Integrate MobSF with Vulnetix. Run Mobile Security Framework via Docker to perform static and dynamic analysis on APK and IPA files, then export JSON findings for upload to Vulnetix.
PythonCLI toolJSONPDF
Install & scan
$ docker pull opensecurity/mobile-security-framework-mobsf:latest
docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
$ # Get API key from MobSF web UI homepage
API_KEY="your_api_key_here"
# Upload APK and run static analysis via REST API
FILE_HASH=$(curl -s -F "file=@app.apk" -H "Authorization: ${API_KEY}" http://localhost:8000/api/v1/upload | jq -r '.hash')
# Trigger scan
curl -s -F "hash=${FILE_HASH}" -H "Authorization: ${API_KEY}" http://localhost:8000/api/v1/scan
# Export JSON report
curl -s -H "Authorization: ${API_KEY}" "http://localhost:8000/api/v1/report_json?hash=${FILE_HASH}" -o mobsf-report.json
Run MobSF in CI
Scan on every push and upload the results to Vulnetix:
- name: Start MobSF
run: |
docker run -d --name mobsf -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest
sleep 30
- name: Run MobSF scan
env:
MOBSF_API_KEY: ${{ secrets.MOBSF_API_KEY }}
run: |
HASH=$(curl -s -F "file=@app.apk" -H "Authorization: ${MOBSF_API_KEY}" http://localhost:8000/api/v1/upload | jq -r '.hash')
curl -s -F "hash=${HASH}" -H "Authorization: ${MOBSF_API_KEY}" http://localhost:8000/api/v1/scan
curl -s -H "Authorization: ${MOBSF_API_KEY}" "http://localhost:8000/api/v1/report_json?hash=${HASH}" -o mobsf-report.json
- name: Upload report
run: vulnetix upload --file mobsf-report.json
Centralise MobSF results in Vulnetix
Upload MobSF JSON, PDF output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.