performing-android-app-static-analysis-with-mobsf

Featured

Performs automated static analysis of Android applications using Mobile Security Framework (MobSF) to identify hardcoded secrets, insecure permissions, vulnerable components, weak cryptography, and code-level security flaws without executing the application. Use when assessing Android APK/AAB files for security vulnerabilities before deployment, during penetration testing, or as part of CI/CD security gates. Activates for requests involving Android static analysis, MobSF scanning, APK security assessment, or mobile application code review.

AI & Automation 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Performing Android App Static Analysis with MobSF ## When to Use Use this skill when: - Conducting security assessment of Android APK or AAB files before production release - Integrating automated mobile security scanning into CI/CD pipelines - Performing initial triage of Android applications during penetration testing engagements - Reviewing third-party Android applications for supply chain security risks **Do not use** this skill as a replacement for manual code review or dynamic analysis -- MobSF static analysis catches pattern-based vulnerabilities but misses runtime logic flaws. ## Prerequisites - MobSF v4.x installed via Docker (`docker pull opensecurity/mobile-security-framework-mobsf`) or local setup - Target Android APK, AAB, or source code ZIP - Python 3.10+ for MobSF REST API integration - JADX decompiler (bundled with MobSF) for Java/Kotlin source recovery - Network access to MobSF web interface (default: http://localhost:8000) ## Workflow ### Step 1: Deploy MobSF and Obtain API Key Launch MobSF using Docker for isolated, reproducible scanning: ```bash docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest ``` Retrieve the REST API key from the MobSF web interface at `http://localhost:8000/api_docs` or from the startup console output. The API key enables programmatic scanning. ### Step 2: Upload APK for Static Analysis Upload the target APK using the MobSF REST API: ```bash curl -F "file=@target_app.apk" http://localho...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

Testing & QA Solid

mobile-security-testing-skill

Android and iOS application security testing

1,160 Updated today
a5c-ai
AI & Automation Featured

performing-dynamic-analysis-of-android-app

Performs runtime dynamic analysis of Android applications using Frida, Objection, and Android Debug Bridge to observe application behavior during execution, intercept function calls, modify runtime values, and identify vulnerabilities that static analysis misses. Use when testing Android apps for runtime security flaws, hooking sensitive methods, bypassing client-side protections, or analyzing obfuscated applications. Activates for requests involving Android dynamic analysis, runtime hooking, Frida Android instrumentation, or live app behavior analysis.

13,115 Updated today
mukul975
AI & Automation Featured

conducting-mobile-app-penetration-test

Conducts penetration testing of iOS and Android mobile applications following the OWASP Mobile Application Security Testing Guide (MASTG) to identify vulnerabilities in data storage, network communication, authentication, cryptography, and platform-specific security controls. The tester performs static analysis of application binaries, dynamic analysis at runtime, and API security testing to evaluate the complete mobile attack surface. Activates for requests involving mobile app pentest, iOS security assessment, Android security testing, or OWASP MASTG assessment.

13,115 Updated today
mukul975
AI & Automation Solid

analyzing-android-malware-with-apktool

Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.

13,115 Updated today
mukul975
AI & Automation Listed

analyzing-android-malware-with-apktool

Perform static analysis of Android APK malware samples using apktool for decompilation, jadx for Java source recovery, and androguard for permission analysis, manifest inspection, and suspicious API call detection.

6 Updated yesterday
26zl