MobSF-MCP
Architecture based on https://github.com/GH05TCREW/mobsf-mcp
📑 Overview
MobSF MCP is a Node.js-based Model Context Protocol implementation for Mobile Security Framework (MobSF). It provides a standardized interface for integrating MobSF's security analysis capabilities into automated workflows and third-party tools.
🛠️ Prerequisites
- Node.js (v14 or higher)
- npm (Node Package Manager)
- Running instance of MobSF with API access
⚙️ Installation And Usage
Clone the repository or navigate to the mobsf-mcp directory, and install dependencies:
npm install -g mobsf-mcp
Configure environment variables and start the MobSF MCP server by using the npx command:
📚 Open PowerShell as an administrator
$env:MOBSF_URL="http://localhost:8000";
$env:MOBSF_API_KEY="your_api_key_here";
npx mobsf-mcp
📂 API Reference
Available Endpoints
Endpoint | Description | Parameters |
---|---|---|
uploadFile |
Upload a mobile application file (APK, IPA, or APPX) for security analysis | file : File path to upload |
getScanLogs |
Retrieve detailed scan logs for analyzed application | hash : MD5 hash of the scan |
getJsonReport |
Get full JSON security analysis report | hash : MD5 hash of the scan |
getJsonReportSection |
Get specific section of the report | hash : MD5 hash, section : Section name |
getJsonReportSections |
List all available report sections | hash : MD5 hash of the scan |
getRecentScans |
Retrieve list of recent security scans | page : Page number, pageSize : Results per page |
searchScanResult |
Search scan results by various criteria | query : Search term (hash/name/package) |
deleteScan |
Delete scan results | hash : MD5 hash of the scan |
getScorecard |
Get application security scorecard | hash : MD5 hash of the scan |
generatePdfReport |
Generate PDF security report | hash : MD5 hash of the scan |
viewSource |
View source files from analysis | hash : MD5 hash, file : File path, type : File type |
getScanTasks |
Get scan tasks queue (async scan queue) | None |
compareApps |
Compare two scan results | hash1 : First scan hash, hash2 : Second scan hash |
suppressByRule |
Suppress findings by rule ID | hash : MD5 hash, type : code/manifest, rule : Rule ID |
suppressByFiles |
Suppress findings by files | hash : MD5 hash, type : code, rule : Rule ID |
listSuppressions |
View scan suppressions | hash : MD5 hash of the scan |
deleteSuppression |
Delete suppressions | hash : MD5 hash, type : code/manifest, rule : Rule ID, kind : rule/file |
listAllHashes |
Get all report MD5 hash values | page : Page number, pageSize : Results per page |
JSON Report Sections
The following sections are available when using getJsonReportSection
:
Basic Information
version
: MobSF versiontitle
: Report titlefile_name
: Analyzed file nameapp_name
: Application nameapp_type
: Application typesize
: File sizemd5
,sha1
,sha256
: File hashespackage_name
: Application package name
Application Components
main_activity
: Main activity nameexported_activities
: List of exported activitiesbrowsable_activities
: List of browsable activitiesactivities
: All activitiesreceivers
: Broadcast receiversproviders
: Content providersservices
: Serviceslibraries
: Native libraries
Security Analysis
target_sdk
,max_sdk
,min_sdk
: SDK versionsversion_name
,version_code
: App version infopermissions
: Declared permissionsmalware_permissions
: Potentially dangerous permissionscertificate_analysis
: Certificate security analysismanifest_analysis
: AndroidManifest.xml analysisnetwork_security
: Network security configurationbinary_analysis
: Binary file analysiscode_analysis
: Source code security analysisniap_analysis
: NIAP compliance analysis
Additional Analysis
permission_mapping
: Permission usage mappingurls
,domains
,emails
: Extracted stringsfirebase_urls
: Firebase URL analysisexported_count
: Count of exported componentsapkid
: APK identifier informationbehaviour
: Application behavior analysistrackers
: Tracking libraries detectionplaystore_details
: Google Play Store detailssecrets
: Detected secrets/keyslogs
: Analysis logssbom
: Software Bill of Materialsaverage_cvss
: Average CVSS scoreappsec
: Application security scorevirus_total
: VirusTotal scan results
🖥️ VSCode Cline Extension Configuration
To use this project with the cline extension in VSCode, add the following configuration to your cline configuration file:
{
"mcpServers": {
"MobSF MCP Server": {
"disabled": false,
"timeout": 60,
"command": "Nodejs\\node.exe",
"args": [
"index.js"
],
"env": {
"MOBSF_URL": "http://localhost:8000",
"MOBSF_API_KEY": "your_api_key_here"
},
"transportType": "stdio"
}
}
}
⚠️ Path to your Node.js executable (adjust according to your system, e.g.,
C:\\Program Files\\nodejs\\node.exe
).Make sure to fill in your actualMOBSF_API_KEY
in the configuration.
⚠️ Disclaimer and Legal Notice
This tool is designed and provided for security researchers, penetration testers, and developers for LEGAL USE ONLY. The primary purpose is to assist in:
- Security assessment of your own applications
- Applications you have explicit permission to test
- Research and educational purposes
The following uses are strictly prohibited:
- Any malicious or harmful activities
- Unauthorized access to systems or data
- Testing applications without proper authorization
- Any illegal activities or violation of laws
By using this tool, you agree to:
- Use it only for legal and authorized purposes
- Take full responsibility for your actions
- Comply with all applicable laws and regulations
- Hold the developers and contributors harmless from any claims
📄 License
This project is licensed under the Apache 2.0 License - see the LICENSE file for details.