Frequently Asked Question

All Categories » Penetration Testing

7. MobSF (Mobile Security Framework) with Docker on Kali Linux

Last Updated 9 months ago

# Configure Docker

  1. Update system by running below command:-
    2. $ sudo apt update && sudo apt upgrade -y
  2. Install the docker.io package. Kali Linux uses the docker.io package name for Docker, as a package named "docker" already exists for a different purpose:-
    3. $ sudo apt install -y docker.io
  3. Start and enable the Docker service:-
    4. $ sudo systemctl enable docker --now
  4. By default, you need sudo to run Docker commands. To run Docker commands without sudo, add your user to the docker group:-
    5. $ sudo usermod -aG docker $USER
  5. After running this command, you will need to log out and log back in for the changes to take effect. verify the installation:-
    6. $ logout
  6. After logging back in (if you added your user to the docker group), you can verify the installation by running a test container:-
    7. $ docker run hello-world
  7. The above command downloads a test image and runs a container that prints a "Hello from Docker!" message, indicating a successful installation.


# Configure MobSF via Docker

  1. Download and install the latest docker image:-
    2. $ docker pull opensecurity/mobile-security-framework-mobsf:latest


# Run MobSF with Static & Dynamic Analysis Support

  1. Run the Android Studio Emulator and obtain the MOBSF_ANALYZER_IDENTIFIER before running MobSF:-
    2. $ cd Mobile-Security-Framework-MobSF
$ scripts/start_avd.sh
  2. Run below command if using Docker on Windows:-
    3. $ docker run -it --rm -p 8000:8000 -p 1337:1337 -e OBSF_ANALYZER_IDENTIFIER= opensecurity/mobile-security-framework-mobsf:latest
  3. On Ubuntu and other Linux-based systems, make sure the Docker version is >= 20.10.0. When running the MobSF Docker container, add the extra option --add-host=host.docker.internal:host-gateway. Without this setting, the MobSF Docker container will be unable to communicate with the Android VM/emulator running on localhost of the host machine. You may also need to forward traffic to the emulator by following the instructions below:-
    4. $ sudo apt install socat

$ scripts/start_avd.sh Pixel_5_API_30
...
...
socat listener started on port 5556 forwarding to 5555 in the host.
Docker users please set the environment variable MOBSF_ANALYZER_IDENTIFIER=host.docker.internal:5556 for adb connectivity.

$ docker run -it --rm -p 8000:8000 -p 1337:1337 --add-host=host.docker.internal:host-gateway -e MOBSF_ANALYZER_IDENTIFIER=host.docker.internal:5556 opensecurity/mobile-security-framework-mobsf:latest
  4. Now access the MobSF web interface by opening http://127.0.0.1:8000 in the browser. Use the default login credentials: mobsf/mobsf

Loading