Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
* Replace Android test APK
* Added tests for Library analysis from binary (scan_library route)
* iOS merge findings from swift and objective c rules with same rule identifier. Fixes #2287
* iOS Binary analysis, sort regex matches. Fixes #2252
* Framework dylibs with no extensions to skip PIE checks. Fixes #2307
* Select correct network_security config. Fixes #2049
* Android Manifest Analysis added support for detecting task hijacking (StrandHogg 1.0 and StrandHogg 2.0) . Fixes #2124
* Added new manifest analysis rule to warn on apps targeting older Android OS
* Updated severity of findings
* UI improvement for AppSec dashboard to show a loader
* UI changes in Static Analysis to collapse large no of files in API and Code Analysis for better real estate
* Improved certificate file analysis for android, jar, aar, and ios
* MobSF version Bump
Checklist for PR
[x] Run MobSF unit tests and lint tox -e lint,test
[x] Tested Working on Linux, Mac, Windows, and Docker
[x] Add unit test for any new Web API (Refer: StaticAnalyzer/tests.py)
👋 @ajinabraham
Thank you for sending this pull request ❤️.
Please make sure you have followed our contribution guidelines. We will review it as soon as possible
Describe the Pull Request
Checklist for PR
tox -e lint,test
StaticAnalyzer/tests.py
)Additional Comments (if any)