MobSF-MCP

Architecture based on https://github.com/GH05TCREW/mobsf-mcp

📑 Overview

MobSF MCP is a Node.js-based Model Context Protocol implementation for Mobile Security Framework (MobSF). It provides a standardized interface for integrating MobSF's security analysis capabilities into automated workflows and third-party tools.

🛠️ Prerequisites

Node.js (v14 or higher)
npm (Node Package Manager)
Running instance of MobSF with API access

⚙️ Installation And Usage

Clone the repository or navigate to the mobsf-mcp directory, and install dependencies:

npm install -g mobsf-mcp

Configure environment variables and start the MobSF MCP server by using the npx command:

📚 Open PowerShell as an administrator

$env:MOBSF_URL="http://localhost:8000"; $env:MOBSF_API_KEY="your_api_key_here"; npx mobsf-mcp

📂 API Reference

Available Endpoints

Endpoint	Description	Parameters
`uploadFile`	Upload a mobile application file (APK, IPA, or APPX) for security analysis	`file` : File path to upload
`getScanLogs`	Retrieve detailed scan logs for analyzed application	`hash` : MD5 hash of the scan
`getJsonReport`	Get full JSON security analysis report	`hash` : MD5 hash of the scan
`getJsonReportSection`	Get specific section of the report	`hash` : MD5 hash, `section` : Section name
`getJsonReportSections`	List all available report sections	`hash` : MD5 hash of the scan
`getRecentScans`	Retrieve list of recent security scans	`page` : Page number, `pageSize` : Results per page
`searchScanResult`	Search scan results by various criteria	`query` : Search term (hash/name/package)
`deleteScan`	Delete scan results	`hash` : MD5 hash of the scan
`getScorecard`	Get application security scorecard	`hash` : MD5 hash of the scan
`generatePdfReport`	Generate PDF security report	`hash` : MD5 hash of the scan
`viewSource`	View source files from analysis	`hash` : MD5 hash, `file` : File path, `type` : File type
`getScanTasks`	Get scan tasks queue (async scan queue)	None
`compareApps`	Compare two scan results	`hash1` : First scan hash, `hash2` : Second scan hash
`suppressByRule`	Suppress findings by rule ID	`hash` : MD5 hash, `type` : code/manifest, `rule` : Rule ID
`suppressByFiles`	Suppress findings by files	`hash` : MD5 hash, `type` : code, `rule` : Rule ID
`listSuppressions`	View scan suppressions	`hash` : MD5 hash of the scan
`deleteSuppression`	Delete suppressions	`hash` : MD5 hash, `type` : code/manifest, `rule` : Rule ID, `kind` : rule/file
`listAllHashes`	Get all report MD5 hash values	`page` : Page number, `pageSize` : Results per page

JSON Report Sections

The following sections are available when using getJsonReportSection:

Basic Information

version: MobSF version
title: Report title
file_name: Analyzed file name
app_name: Application name
app_type: Application type
size: File size
md5, sha1, sha256: File hashes
package_name: Application package name

Application Components

main_activity: Main activity name
exported_activities: List of exported activities
browsable_activities: List of browsable activities
activities: All activities
receivers: Broadcast receivers
providers: Content providers
services: Services
libraries: Native libraries

Security Analysis

target_sdk, max_sdk, min_sdk: SDK versions
version_name, version_code: App version info
permissions: Declared permissions
malware_permissions: Potentially dangerous permissions
certificate_analysis: Certificate security analysis
manifest_analysis: AndroidManifest.xml analysis
network_security: Network security configuration
binary_analysis: Binary file analysis
code_analysis: Source code security analysis
niap_analysis: NIAP compliance analysis

Additional Analysis

permission_mapping: Permission usage mapping
urls, domains, emails: Extracted strings
firebase_urls: Firebase URL analysis
exported_count: Count of exported components
apkid: APK identifier information
behaviour: Application behavior analysis
trackers: Tracking libraries detection
playstore_details: Google Play Store details
secrets: Detected secrets/keys
logs: Analysis logs
sbom: Software Bill of Materials
average_cvss: Average CVSS score
appsec: Application security score
virus_total: VirusTotal scan results

🖥️ VSCode Cline Extension Configuration

To use this project with the cline extension in VSCode, add the following configuration to your cline configuration file:

{ "mcpServers": { "MobSF MCP Server": { "disabled": false, "timeout": 60, "command": "Nodejs\\node.exe", "args": [ "index.js" ], "env": { "MOBSF_URL": "http://localhost:8000", "MOBSF_API_KEY": "your_api_key_here" }, "transportType": "stdio" } } }

⚠️ Path to your Node.js executable (adjust according to your system, e.g., C:\\Program Files\\nodejs\\node.exe). Make sure to fill in your actual MOBSF_API_KEY in the configuration.

⚠️ Disclaimer and Legal Notice

This tool is designed and provided for security researchers, penetration testers, and developers for LEGAL USE ONLY. The primary purpose is to assist in:

Security assessment of your own applications
Applications you have explicit permission to test
Research and educational purposes

The following uses are strictly prohibited:

Any malicious or harmful activities
Unauthorized access to systems or data
Testing applications without proper authorization
Any illegal activities or violation of laws

By using this tool, you agree to:

Use it only for legal and authorized purposes
Take full responsibility for your actions
Comply with all applicable laws and regulations
Hold the developers and contributors harmless from any claims

📄 License

This project is licensed under the Apache 2.0 License - see the LICENSE file for details.

✨ Acknowledgments

This server cannot be installed

security - not tested

license - not found

quality - not tested

How are these scores calculated?

remote-capable server

The server can be hosted and run remotely because it primarily relies on remote services or has no dependency on the local environment.

A Node.js-based Model Context Protocol implementation that provides a standardized interface for integrating Mobile Security Framework's security analysis capabilities into automated workflows and third-party tools.

Related MCP Servers

Argus
athapong
-
security
A
license
-
quality
A Model Context Protocol tool for analyzing code repositories, performing security scans, and assessing code quality across multiple programming languages.
Last updated -
1
MIT License
Node Omnibus MCP Server
bsmi021
A
security
A
license
A
quality
A comprehensive Model Context Protocol server that provides advanced Node.js development tooling for automating project creation, component generation, package management, and documentation with AI-powered assistance.
Last updated -
7
5
MIT License
Shell MCP Server
hdresearch
A
security
A
license
A
quality
A Node.js implementation of the Model Context Protocol that provides secure shell command execution capabilities, allowing AI models like Claude to run shell commands in a controlled environment with built-in security measures.
Last updated -
1
117
37
MIT License
SafetyCulture MCP Server
zerubroberts
-
security
F
license
-
quality
A Model Context Protocol server that allows users to query and analyze their SafetyCulture inspection data using natural language after providing an API key.
Last updated -

View all related MCP servers

MobSF MCP Server