### Success Response Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Example of a success response for starting an iOS VM instance. ```json {"status": "ok", "message": "Starting VM Instance"} ``` -------------------------------- ### Start Dynamic Analysis API Sample Call Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Example cURL command to start dynamic analysis for a given app hash. Authentication is handled via the Authorization header. ```bash curl -X POST --url http://localhost:8000/api/v1/dynamic/start_analysis --data "hash=3a552566097a8de588b8184b059b0158" -H "Authorization: {{ api_key}}" ``` -------------------------------- ### Unique Feature: Configuration Examples Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Configuration documentation provides examples for development, production, and Docker environments. ```markdown ✅ Every configuration has dev/prod/docker examples ``` -------------------------------- ### Get Apps API Sample Call Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Example cURL command to retrieve a list of apps available for dynamic analysis, using the Authorization header for authentication. ```bash curl --url http://localhost:8000/api/v1/dynamic/get_apps -H "Authorization: {{ api_key}}" ``` -------------------------------- ### Start dynamic analysis Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/rest-api-reference.md Initiates the dynamic analysis process for a specified installed application. ```APIDOC ## POST /api/v1/dynamic/start_analysis ### Description Begin dynamic analysis of an installed app. ### Method POST ### Endpoint /api/v1/dynamic/start_analysis ### Parameters #### Request Body - **package** (string) - Required - The package name of the application to analyze. ### Response #### Success Response (200) - **status** (string) - The status of the analysis initiation (e.g., "started"). - **package** (string) - The package name of the analyzed application. ``` -------------------------------- ### Configuration Documentation Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Configuration documentation covers all settings, environment variables, and includes examples for development, production, and Docker environments. ```markdown → configuration.md (all settings, env vars, examples) ``` -------------------------------- ### Setup iOS Dynamic Analysis Environment API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Sets up the dynamic analysis environment for an IPA file. This is necessary for apps not already installed in the Corellium VM. Requires instance ID and IPA hash. ```json {"status": "ok", "message": "Testing Environment is Ready!"} ``` ```json {"error": } ``` ```json {"error": "You are unauthorized to make this request." } ``` ```bash curl -X POST --url http://localhost:8000/api/v1/ios/setup_environment --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&hash=35469622303ba10a2195557a3ad1810a" -H "Authorization: {{ api_key}}" ``` -------------------------------- ### Start Django-Q Cluster Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/async-task-management.md To process tasks, you need to start the Django-Q cluster. Run this command in your project's root directory. ```bash # Start Q cluster python manage.py qcluster ``` -------------------------------- ### Usage Instruction: Start Here Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Begin your documentation journey by reading the README.md file. ```markdown 1. START HERE: Read /workspace/home/output/README.md ``` -------------------------------- ### Start Corellium iOS Instance API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Use this API to start an iOS VM in Corellium. Requires an instance ID and an authorization header. ```bash curl -X POST --url http://localhost:8000/api/v1/ios/corellium_start_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization: {{ api_key}}" ``` -------------------------------- ### Start Activity Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/exported-symbols.md Launches a specified Android activity. ```APIDOC ## POST /api/v1/android/start_activity ### Description Launch a specified Android activity. ### Method POST ### Endpoint /api/v1/android/start_activity ``` -------------------------------- ### Start Testing Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/urls-routing.md Initiates the testing process. ```APIDOC ## POST tests/ ### Description Initiates the testing process. ### Method POST ### Endpoint `/tests/` ### Parameters #### Request Body (No specific request body parameters documented) ### Response (No specific response details documented) ``` -------------------------------- ### Security Functions Documentation Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Security module documentation details 13 security functions and provides examples for SSRF, injection, and path traversal prevention. ```markdown → security-module.md (13 security functions) ``` -------------------------------- ### Start Corellium iOS Instance API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Start a previously created iOS VM instance in Corellium using its identifier. Requires API key authentication. ```bash curl -X POST --url http://localhost:8000/api/v1/ios/corellium_start_instance -H "Authorization: {{ api_key}}" ``` -------------------------------- ### Install IPA Device Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/urls-routing.md Installs an IPA file onto the iOS device. ```APIDOC ## POST ios/install_ipa_device/ ### Description Installs an IPA file onto the iOS device. ### Method POST ### Endpoint `/ios/install_ipa_device/` ### Parameters #### Request Body (No specific request body parameters documented) ### Response (No specific response details documented) ``` -------------------------------- ### Corellium Start iOS Instance API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Starts an iOS VM instance in Corellium using its instance identifier. ```APIDOC ## POST /api/v1/ios/corellium_start_instance ### Description Starts an iOS VM instance in Corellium by instance identifier. ### Method POST ### Endpoint /api/v1/ios/corellium_start_instance ### Parameters #### Request Body - **instance_id** (string) - Required - iOS VM instance identifier ### Request Example ```json { "instance_id": "ce9cf65d-5ce5-4fad-823f-5d784c802d21" } ``` ### Response #### Success Response (200) - **status** (string) - Indicates success, e.g., "ok" - **message** (string) - Confirmation message, e.g., "Instance started" #### Response Example ```json { "status": "ok", "message": "Instance started" } ``` #### Error Response - **Code:** 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity - **Content-Type:** application/json; charset=utf-8 - **Content:** `{"error": }` - **Code:** 401 Unauthorized - **Content-Type:** application/json; charset=utf-8 - **Content:** `{"error": "You are unauthorized to make this request." }` ``` -------------------------------- ### Corellium Start iOS Instance API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Starts an iOS VM in Corellium that was previously created, identified by its instance identifier. ```APIDOC ## POST /api/v1/ios/corellium_start_instance ### Description Start iOS VM in previously created in Corellium by instance identifier. ### Method POST ### Endpoint /api/v1/ios/corellium_start_instance ### Parameters #### Header Parameters - **Authorization** (string) - Required - API Key - **X-Mobsf-Api-Key** (string) - Required - API Key #### Data Parameters - **instance_id** (string) - Required - iOS VM instance identifier ### Response #### Success Response (200) - **Content-Type**: application/json; charset=utf-8 - **Content**: {"status": "ok", "message": "Starting VM Instance"} #### Error Response (500, 405, 422) - **Content-Type**: application/json; charset=utf-8 - **Content**: {"error": } ``` -------------------------------- ### Install rsa package Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/install/windows/readme.md Use this command to install the rsa package for Python, which is a requirement for MobSF on Windows. ```bash python -m pip install rsa ``` -------------------------------- ### Permission System Documentation Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Permission system documentation covers access control mechanisms like SCAN, SUPPRESS, and DELETE, with examples of decorator usage. ```markdown → permission-system.md (SCAN, SUPPRESS, DELETE) ``` -------------------------------- ### Start MOBSF with Custom Address Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/configuration.md Use this command to start the MOBSF server listening on a specific IP address and port. ```bash mobsf 0.0.0.0:8080 ``` -------------------------------- ### Run App API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Starts an application in the Corellium VM. Requires instance_id and bundle_id. ```APIDOC ## POST /api/v1/ios/run_app ### Description Runs the specified application in the Corellium VM. ### Method POST ### Endpoint /api/v1/ios/run_app ### Parameters #### Request Body - **instance_id** (string) - Required - iOS instance id. - **bundle_id** (string) - Required - iOS app bundle id. ### Request Example ```bash curl -X POST --url http://localhost:8000/api/v1/ios/run_app --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization: {{ api_key}}" ``` ### Response #### Success Response (200) - **status** (string) - Indicates success. - **message** (string) - Confirmation message. #### Response Example ```json { "status": "ok", "message": "App Started" } ``` ``` -------------------------------- ### Frida Code Editor Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html A basic example of how to use the Frida API within the code editor. Use send() for logging within the script. ```javascript Java.perform(function() { // Use send() for logging }); ``` -------------------------------- ### Start Dynamic Analysis Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/exported-symbols.md Initiates a dynamic analysis session for a specified Android application. ```APIDOC ## POST /api/v1/dynamic/start_analysis ### Description Start dynamic analysis for an Android application. ### Method POST ### Endpoint /api/v1/dynamic/start_analysis ``` -------------------------------- ### Get iOS Device Details API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Retrieves details of an iOS device and lists installed applications. Requires the device ID. ```APIDOC ## POST /api/v1/ios/device_get ### Description Get iOS Device Details and List Apps. ### Method POST ### Endpoint /api/v1/ios/device_get ### Parameters #### Header Parameters - **Authorization** (string) - Required - API key for authentication. - **X-Mobsf-Api-Key** (string) - Required - Alternative API key for authentication. #### Request Body Parameters - **device_id** (string) - Required - iOS device id (Available from /api/v1/ios/device_dynamic_analysis). ### Request Example ```bash curl -X POST --url http://localhost:8000/api/v1/ios/device_get --data "device_id=00008110-000A4CE00C81C01E" -H "Authorization: {{ api_key}}" ``` ### Response #### Success Response (200) - **Content-Type**: application/json; charset=utf-8 - **Content**: {"status": "ok"} #### Error Response - **Code**: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity **Content-Type**: application/json; charset=utf-8 **Content**: {"error": } - **Code**: 401 Unauthorized **Content-Type**: application/json; charset=utf-8 **Content**: {"error": "You are unauthorized to make this request." } ``` -------------------------------- ### Get App Container Path API Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Retrieve the container path for an instrumented iOS application. The app must be instrumented before calling this API. ```bash curl -X POST --url http://localhost:8000/api/v1/ios/get_app_container_path --data "bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization: {{ api_key}}" ``` -------------------------------- ### Usage Instruction: Quick Reference Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Bookmark the INDEX.md file for quick access to information. ```markdown 2. QUICK REFERENCE: Bookmark /workspace/home/output/INDEX.md ``` -------------------------------- ### Instance Management Endpoints Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/urls-routing.md These endpoints manage iOS instances within the Corellium cloud. They allow for retrieving supported models and iOS versions, creating, starting, stopping, pausing, rebooting, destroying instances, and listing installed applications. ```APIDOC ## POST /api/v1/ios/corellium_supported_models ### Description Retrieves a list of supported Corellium models for iOS. ### Method POST ### Endpoint /api/v1/ios/corellium_supported_models ## POST /api/v1/ios/corellium_ios_versions ### Description Retrieves a list of supported iOS versions for Corellium instances. ### Method POST ### Endpoint /api/v1/ios/corellium_ios_versions ## POST /api/v1/ios/corellium_create_ios_instance ### Description Creates a new iOS instance in the Corellium cloud. ### Method POST ### Endpoint /api/v1/ios/corellium_create_ios_instance ## POST /api/v1/ios/corellium_start_instance ### Description Starts a specified iOS instance. ### Method POST ### Endpoint /api/v1/ios/corellium_start_instance ## POST /api/v1/ios/corellium_stop_instance ### Description Stops a specified iOS instance. ### Method POST ### Endpoint /api/v1/ios/corellium_stop_instance ## POST /api/v1/ios/corellium_unpause_instance ### Description Unpauses a specified iOS instance. ### Method POST ### Endpoint /api/v1/ios/corellium_unpause_instance ## POST /api/v1/ios/corellium_reboot_instance ### Description Reboots a specified iOS instance. ### Method POST ### Endpoint /api/v1/ios/corellium_reboot_instance ## POST /api/v1/ios/corellium_destroy_instance ### Description Destroys a specified iOS instance. ### Method POST ### Endpoint /api/v1/ios/corellium_destroy_instance ## POST /api/v1/ios/corellium_list_apps ### Description Lists the applications installed on a specified iOS instance. ### Method POST ### Endpoint /api/v1/ios/corellium_list_apps ``` -------------------------------- ### URL Routing Documentation Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt URL routing documentation details over 100 URL patterns, including actual regex patterns from the source. ```markdown → urls-routing.md (100+ URL patterns) ``` -------------------------------- ### Initialize MOBSF Database Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/configuration.md Run this command to initialize the MOBSF database. ```bash mobsf db ``` -------------------------------- ### Install Root CA Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/urls-routing.md Installs the root CA certificate on the Android device. ```APIDOC ## POST /android/root_ca ### Description Installs the root CA certificate on the Android device. ### Method POST ### Endpoint /api/v1/android/root_ca ### Parameters #### Query Parameters None #### Request Body None ### Request Example ```json { "example": "No request body needed" } ``` ### Response #### Success Response (200) - **message** (string) - Confirmation message of CA installation. #### Response Example ```json { "example": "Root CA installed successfully." } ``` ``` -------------------------------- ### Setup iOS Dynamic Analysis Environment API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Prepares an iOS dynamic analysis environment for a given IPA file, identified by its MD5 hash. ```APIDOC ## POST /api/v1/ios/setup_environment ### Description Sets up the iOS Dynamic Analysis Environment for an IPA. This API call is required for apps not already installed in the Corellium iOS VM. ### Method POST ### Endpoint /api/v1/ios/setup_environment ### Parameters #### Request Body - **instance_id** (string) - Required - iOS instance ID - **hash** (string) - Required - MD5 hash of the IPA file ### Request Example ```bash curl -X POST --url http://localhost:8000/api/v1/ios/setup_environment --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&hash=35469622303ba10a2195557a3ad1810a" -H "Authorization: {{ api_key}}" ``` ### Response #### Success Response (200) - **status** (string) - Indicates success, e.g., "ok" - **message** (string) - Confirmation message, e.g., "Testing Environment is Ready!" #### Response Example ```json { "status": "ok", "message": "Testing Environment is Ready!" } ``` ``` -------------------------------- ### Install Root CA Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/exported-symbols.md Installs the MobSF root CA certificate on the Android device. ```APIDOC ## POST /api/v1/android/root_ca ### Description Install the MobSF root CA certificate on the Android device. ### Method POST ### Endpoint /api/v1/android/root_ca ``` -------------------------------- ### List installed apps Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/rest-api-reference.md Retrieves a list of all installed applications on a connected device or emulator. ```APIDOC ## POST /api/v1/dynamic/get_apps ### Description List installed apps on connected device/instance. ### Method POST ### Endpoint /api/v1/dynamic/get_apps ### Response #### Success Response (200) - **apps** (array of objects) - A list of installed applications, where each object contains `package_name`, `name`, and `version`. ``` -------------------------------- ### Error Response Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Example of an error response from the API, indicating an unauthorized request. ```json {"error": "You are unauthorized to make this request." } ``` -------------------------------- ### Upload and Install IPA AJAX Request Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/ios/device/dynamic_analysis.html Initiates an AJAX POST request to install an IPA file onto the selected iOS device. It handles success and error responses, updating the user with the installation status. ```javascript function upload_and_install(checksum){ dynamic_loader(); $.ajax({ url: '{% url 'install_ipa_device' %}', type : 'POST', dataType: 'json', data : { csrfmiddlewaretoken: '{{ csrf_token }}', device_id: $('#ios_dynamic').val(), checksum: checksum, }, success : function(json) { if (json.status !== 'ok'){ stop_loader(); Swal.fire( 'IPA Install Failed', 'Failed to Install IPA: ' + json.message, 'error' ) } else { stop_loader(); Swal.fire( 'IPA Installed', 'The IPA is successfully installed', 'success' ); list_apps(); } }, error : function(xhr,errmsg,err) { stop_loader(); Swal.fire( 'IPA Install Errored', errmsg, 'error' ) } }); } ``` -------------------------------- ### Install IPA on iOS Device Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/exported-symbols.md Installs an IPA file onto a jailbroken iOS device. ```APIDOC ## POST /api/v1/ios/device_install_ipa ### Description Installs a specified IPA file onto a jailbroken iOS device. ### Method POST ### Endpoint /api/v1/ios/device_install_ipa ### Parameters #### Query Parameters - **device_id** (string) - Required - The unique identifier of the target iOS device. - **ipa_path** (string) - Required - The absolute path to the IPA file on the MOBSF server. ### Request Example { "example": "" } ### Response #### Success Response (200) - **message** (string) - A success message indicating the IPA installation status. #### Response Example { "example": "{\"message\": \"IPA installed successfully.\"}" } ``` -------------------------------- ### Quick Docker Setup for MobSF Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/README.md This command pulls the latest MobSF Docker image and runs it, exposing port 8000. Default credentials are mobsf/mobsf. ```bash docker pull opensecurity/mobile-security-framework-mobsf:latest docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest # Default username and password: mobsf/mobsf ``` -------------------------------- ### Start iOS Corellium Dynamic Analysis Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/rest-api-reference.md This endpoint starts a dynamic analysis on a Corellium iOS instance. ```APIDOC ## POST /api/v1/ios/dynamic_analysis ### Description Start dynamic analysis on Corellium instance. ### Method POST ### Endpoint /api/v1/ios/dynamic_analysis ``` -------------------------------- ### Instrumentation Options Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/ios/dynamic_analyzer.html Choose how to instrument the target application: Run Spawn & Inject for new processes, Inject Attach for existing ones, or Injected Code for direct script execution. ```none Run Spawn & Inject ``` ```none Inject Attach ``` ```none Injected Code ``` -------------------------------- ### Start All Activities Tester - JavaScript Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html Initiates the testing of all Android activities. Displays a status message before starting. ```javascript $"#actt".click(function() { print_status("Starting Activity tester...") activity_tester('all_activities') return false; }); ``` -------------------------------- ### Module Navigation Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Provides navigation paths for different modules within the MobSF project, linking to specific documentation files. ```markdown mobsf.MobSF.security → security-module.md mobsf.MobSF.utils → utilities-module.md mobsf.MobSF.views.api → api-middleware.md + rest-api-reference.md mobsf.StaticAnalyzer.models → database-models.md mobsf.StaticAnalyzer.forms → forms-validation.md mobsf.StaticAnalyzer.views → android-static-analyzer.md Django URLS → urls-routing.md Django settings → configuration.md ``` -------------------------------- ### Usage Instruction: Copy Code Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt All function signatures and code examples are ready for direct copy-pasting. ```markdown 5. COPY CODE: All function signatures and examples are copy-paste ready ``` -------------------------------- ### Install or Remove Root CA API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html API to install or remove MobSF Root CA to or from the Android VM/Emulator/Device. ```APIDOC ## POST /api/v1/android/root_ca ### Description API to install or remove MobSF Root CA to or from the Android VM/Emulator/Device. ### Method POST ### Endpoint /api/v1/android/root_ca ### Parameters #### Header Parameters - **Authorization** (string) - Required - - **X-Mobsf-Api-Key** (string) - Required - #### Data Parameters - **command** (string) - Required - install or remove - **identifier** (string) - Required - ADB identifier of Android VM/Emulator/Device ### Request Example ```bash curl -X POST --url http://localhost:8000/api/v1/android/root_ca --data "command=install&identifier=192.168.56.139:5555" -H "Authorization: {{ api_key}}" ``` ### Response #### Success Response (200) - **Content-Type**: application/json; charset=utf-8 - **Content**: { "status": "ok", "message": "Root CA installed successfully." } #### Error Response - **Code**: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity **Content-Type**: application/json; charset=utf-8 **Content**: {"error": } - **Code**: 401 Unauthorized **Content-Type**: application/json; charset=utf-8 **Content**: {"error": "You are unauthorized to make this request." } ``` -------------------------------- ### Android Static Analyzer Documentation Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Documentation for the Android static analyzer, serving as the main entry point for analyzing Android applications. ```markdown → android-static-analyzer.md (main entry point) ``` -------------------------------- ### Start Dynamic Analysis Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/rest-api-reference.md Initiate a dynamic analysis session for a specified application package. The response indicates the analysis status and the package being analyzed. ```json { "package": "com.example.app" } ``` -------------------------------- ### Start Exported Activity Tester - JavaScript Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html Initiates the testing of exported Android activities. Displays a status message before starting. ```javascript $"#expactt".click(function() { print_status("Starting Exported Activity tester...") activity_tester('exported') return false; }); ``` -------------------------------- ### Upload File API Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Use this API to upload files for analysis. Supported types include apk, zip, ipa, and appx. Ensure you include the correct API key in the Authorization or X-Mobsf-Api-Key header. ```bash curl -F 'file=@/Users/ajin/Desktop/diva-beta.apk' http://localhost:8000/api/v1/upload -H "Authorization: {{ api_key}}" ``` ```bash curl -F 'file=@/Users/ajin/Desktop/diva-beta.apk' http://localhost:8000/api/v1/upload -H "X-Mobsf-Api-Key: {{ api_key}}" ``` -------------------------------- ### Start Frida Scripting API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Initiates Frida scripting for dynamic analysis. Specify the device and the scripts to be loaded. ```bash curl -X POST --url http://localhost:8000/api/v1/frida/get_script --data "device=android&scripts[]=hook_java_reflection&scripts[]=jni_hook_by_address&scripts[]=default&scripts[]=get_android_id" -H "Authorization: {{ api_key}}" ``` -------------------------------- ### Install IPA on Device API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Installs an IPA file onto a jailbroken iOS device. Requires the device ID and the IPA file. ```APIDOC ## POST /api/v1/ios/device_install_ipa ### Description Install an IPA file on the jailbroken iOS device. ### Method POST ### Endpoint /api/v1/ios/device_install_ipa ### Parameters #### Header Parameters - **Authorization** (string) - Required - API key for authentication. - **X-Mobsf-Api-Key** (string) - Required - Alternative API key for authentication. #### Request Body Parameters - **device_id** (string) - Required - iOS device id. - **ipa_file** (file) - Required - The IPA file to install. ``` -------------------------------- ### SAML2 Configuration Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/configuration.md This snippet shows the structure for configuring SAML2 authentication in MobSF. Ensure the paths and URLs are correctly set for your environment. ```python SAML_CONFIG = { 'debug': True, 'xmlsec_binary': '/usr/bin/xmlsec1', 'entityid': 'https://mobsf.example.com', 'service': { 'sp': { 'endpoints': { 'assertion_consumer_service': [ ('https://mobsf.example.com/sso/acs/', SAML2_DEFAULT_BINDING_FORMAT), ], }, 'allow_unsolicited': False, 'authn_requests_signed': False, 'logout_requests_signed': False, 'want_assertions_signed': True, }, }, # ... IdP settings ... } ``` -------------------------------- ### Frida Get Injected Script Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/ios/dynamic_analyzer.html Retrieves and displays the currently injected Frida script. This action is initiated by clicking the 'Frida Get' button. ```javascript $("#frida_get").click(function() { frida_instrument('get'); return false; }); ``` -------------------------------- ### Frida Get Runtime Dependencies Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html Initiates the process to get application runtime dependencies using Frida. This action is triggered by the 'deps' button. ```javascript //Frida Get Runtime Dependencies $("#deps").click(function() { print_status("Getting application runtime depen ``` -------------------------------- ### Start iOS VM Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/ios/dynamic_analysis.html Initiates the startup of an iOS VM in Corellium. It displays a confirmation dialog warning about potential charges before sending an AJAX POST request. ```javascript function start_vm(item){ Swal.fire({ title: 'Are you sure?', text: "This will start an iOS VM in Corellium and will incur charges", type: 'warning', showCancelButton: true, confirmButtonText: 'Yes', cancelButtonText: 'No', confirmButtonColor: '#d33', cancelButtonColor: '#2da532', }).then((result) => { if (result.value) { $.ajax({ url: '{% url 'start_instance' %}', type : 'POST', dataType: 'json', data : { csrfmiddlewaretoken: '{{ csrf_token }}', instance_id: item.id, }, success : function(json) { if (json.status==='ok'){ Swal.fire( 'Started!', 'VM instance is being started', 'success' ).then(function () { location.reload(); }) } else { Swal.fire( 'Start Failed', 'Cannot start the VM: ' + json.message, 'error' ) } }, error : function(xhr,errmsg,err) { Swal.fire( 'Start Errored', errmsg, 'error' ) } }); } }); } ``` -------------------------------- ### Install IPA on iOS Device Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Installs an IPA file on a specified iOS device. Requires the device ID and the MD5 checksum of the IPA file. ```APIDOC ## POST /api/v1/ios/device_install_ipa ### Description Installs an IPA file on a specified iOS device. Requires the device ID and the MD5 checksum of the IPA file. ### Method POST ### Endpoint /api/v1/ios/device_install_ipa ### Parameters #### Data Params - **device_id** (string) - Required - iOS device id (Available from /api/v1/ios/device_dynamic_analysis) - **checksum** (string) - Required - MD5 hash of the scan (Available from /api/v1/upload) ### Request Example ```bash curl -X POST --url http://localhost:8000/api/v1/ios/device_install_ipa --data "device_id=00008110-000A4CE00C81C01E&checksum=f49355aa96053a36248905f78d5419a8" -H "Authorization: {{ api_key}}" ``` ### Response #### Success Response (200) - **status** (string) - "ok" #### Response Example ```json { "status": "ok" } ``` ``` -------------------------------- ### Exported Symbols Documentation Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Documentation for all exported symbols, including over 120 functions and 20 classes, is available. ```markdown → exported-symbols.md (120+ functions, 20+ classes) ``` -------------------------------- ### Terminal Initialization and Event Handlers Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/ios/dynamic_analyzer.html Sets up a basic shell interface with command history and input handling. It listens for clicks on the shell area and keydown events on the command line input. ```javascript var Terminal = Terminal || function (cmdLineContainer, outputContainer) { window.URL = window.URL || window.webkitURL; window.requestFileSystem = window.requestFileSystem || window.webkitRequestFileSystem; var cmdLine_ = document.querySelector(cmdLineContainer); var output_ = document.querySelector(outputContainer); const CMDS_ = [ 'clear', 'date', 'help', 'app_path' ]; var history_ = []; var histpos_ = 0; var histtemp_ = 0; var intro = '

Shell Access

' + new Date() + '

'; var shell = document.getElementById('shell'); shell.addEventListener('click', function (e) { cmdLine_.focus(); }, false); cmdLine_.addEventListener('click', inputTextClick_, false); cmdLine_.addEventListener('keydown', historyHandler_, false); cmdLine_.addEventListener('keydown', processNewCommand_, false); function inputTextClick_(e) { this.value = this.value; } function historyHandler_(e) { if (history_.length) { if (e.keyCode == 38 || e.keyCode == 40) { if (history_[histpos_]) { history_[histpos_] = this.value; } else { histtemp_ = this.value; } } if (e.keyCode == 38) { // up histpos_--; if (histpos_ < 0) { histpos_ = 0; } } else if (e.keyCode == 40) { // down histpos_++; if (histpos_ > history_.length) { histpos_ = history_.length; } } if (e.keyCode == 38 || e.keyCode == 40) { this.value = history_[histpos_] ? history_[histpos_] : histtemp_; setTimeout(() => { this.setSelectionRange(this.value.length, this.value.length); }, 0); // Sets cursor to end of input. } } } function output(html, escape_=false, pre=false, error=false) { if (escape_) html = escape(html); if (pre) output_.insertAdjacentHTML('beforeEnd', '
' + html + '
'); else if (error) output_.insertAdjacentHTML('beforeEnd', '
' + html + '
'); else output_.insertAdjacentHTML('beforeEnd', '

' + html + '

'); } function scrollToShellBottom(){ // Scroll to shell bottom and ensure shell is completely visible var myElement = document.getElementById('shell'); // Scroll the shell content to the b ``` -------------------------------- ### Unique Feature: Security Function Examples Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Every security function includes examples demonstrating prevention of SSRF, injection, and path traversal vulnerabilities. ```markdown ✅ Every security function has SSRF/injection/path-traversal examples ``` -------------------------------- ### Start Dynamic Analysis API Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Initiates the dynamic analysis process for a specified application. Ensure the dynamic analysis environment is set up and running. ```APIDOC ## POST /api/v1/dynamic/start_analysis ### Description Starts the dynamic analysis for a given application hash. This API requires the dynamic analysis environment (e.g., Android VM, emulator, or device) to be configured and operational. ### Method POST ### Endpoint /api/v1/dynamic/start_analysis ### Header Authorization: Or X-Mobsf-Api-Key: ### Parameters #### Data Params - **hash** (string) - Required - The hash of the scan for which to start dynamic analysis. - **re_install** (integer) - Optional - Set to 0 or 1. Defaults to 1. Indicates whether to reinstall the application. - **install** (integer) - Optional - Set to 0 or 1. Defaults to 1. Indicates whether to install the application. ### Success Response #### Success Response (200) - **Content-Type**: application/json; charset=utf-8 - **Content**: A JSON object containing details about the initiated dynamic analysis session, including screen dimensions, package name, scan hash, Android version, and MobSF version. Example: `{ "screen_witdth": "1440", "screen_height": "2960", "package": "opensecurity.helloworld", "hash": "3a552566097a8de588b8184b059b0158", "android_version": 8, "version": "v3.1.8 Beta", "title": "Dynamic Analyzer" }` #### Error Response - **Code**: 500 Internal Server Error, 405 Method Not Allowed, 422 Unprocessable Entity **Content**: `{"error": }` - **Code**: 401 Unauthorized **Content**: `{"error": "You are unauthorized to make this request." }` ``` -------------------------------- ### Create and Queue Async Task Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/async-task-management.md This snippet demonstrates the process of creating a task record and then queuing an asynchronous analysis task using Django-Q. It outlines the steps from task creation to worker processing and completion. ```python from mobsf.StaticAnalyzer.models import EnqueuedTask from django.utils import timezone from django_q.tasks import async_task # 1. Create task task = EnqueuedTask.objects.create( task_id='task_12345', checksum='abc123def456', file_name='vulnerable.apk', app_name='VulnerableApp', status='Enqueued' ) # 2. Queue async analysis task_result = async_task( 'mobsf.StaticAnalyzer.views.android.static_analyzer.static_analyzer', request, 'abc123def456', api=True, task_name=task.task_id, timeout=3600 ) # 3. User polls via GET /api/v1/tasks # Response includes: task_id, status='Enqueued' # 4. Worker starts processing task.started_at = timezone.now() task.status = 'Running' task.save() # 5. Worker completes task.completed_at = timezone.now() task.status = 'Completed' task.save() # 6. User retrieves results via POST /api/v1/report_json # Task deleted from EnqueuedTask after configured retention ``` -------------------------------- ### Toggle Screen Streaming - JavaScript Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/dynamic_analysis/android/dynamic_analyzer.html Starts or stops screen streaming. When started, it periodically captures the screen and updates an image element. Touch events are enabled. ```javascript var screen_width, screen_height; var screenfunc; $("#screen").click(function() { var stext = $("#screen").text(); if (stext.includes("Show Screen")){ $("#screen").html(" Stop Screen"); print_status('Screen streaming started.') touch = "on"; screenfunc = setInterval(function(){ // Capture Screen action('{% url 'screen_cast' %}', {}, function(json) { if (json.status == 'ok'){ if (screen_width === undefined || screen_height === undefined){ // Get Screen Resolution from Image var i = new Image(); i.onload = function(){ screen_width = i.width; screen_height = i.height; console.log('Screen Resolution: ' + screen_width + 'x' + screen_height) i = null; }; i.src = json.message; } $('#my').attr('src', json.message); } else console.log(json.message) }); }, 2000); } else { $("#screen").html(" Show Screen"); print_status("Screen streaming stopped."); $('#my').attr('src', '/static/img/loading.jpg'); clearInterval(screenfunc); touch = "off"; } return false; }); ``` -------------------------------- ### REST API Documentation Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt REST API reference includes documentation for over 80 endpoints and details authentication requirements. ```markdown → rest-api-reference.md (80+ endpoints documented) → api-middleware.md (authentication) ``` -------------------------------- ### Database Model Documentation Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/COMPLETION_SUMMARY.txt Database models documentation covers all 6 models and their fields, including various field types. ```markdown → database-models.md (all 6 models with fields) ``` -------------------------------- ### Install IPA on iOS Device API Call Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/mobsf/templates/general/apidocs.html Use this endpoint to install an IPA file on a jailbroken iOS device. Requires device ID and the checksum of the scan. ```bash curl -X POST --url http://localhost:8000/api/v1/ios/device_install_ipa --data "device_id=00008110-000A4CE00C81C01E&checksum=f49355aa96053a36248905f78d5419a8" -H "Authorization: {{ api_key}}" ``` -------------------------------- ### Suppress Findings Example Source: https://github.com/mobsf/mobile-security-framework-mobsf/blob/master/_autodocs/database-models.md Example of how to suppress security findings for an application using the SuppressFindings model. This involves creating or retrieving a record and updating the suppressed rule IDs. ```python from mobsf.StaticAnalyzer.models import SuppressFindings # Suppress a rule for app suppress = SuppressFindings.objects.get_or_create( PACKAGE_NAME='com.example.app' )[0] suppress.SUPPRESS_RULE_ID = ['android_ssl_pinning', 'android_hardcoded_secrets'] suppress.save() ```