Implement MobSF on Kali Linux for Dynamic and Static Security Testing

With the mobile application market exploding (there are currently 2.8 million apps on the Google Play Store and 2.2 million on the Apple store - not to mention Enterprise apps or apps not available on “Regular Markets”), Security Testing on mobile devices is now critical to IT security for Copado (formerly IOVIO)

‍

Recently, a customer needed Security and Penetration Testing carried out on their mission-critical applications, including Mobile Applications for Android and iOS. This assignment’s weapons of choice are Kali Linux, the MobSF (Mobile Security Framework), and an automated Security Framework that allows application testing during run-time.

To set up such an environment with minimum hassle, start by opening a console and installing Phyton3-pip.

Then, make sure you have Java SDK.

Now, let’s clone the MobSF repository and navigate to the main directory.

‍

‍
‍

Now let’s clone the MobSF repository and navigate to the main directory.

‍

Configure Static Analyzer

Before running the server, create and activate a virtual environment and install the MobSF requirements.

As an optional step install wkhtmltopdf first to generate PDF reports.

‍

‍

Run MobSF Serve

‍

‍

After running the server for the first time, many users find that they have unapplied migrations and that the project does not work properly. To solve this, simply apply the pending migrations.

python3 manage.py migrate

Now, everything is ready to run: open your favorite browser and navigate to http://127.0.0.1:800, or the configured IP and Port.

You are now ready to load APKs or IPAs into the server and start performing Static Analysis of your apps. Don’t forget to visit the project page to discover more about MobSF! 

If you’re interested in security testing services, have any questions, comments, or want to share some of your own approaches, reach out.

‍