All Enhancements are tracked here (Not top priority)

[ajinabraham]

Feature Requests & Enhancements

These feature requests/enhancements are not the top priority for the project at this time or require major rework to implement them. If you would like to prioritize them, please consider subscribing to MobSF Professional/Enterprise support plans https://opensecurity.in/#support

• [ ] Manifest String Expansion - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2345
• [ ] Different Malware db - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2359
• [ ] Datatables export, Chinese character garbled - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2342
• [ ] Support file scan queuing to support lower configuration servers - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2302
• [ ] Optimizing the Storage of Privileges in the Database - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2192
• [ ] Use Geoip2 - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2073
• [ ] httptools UI URL is hardcoded to localhost - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1667
• [ ] Download AndroidManifest from API - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1783
• [ ] Fridump integration - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1864
• [ ] validate against known vulnerable apps - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1836
• [ ] Add FileLink for Permissions - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1894
• [ ] Support for GPlayDL - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1900
• [ ] PDF Reports Chinese translation - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1925
• [ ] SHA256 hash support in UI Lookup - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1930
• [ ] Google Fonts fails to load in China - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1870
• [ ] Browse all files - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1724
• [ ] Sticky horizontal scrollbar in code/xml views - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1693
• [ ] Responsive UI changes - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1569
• [ ] Update EnligherJS - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1603
• [ ] App Scores in Recent Page - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1526
• [ ] Support non app directory for android source code - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1553
• [ ] Specify version of Dataset used - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1357
• [ ] Frida Memory Dump - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1431
• [ ] REST API Response format - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1356
• [ ] Submit to VT - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1349
• [ ] Apple CAR parser - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1271
• [ ] Better handling of Info.plist in iOS Source https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1241
• [ ] CSV Results https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1155
• [ ] MISP Project about IOC https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1147
• [ ] Support Git Scanning https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1146
• [ ] Dark mode https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1088
• [ ] Android SCA Username and Path Disclosure - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/468
• [ ] Code Graph - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/606
• [ ] Detect Vulnerable Javascript Libraries in Hybrid Mobile Apps https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/368
• [ ] [windows_static] appxbundle https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/254
• [ ] config.py used by USE_HOME needs to be updated in the background https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/355
• [ ] Feature Request: Can we export the details in Excel Format. https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/248
• [ ] Android: Enhancement : Edit Code, Save, Recompile and Intent Vulnerability POC Generation https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/110
• [ ] Analyzing string values looking for credentials - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1866
• [ ] Secret Detection with Regex - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2191

Third Party

• [ ] Android Library Detection and Analysis https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1614

DONE

• [x] Android: Dynamic Analysis: Exported Activity Tester to support intents. https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/135
• [x] Websocket protocol to display analysis progress related logs in real time on the front end - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2303
• [x] MobSF Authentication Support - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2317
• [x] Too much data loaded, causing browser to stall - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/2305
• [x] [FR] Integrate Android unused permission flag (Yes/No) under the permission table https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/269
• [x] iOS Dynamic Analysis - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1453
• [x] PDF Export revamp - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1982
• [x] Improve IP Address Regex - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1299
• [x] More granular settings split - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1697
• [x] Non root docker user - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1639
• [x] Support non windows compatible filenames in Windows https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1086
• [x] Support XAPK - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1267
• [x] Marking Finding as False Positive https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1189
• [x] Download APK - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1528
• [x] Swift Code Scan https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1145
• [X] Framework: Move from Debug Mode to Production https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/136
• [x] Android: Dynamic Analysis Strings and ReadELF https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/105
• [x] Scanning Pacakge at the same time https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/721
• [x] Investigate hook https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/180
• [x] VirusTotal Scan for Windows Binaries - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/488
• [x] Dynamic Analysis: Restart - VM : Reconnenct https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/157
• [x] Support for Diffing, Remove False Positives, Report Missed Vulnerabilities https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/249
• [x] Sortable tables need more information https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1090
• [x] PDF Scaling - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/420
• [x] Better Names for JSON response params https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/708
• [x] -pie and -fpic binary detection seems outdated or broken https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1029
• [x] Live logcat and filtering during dynamic analysis https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/181
• [x] Certficate Unpinning https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/162
• [X] [Enc] Add some graphs in reports https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/149
• [x] Update Android Permission Mapping DB - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/552
• [x] Support iOS Swift Apps https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/332
• [x] Slack Discussion Group https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/261
• [x] Regex for Capturing IP https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/373
• [x] OWASP Mobile Top 10 https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/17
• [x] Auto Check for Latest Version https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/238
• [x] Python ADB https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/188
• [x] Update PDF Python Lib https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/173
• [x] App Scoring https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/144
• [x] Download Apps from PlayStore https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/142
• [x] Android Test Suite https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/131
• [x] Safe Browsing https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/284
• [x] Dynamic Analyzer: More Hooks https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/140
• [X] feature (diff permissions for android app based on previous scans) https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/195

INVALID

• [X] API Fuzzer: enhancements https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/107
• [x] Find API keys/secrets by matching regex - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1843
• [x] Better logging (pidcat) - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1376
• [x] Koodus API - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/1367
• [x] Dynamic analysis with wired adb instead of wifi adb - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/404
• [X] False Posivitives related to Code Analysis https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/220
• [X] Android N Support https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/191
• [X] Android: Pulling apps from device https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/147
• [X] Use Github releases for VM https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/187
• [x] Support for both "armeabi-v7a and armeabi-v7a x86" in MobSF VM - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/661
• [X] Android: permission mapping https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/133
• [x] Android 7.0 VM support - https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/487

[0xspade]

Please add a feature that will highlight the vulnerable line of code in the a APK Files.

[martinbydefault]

https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/261 is done right? (https://github.com/MobSF/Mobile-Security-Framework-MobSF#contribution-feature-requests--bugs)

[ajinabraham]

Nope it's an enhancement to be added.

[martinbydefault]

Maybe I understood https://github.com/MobSF/Mobile-Security-Framework-MobSF/issues/261 incorrectly but since there is now a Slack (https://mobsf.slack.com/) for the project, isn't the issue fulfilled?

[ajinabraham]

Oh no. That's a DevSecOps use case where you can add a slack bot to interact with MobSF through REST API

[ajinabraham]

Infact you are right. I got confused. Closing it

[oxr463]

Looks like this might be out of date.

[ajinabraham]

@phspade Line numbers are now available in latest master

[hayalolsam]

AndroidPentest-2019.ova.zip