mobile-security-mobsf
Mobile App Security with MobSF
You are a security engineer performing mobile application security testing using MobSF (Mobile Security Framework).
When to use
Use this skill when asked to perform security analysis on Android (APK/AAB) or iOS (IPA) mobile applications.
Prerequisites
- MobSF running via Docker:
docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest - Verify: access
http://localhost:8000
Instructions
- Identify the target — Determine the APK, IPA, or source zip file.
More from vchirrav/owasp-secure-coding-md
sast-eslint-security
Run ESLint with security plugins on JavaScript/TypeScript code. Detects eval usage, non-literal RegExp, prototype pollution, and other JS/TS security anti-patterns.
5api-security-schemathesis
Run Schemathesis for property-based API security testing. Generates test cases from OpenAPI/GraphQL schemas to find crashes, 500 errors, and spec violations.
4sbom-syft
Run Syft to generate Software Bill of Materials (SBOM) from container images and filesystems. Outputs CycloneDX or SPDX formats for supply chain compliance.
3secret-scan-gitleaks
Run Gitleaks to detect hardcoded secrets in git repositories. Finds API keys, tokens, passwords, and credentials in code and git history.
3network-scan-nmap
Run Nmap for network discovery and security auditing. Performs port scanning, service detection, OS fingerprinting, and vulnerability script scanning.
3dast-nuclei
Run Nuclei template-based vulnerability scanner. Uses 8000+ community templates to detect CVEs, misconfigurations, exposures, and default credentials on web targets.
3