https://appsec.fyi/tools.html#mobsf Curated MobSF resources from appsec.fyi en-us Sun, 07 Jun 2026 04:05:35 +0000 carl@chs.us (Carl Sampson) https://www.kayssel.com/newsletter/issue-12/ https://www.kayssel.com/newsletter/issue-12/ Library for bypassing common Android app detection mechanisms like Frida, root checks, and SSL pinning. Techniques include utilizing Magisk DenyList, employing Frida codeshare scripts, attaching Frida after app launch, static analysis with Jadx to identify and patch detection code, using Objection's `patchapk` feature, dumping loaded classes, tracing method calls, reversing native JNI code, and patching SSL pinning with `apk-mitm` for network traffic analysis. MobSF intermediate Wed, 22 Apr 2026 12:52:43 +0000 https://mobsf.github.io/docs/ https://mobsf.github.io/docs/ Mobile Security Framework - MobSF Documentation MobSF beginner Sat, 11 Apr 2026 16:45:46 +0000 https://github.com/MobSF/Mobile-Security-Framework-MobSF https://github.com/MobSF/Mobile-Security-Framework-MobSF Library for mobile application security, penetration testing, malware analysis, and privacy analysis on Android, iOS, and Windows Mobile. MobSF supports static analysis of APK, IPA, and APPX binaries, as well as dynamic analysis with instrumented testing, runtime data, and network traffic analysis for Android and iOS. It integrates with DevSecOps pipelines via REST APIs and CLI tools. MobSF beginner Sat, 11 Apr 2026 16:45:46 +0000 https://www.tmasolutions.com/insights/owasp-mobile-top-10-and-mobile-security-framework-mobsf https://www.tmasolutions.com/insights/owasp-mobile-top-10-and-mobile-security-framework-mobsf Library for addressing the OWASP Mobile Top 10 risks, including M1 (Improper Credential Usage) with examples like hardcoded credentials and insecure transmission, M2 (Inadequate Supply Chain Security) concerning malware injection, M3 (Insecure Authentication/Authorization) detailing hidden service requests, M4 (Insufficient Input/Output Validation) leading to remote code execution, M5 (Insecure Communication) through lack of certificate inspection, M6 (Inadequate Privacy Controls) via improper log sanitization, M7 (Insufficient Binary Protections) exposing API keys, and M8 (Security Misconfiguration) from insecure default settings. MobSF intermediate Fri, 03 Apr 2026 15:50:22 +0000 https://github.com/MobSF/mobsfscan https://github.com/MobSF/mobsfscan Library for static analysis of Android and iOS source code, mobsfscan detects insecure patterns in Java, Kotlin, XML, Swift, and Objective C. It leverages MobSF static analysis rules, semgrep, and libsast, identifying vulnerabilities like CWE-295 Improper Certificate Validation and CWE-532 Insertion of Sensitive Information into Log File. Supported output formats include JSON, SARIF, SonarQube, and HTML, enabling integration into automated security assessment workflows. MobSF beginner Fri, 11 Jun 2021 03:25:00 +0000