Installing MOBSF for mobile app static security assessment
To install MOBSF follow the steps given on the https://mobsf.github.io/docs/#/ URL.
From the left menu choose the Installation option.
Depending upon the OS use the commands to install.
After the installation you can find the steps to run the tool also from the same website itself.
Too lazy to do any of that, we can use the Docker method to directly pull the docker image and run.
However for doing either of these you need to fulfill the pre-requisites such as for pulling any docker image in your system you need to install docker.
Now, This docker can be either installed on your windows system as well as linux system.
From the url https://docs.docker.com/ you can download and install the docker.
Once Docker is installed in your system it will look like below.
Sometime while running the docker pull command from the command prompt in windows you might get the below error.
This error may indicate that the docker daemon is not running.
For resolving the error please refer to the https://www.thecodebuzz.com/docker-error-daemon-is-not-running/ url which has proper explanation of how to resolve the error.
However, It can be deduced that the docker service is not running, so for starting the service we have the below command which you can directly run from the command prompt.
net start com.docker.service
But even with the above command you might face the access denied error as below.
That means you need to run the command prompt as the Administrator to run start the docker service.
Now run the same command again, and see if you’re able to start the docker service or not.
IF the problem still persist you might want to check the docker GUI settings if you have something missing in the installation process.
In my case WSL2 installation was incomplete.
Clicking on the link from the above dialogue box it will open a Microsoft website to download the WSL2 linux kernel.
Download the .msi file and run as administrator.
Once installed click on finish.
After finishing the WSL2 linux kernel installation, restart your pc.
Run the same start docker command again from above and then run the docker pull command.
net start com.docker.service
docker pull opensecurity/mobile-security-framework-mobsf
Same docker pull can be done in linux also.
But make sure when pulling the MOBSF image from the kali or any other linux distro make sure to run the command using root privilege by appending sudo before the docker pull command as shown below:
After pulling the docker image, it’s very easy to run the mobsf tool from the command prompt, by just pasting the below command on the command prompt/terminal.
docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
In the same command prompt after the mobsf is started you will find an ip and port on which you can get the web app on which you need to upload the apk.
So the url is http://0.0.0.0:8000
Hit it on any web browser.
However, in some case you might encounter an error like below when you try to access the web url given above.
Worry not, We can try the local host url 127.0.0.1 instead of 0.0.0.0
So try to access http://127.0.0.1:8000 on the browser.
From the above web url you can directly upload and analyze any android apk or ios ipa file.