mcpserver.so LogoMCPFly
Submit
MobSF MCP Tool logo

MobSF MCP Tool

by pullkitsan

Securitysecuritymobile securitystatic analysismobsfapkipaclaude5ire

This tool allows MobSF to scan APK and IPA files directly via Claude, 5ire, or any MCP-capable client. It's an MCP (Model Context Protocol) compatible server.

View on GitHub

Last updated: N/A

What is MobSF MCP Tool?

This is an MCP-compatible server that enables MobSF (Mobile Security Framework) to scan APK and IPA files through MCP clients like Claude or 5ire. It acts as a bridge, allowing these clients to leverage MobSF's powerful static analysis capabilities.

How to use MobSF MCP Tool?

  1. Install MobSF. 2. Clone the repository and install dependencies using npm install. 3. Configure the .env file with your MobSF API key and URL. 4. Run the server using npx tsx server.ts (or as configured in your MCP client). 5. Use an MCP client to send commands like scan <FILE>.apk or scan <FILE>.ipa to trigger scans.

Key features of MobSF MCP Tool

  • Supports APK and IPA file scanning

  • Uses MobSF's REST API for file upload, scan triggering, and result fetching

  • Automatically filters large results (strings, secrets) to prevent output overload

  • MCP-compatible interface via server.ts

Use cases of MobSF MCP Tool

  • Integrating MobSF's static analysis into AI-powered security workflows

  • Automating mobile app security assessments via MCP clients

  • Scanning mobile apps directly from within Claude or 5ire environments

  • Performing security analysis on APK and IPA files without directly interacting with the MobSF UI

FAQ from MobSF MCP Tool

What file types are supported?

Only .apk and .ipa file types are supported.

What is MCP?

MCP stands for Model Context Protocol. It's a protocol that allows different tools and services to communicate and share context.

How do I find my MobSF API key?

The MobSF API key can be found in the MobSF settings or configuration file.

Why are large results filtered?

Large fields like raw strings or source code dumps are filtered to keep responses fast and compliant with Claude/5ire message limits.

What if my MobSF server is not running on localhost:8000?

You need to update the MOBSF_URL variable in the .env file to point to the correct URL of your MobSF server.