MobSF (Mobile Security Framework).

An open-source mobile-app static and dynamic analysis platform supporting Android (APK/AAB), iOS (IPA), and Windows mobile binaries — widely used by AppSec teams as a first-pass scanner against OWASP MASVS/MASTG controls. Pertence à categoria Segurança móvel da cibersegurança.

An open-source mobile-app static and dynamic analysis platform supporting Android (APK/AAB), iOS (IPA), and Windows mobile binaries — widely used by AppSec teams as a first-pass scanner against OWASP MASVS/MASTG controls.

MobSF (Mobile Security Framework) is an open-source, Docker-deployable mobile-application security testing platform maintained by Ajin Abraham. It accepts Android APK/AAB, iOS IPA, and Windows mobile binaries and produces a comprehensive HTML/JSON report covering manifest analysis, permission risk, hard-coded secrets, insecure crypto and network calls, SSL pinning indicators, OWASP MASVS/MASTG control mapping, file-level entropy, and dependency analysis. A dynamic-analysis mode runs the APK on an attached Android emulator or device with Frida instrumentation, capturing API calls, file IO, network traffic (including TLS-pinned), keystore usage, and screenshots, and supports scripted exploitation via the integrated Objection. MobSF is commonly used as the first-pass scanner in mobile AppSec pipelines, with deeper manual review and pen-testing layered on top of its findings, and is referenced in many enterprise mobile-AppSec workflows and bug-bounty methodologies. Reports map to OWASP MASVS sections, which makes the output easy to roll up into a MASVS-aligned mobile risk score.

As defesas contra MobSF (Mobile Security Framework) costumam combinar controles técnicos e práticas operacionais, conforme detalhado na definição acima.

Nomes alternativos comuns: Mobile Security Framework, MobSF scanner.