On Linux and Mac, install Oracle Java 1.7 or above and make it the default one.Windows App Static analysis requires a Windows Host or Windows VM for Mac and Linux.iOS IPA Analysis works only on Mac and Linux.Mac OS Users must install Command-line tools.Static Analyzer Docker ImageĪutomated prebuilt docker image of MobSF Static Analyzer is available from DockerHub docker pull opensecurity/mobile-security-framework-mobsfĭocker run -it -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latestĪlso Read Headless Burp – Automate security tests using Burp Suite Requirements Static Analysis It can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. Mobile Security Framework or MobSF is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis.