11: Click on this link, then its automatically download.
Step 12: Click on Upload & Analysis.
Step 13: Select that APK file and Click Open.
Step 14: Its take some time. So please wait.
This is final Output. You can see here Information tab here you can be to view all the information like total no of Activities, Services, Receivers, Providers.
Next, Scan Options here you can able to get all the Java and Smali codes separately.
Next, Signer Certificate, this is a certificate for this generate Signer APK.
Next, Permissions, here we get all the permissions list and severity of permission also.
Next, Binary Analysis, this is show Severity of compile-time files.
Next, Android API here you get all WebView GET Request.
Next, Browsable Activities here you get all the Browsable Activities.
Next, we see about Security Analysis it contains,
- Manifest Analysis
- Code Analysis
- File Analysis
This is Mainfest Analysis.
This is Code Analysis.
This is File Analysis.
Next, we see about Malware Analysis it contains,
- Dex Malware Analysis
- Domain Malware Check
Thi is Dex Malware Analysis.
This is Domain Malware Check.
Next, we see about Reconnaissance it contains,
Here, you can get all URLs.
Here, you can get all Emails.
Here, you can get all Strings.
Next, we see about Components it contains,
Here, you can get all Activities in detail.
Here, you can get all Services in detail.
Here, you can get all Receivers in detail.
Here, you can get all Providers in detail.
Here, you can get all Libraries in detail.
Here, you can get all Files in detail.