MobSF (Mobile Security Framework) v1.0 – Mobile (Android/iOS) Automated Pen-Testing Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. MobSF can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz, a Web API specific security scanner. MobSF is designed to make your CI/CD or DevSecOps pipeline integration seamless.MobSF is also bundled with Android Tamer and BlackArchDocumentationSee MobSF DocumentationMobSF Static Analyzer Docker ImageAutomated prebuilt docker image of MobSF Static Analyzer is available from DockerHubdocker pull opensecurity/mobile-security-framework-mobsfdocker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latestOther docker options: MobSF Docker OptionsCollaboratorsAjin AbrahamDominik SchlechtMatan DobrushinVincent NadalPresentationsOWASP APPSEC EU 2016 – Slides, VideoNULLCON 2016 – Slidesc0c0n 2015 – SlidesOWASP AppSec EU 2016 – VideoG4H Webcast 2015 – VideoVideo CourseAutomated Mobile Application Security Assessment with MobSFAndroid Security Tools ExpertWhat’s New?See ChangelogScreenshotsStatic Analysis – Android APKStatic Analysis – iOS IPAStatic Analysis – Windows APPXDynamic Analysis – Android APKWeb API FuzzerCreditsAbhinav Sejpal (@Abhinav_Sejpal) – For poking me with bugs, feature requests, and UI & UX suggestions.Amrutha VC (@amruthavc) – For the new MobSF logoAnant Srivastava (@anantshri) – For Activity Tester IdeaAnto Joseph (@antojosep007) – For the help with SuperSU.Bharadwaj Machiraju (@tunnelshade_) – For writing pyWebProxy from scratchDominik Schlecht – For the awesome work on adding Windows Phone App Static Analysis to MobSFEsteban – Better Android Manifest Analysis and Static Analysis Improvement.Matan Dobrushin – For adding Android ARM Emulator support to MobSF – Special thanks goes for cuckoo-droid, I got inspierd by their code and idea for this implementation.MindMac – For writing Android Blue PillRahul (@c0dist) – Kali SupportShuxin – Android Binary AnalysisThomas Abraham – For JS Hacks on UI.Tim Brown (@timb_machine) – For the iOS Binary Analysis Ruleset.Oscar Alfonso Diaz – (@OscarAkaElvis) – For Dockerfile contributionsDownload MobSF

Link: http://feedproxy.google.com/~r/PentestTools/~3/k5pgjKUGpDQ/mobsf-mobile-security-framework-v10.html

Tor Brings Onion Browser to Android Devices

In parts of the developing world, dissidents and journalists face hostile governments and other threats — and mobile is their only access to the internet.

Link: https://threatpost.com/tor-brings-onion-browser-to-android-devices/137325/

AT Command Hitch Leaves Android Phones Open to Attack

Researchers used AT commands to rewrite device firmware, bypass Android security mechanisms, exfiltrate sensitive device information, and unlock screens.

Link: https://threatpost.com/at-command-hitch-leaves-android-phones-open-to-attack/136938/