Mobile Security Framework - MobSF v0.9.3 Beta.

Mobile Security Framework – MobSF v0.9.3 Beta.

Changelog MobSF v0.9.3-Beta:
* Features or Enhancements
++ Added Docker File
++ Clipboard Monitor for Android Dynamic Analysis
++ Windows APPX Static Analysis Support
++ Added Support for Kali Linux
++ Code Quality and Lintering
++ Partial PEP8 Formating, Code Refactoring and Restructuring
++ Imporved Static Analyzer Regex
++ Disabling Syntax Highlighter Edit mode
++ More MIME Type additions
++ Update File Upload Size to 100 MB
++ MobSFfy script to support commandline args
++ New strings.py tool for string extraction in iOS Apps.
++ Updated iOS Static Analysis ruleset.
++ Django Upgrade to 1.10
++ MobSF VM 0.3 Released

* Bug Fixes
++ Fixed Code Analyis Regex Error
++ Fixed iOS Binary Analyis and File Analysus PDF Generation bug
++ API Fuzzer Bug Fixes
++ SQLite3 Bug Fix
++ Fixed Bug when no code signing cert is present
++ Fixed Bug in xhtml2pdf
++ Dynamic Analysis Bug Fixes
++ Unicode Bug Fixes
++ Fixed MobSFy upload error
++ Fixed Variable redefining bug

* Security Fixes
++ Fixed Local File Inclusion casued due to incorrect regex

mobsf webgui

mobsf webgui

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile Applications and supports both binaries (APK, IPA & APPX ) and zipped source code. MobSF can also perform Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.

mobsf runserver

mobsf runserver

Download and build from source:

Downloads : Source code(zip)  | Source code(tar.gz)
Source: http://opensecurity.in/ | https://github.com/ajinabraham