MobSF (Mobile Security Framework).

An open-source mobile-app static and dynamic analysis platform supporting Android (APK/AAB), iOS (IPA), and Windows mobile binaries — widely used by AppSec teams as a first-pass scanner against OWASP MASVS/MASTG controls. Es gehört zur Kategorie Mobile Sicherheit der Cybersicherheit.

An open-source mobile-app static and dynamic analysis platform supporting Android (APK/AAB), iOS (IPA), and Windows mobile binaries — widely used by AppSec teams as a first-pass scanner against OWASP MASVS/MASTG controls.

MobSF (Mobile Security Framework) is an open-source, Docker-deployable mobile-application security testing platform maintained by Ajin Abraham. It accepts Android APK/AAB, iOS IPA, and Windows mobile binaries and produces a comprehensive HTML/JSON report covering manifest analysis, permission risk, hard-coded secrets, insecure crypto and network calls, SSL pinning indicators, OWASP MASVS/MASTG control mapping, file-level entropy, and dependency analysis. A dynamic-analysis mode runs the APK on an attached Android emulator or device with Frida instrumentation, capturing API calls, file IO, network traffic (including TLS-pinned), keystore usage, and screenshots, and supports scripted exploitation via the integrated Objection. MobSF is commonly used as the first-pass scanner in mobile AppSec pipelines, with deeper manual review and pen-testing layered on top of its findings, and is referenced in many enterprise mobile-AppSec workflows and bug-bounty methodologies. Reports map to OWASP MASVS sections, which makes the output easy to roll up into a MASVS-aligned mobile risk score.

Schutzmaßnahmen gegen MobSF (Mobile Security Framework) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: Mobile Security Framework, MobSF scanner.