MobSF — Mobile Security Framework on Kali Linux

In today’s detailed article we are going to install and use MobSF aka Mobile Security Framework on Kali Linux. After that we can run digital forensics test on any mobile application (Android, iPhone & Windows) and know much more about it. This will be very beneficial for digital forensics experts and ethical hackers.

Needless to say that we are living on digital era, and attacks on our digital life comes from everywhere. Mobile devices are very responsible for that. Attackers and bad guys maximum time tries to attack on our mobile devices.

They are creating malicious applications, bind payloads on our favorite applications and creating modded applications (those are juicy) and insert spyware codes inside it.

We need to be very careful before downloading any application from a third-party websites. Sometime even we can’t trust on application stores. Apps like Stalkerware was banned from Google Play Store for spying on users.

We uses lots of mobile applications on our Android and iPhone devices. It is not possible to check every line of every third-party application we use. Sometimes we might counter with unknown application and we need to know “Is it safe ?”

In that case we can use MobSF. MobSF stands for Mobile Security Framework. We can analysis mobile applications of Android, iOS and Windows using mobile Security Framework. This automated open-source tool is created using Python3 language.

Mobile Security Framework has a Web-Based GUI (Graphical User Interface) that makes it so handy and easy. Let’s see how we can install and run it on our Kali Linux system.

First of all we need to clone it from it’s GitHub repository by using following command:

git clone https://github.com/MobSF/Mobile-Security-Framework-MobSF --depth=1

After applying this command Mobile Security Framework will be cloned on our system. It is a big tool (around 300MB) so it will take time depending on our internet speed.

After cloning the tool we just navigate inside it’s directory by using cd command:

cd Mobile-Security-Framework-MobSF

Now we can see the files by using ls command:

This tool is available for Windows, Mac and Linux. Windows have setup.bat and run.bat files but Mac and Linux user can follow our article. We need to run setup.sh file.

To run the setup.sh file we run following command:

./setup.sh

This command will install all the required dependencies to run Mobile Security Framework, as we can see in the following screenshot.

This setting up also might take some minutes depending on our internet speed.

After the installation complete we can use this tool by using run.sh command. As we previously told that this is a web based tool so we need to run it on our localhost server. To run it on our localhost with port 8000 (we can use any other port) by using following command:

./run.sh 127.0.0.1:8000

And Mobile Security Framework will started on 127.0.0.1:8080 as we can see in the following screenshot:

If we run only ./run.sh command without any localhost IP and port then it will start on 0.0.0.0:8000 by default.

Now we can navigate to the localhost link with our browser and we can see in the following screenshot that Mobile Security Framework is running. We like the color theme of main screen.

Here we upload any application for mobile (APK, IPA & APPX). To upload file we can use drag & drop or click and select.

Here for an example we have an malicious APK file on our Desktop.

Now we drag & drop this on Mobile Security Framework and the toolkit started analy our APK file as we can see in the following screenshot:

It will take less then couple of minutes to analyze the application. After the analysis complete it will show us the result in front of us, as We can see in the following screenshot:

Now we can see all the results of scanning. Here we can see various scan results. We can see the file information and application information on the top & lots of other things.

We also can see de-compiled codes by using MobSF (Mobile Security Framework), as shown in the following screenshot:

From the AndroidMainfest.xml we can see the permissions required by the application.

Inside the source code we may got the Payload.java file and we have a chance to get attacker IP address from this.

These are the basics, there are lots of things to explore on this Mobile Security Framework. If we invest some time we can explore more in this awesome framework.

Mobile Security Framework is a grate tool for digital forensics on mobile applications. This is updated and very much popular among digital forensics experts and ethical hackers.

Like our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.