Releases: MobSF/Mobile-Security-Framework-MobSF
Releases · MobSF/Mobile-Security-Framework-MobSF
v3.3.5 Beta
You can now install mobsf from pypi https://pypi.org/project/mobsf/ provided you have installed all the requirements in documentation.
Install and Setup
python3 -m venv venv
source venv/bin/activate
pip install mobsf
mobsfdb # migrate databaseRun
mobsf 127.0.0.1:8000 # run mobsfv3.3.5 Beta Changelog
- Bug Fixes
- Removed Android Shared Library PIE Check
- Improved Frida Instrumentation Logic to prevent Frida bypass
- Fixed a False positive in Android Java Random rule
- Fixed a bug that caused multiple first time saves of the same scan
- Fixed Dynamic Analyzer JSON Report REST API bug
v3.3.3 Beta
You can now install mobsf from pypi https://pypi.org/project/mobsf/ provided you have installed all the requirements in documentation.
Install and Setup
python3 -m venv venv
source venv/bin/activate
pip install mobsf
mobsfdb # migrate databaseRun
mobsf 127.0.0.1:8000 # run mobsfv3.3.3 Beta Changelog
-
Features or Enhancements
- Android Hardcoded Secrets Improvement
- iOS IPA binary analysis improvements
- Improved Android Manifest Analysis
- Improved Setup
- Updated to APKiD that is maintained by MobSF Team
- Static Analysis Rule QA
- macOS BigSur support
- Update libsast to skip large files.
- Improved iOS plist analysis
- Relaxed Android Source code zip requirements
-
Bug Fixes
- Fixed a bug in Android Shared Library RELRO check
- Fixed a bug in Windows setup that prevents detection of python version on the first run
- Fixed a bug in Recent Scan
- Fixed a bug in root CA naming that prevented traffic interception
v3.2.9 Beta
You can now install mobsf from pypi https://pypi.org/project/mobsf/ provided you have installed all the requirements in documentation.
python3 -m venv venv
source venv/bin/activate
pip wheel --wheel-dir=yara-python --build-option="build" --build-option="--enable-dex" git+https://github.com/VirusTotal/[email protected]
pip install --no-index --find-links=yara-python yara-python
pip install mobsf
mobsfdb # migrate database
mobsf 127.0.0.1:8000 # run mobsf
v3.2.9 Beta Changelog
- Bug Fixes
- MobSF python package fix
v3.2.8 Beta
v3.2.8 Beta Changelog
-
Features or Enhancements
- OWASP MSTG Mapping to Rules
- Python 3.9 support
- Prebuilt DEX enabled yara-python wheels
- Dynamic Downloading of frida-server binary
- Code QA
-
Bug Fixes
- Windows APPX bug fix
v3.2.6 Beta
IMPORTANT - IF YOU ARE UPDATING MOBSF
This release has database model changes. To update see: https://mobsf.github.io/docs/#/updating
This release has a breaking change. Please rescan all existing scans after the update. Add &rescan=1 to the scan URL to perform rescan.
v3.2.6 Beta Changelog
-
Features or Enhancements
- Added Support for Android 10 Dynamic Analysis
- Published new REST APIs for Dynamic Analysis
- New Source Tree Browser for Android Static Analysis
- Improved Binary and Shared Object Analysis with LIEF
- Added Support for NIAP v1.3
- Added a world map UI plotting server locations
- Added Maltrail Domain Check
- Improved Android Permission Analysis
- iOS Objective C Rule improvements
- Android Kotlin Rule improvements
- MobSF now available as a python package and published to pypi
- Migrated CI from Travis to Github Action
- Improved File Magic Check on Uploads
- Post Install Check script
- Static Analysis Hardcoded Secrets Section from strings.xml
- Updated Dependencies
- Custom Header for REST API Key
-
Bug Fixes
- Fixed Install Verification bug on older Android versions
- Fix a Regex DoS in rule
- Fixed IPA Static Analysis Bug
- Minor PDF template fix
v3.1.1 Beta
IMPORTANT - IF YOU ARE UPDATING MOBSF
This release has database model changes. To update see: https://mobsf.github.io/docs/#/updating
This release has a breaking change. Please rescan all existing scans after the update. Add &rescan=1 to the scan URL to perform rescan.
v3.1.1 Beta Changelog
-
Features or Enhancements
- Added Support for Android Network Security Config Analysis
- Replace SAST core with libsast
- Support for line numbers in source code
- Replaced Code Viewer with EnlighterJS
- Kotlin source scan support
- Improved Certificate Analysis
- Genymotion Cloud Support
- Support Android Emulator AVD x86, ARM, ARM64
- Verify Dynamic Analysis APK Installation
- Dynamic Analysis: Support APK with test package requirements
- Automatic MobSFy on Frida binary update
- Expose App result compare REST API and Update REST API Docs
- Clean up MobSF proxy on exit
- IPA Binary Regex QA
- Optimize Root Checking Frida Script
- Environment Checks to see if API Level is supported and /system is writable
- Prebuilt dex enabled yara-python and improved setup, tox, tests
- Added Chinese documentation
- Reduce Docker image size
- Improved Postgresql Docker Support
- Android Dynamic Analysis QA
- Update Dependencies
-
Bug Fixes
- Android Rule Fixes
- Fixed API Monitor which was broken from Frida 12.8.19
- Fixed iOS ATS bug
- Fix Black PDF background issue
- LGTM Scan Code QA
-
Security
- Fixed Regex DoS in Email Extraction
- Fixed insecure Default Bind to 0.0.0.0
v3.0.5 Beta
IMPORTANT - IF YOU ARE UPDATING MOBSF
This release have database model changes.
To update see: https://mobsf.github.io/docs/#/updating
v3.0.5 Beta Changelog
-
Features or Enhancements
- iOS Swift Source Code Support
- Improved iOS Swift and Objective C rules
- OWASP MASVS/MSTG Standard Support
- Brand New PDF Reports
- Improved SAST Core
- Improved iOS Application Transport Security Checks
- Improved iOS Permission Checks
- Added IP to Geolocation Feature for Domain Malware Check
- URL and IP extraction from IPA
- App Risk Calculation from App Security Score
- Improve Recent Scan View
- Add Jtool2 support
- Code QA
- New Docs Site
-
Bug Fixes
- Classdump bug fixes
- Geolocation bug fixes
v3.0.1 Beta
IMPORTANT - IF YOU ARE UPDATING MOBSF
v3.0.1 Beta Changelog
-
Features or Enhancements
- Simplified REST API
- Improved Android App Name detection
- Dynamic Analysis proper Root CA naming
- Changes to Support Android x86 Docker
- Dependency updates
- Code QA
-
Bug Fixes
- Handle Invalid ATS domain entries iOS
- Fixes a Template Bug
v3.0.0 Beta
IMPORTANT - IF YOU ARE UPDATING MOBSF
This is a major release and has changes to database models and REST API schemas.
- Run
setup.shorsetup.batdepending on your OS.
v3.0.0 Beta Changelog
-
Features or Enhancements
- OWASP Mobile Top 10 2016 is supported
- Major UI Update for MobSF
- Major Schema changes to rest API
- iOS URLs Scheme
- iOS ATS Analysis improved
- New iOS Static Analysis Rules
- New iOS Static Analysis Rules
- New Android Manifest Analysis Rules
- Updated dependencies
- Optimized Windows Setup
- Updated Scoring mechanisms
- Improved Tracker detection
- Remove Global Proxy after dynamic analysis
- Android Permission database update
- Added Play with Docker support
- AppMonsta support
- Code QA
-
Bug Fixes
- Fix Security issue #1197 (Directory Traversal)
- iOS Static Analyzer fixes
- Typo Fix
- Moved to oscrypto and distro
- Windows binscope bug fix
- Reduce False positives
v2.0.0 Beta
IMPORTANT - IF YOU ARE UPDATING MOBSF
This release have database model changes and core framework changes.
- Run
setup.shorsetup.batdepending on your OS. - Migrate Database
python manage.py makemigrations python manage.py makemigrations StaticAnalyzer python manage.py migrate
v2.0.0 Beta Changelog
-
Features or Enhancements
- Dynamic Analysis Support for Genymotion Android VMs 4.1 -9.0 x86
- Improved Recent Scan
- Replaced CapFuzz with HTTPtools
- Automatic MobSFy with Xposed and Frida
- Streaming logcat
- Live API Monitor
- Better SQlite DB View
- Inbuilt Frida scripts for basic tasks
- Custom Frida Script support
- Frida Log Viewer
- UI Changes
- Browser PDF print support
- Updated Tools
- Baksmali performance improvements
- Improved malware domain check
- Multi OS Travis Support
- Code QA
-
Bug Fixes
- Typo Fix
- Reduce False positives