MobSF (Mobile Security Framework).

An open-source mobile-app static and dynamic analysis platform supporting Android (APK/AAB), iOS (IPA), and Windows mobile binaries — widely used by AppSec teams as a first-pass scanner against OWASP MASVS/MASTG controls. 它属于网络安全的 移动安全 分类。

An open-source mobile-app static and dynamic analysis platform supporting Android (APK/AAB), iOS (IPA), and Windows mobile binaries — widely used by AppSec teams as a first-pass scanner against OWASP MASVS/MASTG controls.

MobSF (Mobile Security Framework) is an open-source, Docker-deployable mobile-application security testing platform maintained by Ajin Abraham. It accepts Android APK/AAB, iOS IPA, and Windows mobile binaries and produces a comprehensive HTML/JSON report covering manifest analysis, permission risk, hard-coded secrets, insecure crypto and network calls, SSL pinning indicators, OWASP MASVS/MASTG control mapping, file-level entropy, and dependency analysis. A dynamic-analysis mode runs the APK on an attached Android emulator or device with Frida instrumentation, capturing API calls, file IO, network traffic (including TLS-pinned), keystore usage, and screenshots, and supports scripted exploitation via the integrated Objection. MobSF is commonly used as the first-pass scanner in mobile AppSec pipelines, with deeper manual review and pen-testing layered on top of its findings, and is referenced in many enterprise mobile-AppSec workflows and bug-bounty methodologies. Reports map to OWASP MASVS sections, which makes the output easy to roll up into a MASVS-aligned mobile risk score.

针对 MobSF (Mobile Security Framework) 的防御通常结合技术控制与运营实践,详见上方完整定义。

常见的别称包括: Mobile Security Framework, MobSF scanner。