Analysis updated 2026-05-18
Scan Android APK files for security vulnerabilities and malware before release.
Perform live dynamic testing on iOS apps to monitor runtime behavior and network traffic.
Integrate mobile security scanning into CI/CD pipelines to catch issues early in development.
Analyze source code and binaries across multiple mobile platforms in a single tool.
| mobsf/mobile-security-framework-mobsf | liriliri/eruda | wekan/wekan | |
|---|---|---|---|
| Stars | 20,954 | 20,965 | 20,919 |
| Language | JavaScript | JavaScript | JavaScript |
| Setup difficulty | hard | easy | moderate |
| Complexity | 4/5 | 2/5 | 2/5 |
| Audience | developer | developer | pm founder |
Figures from each repo's GitHub metadata at analysis time.
Requires Docker, multiple analysis engines (static/dynamic), mobile SDKs, and emulators for Android/iOS testing.
Mobile Security Framework, or MobSF, is an all-in-one security tool for inspecting mobile apps. It looks at apps built for Android, iOS and Windows Mobile, and helps with penetration testing, malware analysis and privacy analysis. In plain terms, it tries to find out whether a mobile app does anything dangerous, sloppy or sneaky before you ship it or let it loose on real users. The README explains that MobSF has two main analyzers. The Static Analyzer reads the compiled app file or its source code without running it, picking up clues from the package itself, it supports popular mobile binary formats including APK (Android), IPA (iOS), and APPX (Windows). The Dynamic Analyzer actually runs the app and watches what it does at runtime, on Android and iOS, including network traffic and live instrumented testing. Because it exposes REST APIs and command-line tools, it can be plugged into a DevSecOps or CI/CD pipeline, meaning the automated build process companies use to test and release software. You would reach for MobSF when you are building, auditing or researching a mobile app and you want a single dashboard that can scan binaries, flag risky behavior, and let testers poke at the running app. The README mentions presentations at Black Hat Arsenal in Asia and Europe and notes the tool is bundled with security-focused operating systems Android Tamer, BlackArch and Pentoo. The project is open source under GPL-3.0. The README shows the quickest way to try it is a docker pull and docker run command that exposes the dashboard on port 8000 with a default mobsf/mobsf login, and it documents Python 3.12+ as the runtime with osx, linux and windows as supported platforms. A companion project called mobsfscan is offered for CI/CD use.
Automated security testing platform that scans mobile apps (Android, iOS, Windows) for vulnerabilities, malware, and privacy issues using static and dynamic analysis.
Mainly JavaScript. The stack also includes JavaScript, Python, Docker.
Use it freely, but any project you distribute that includes this code must also be GPL-licensed and open source.
Setup difficulty is rated hard, with roughly 1day+ to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.