All Enhancements are tracked here (Not top priority)

[ajinabraham]

Feature Requests & Enhancements

These feature requests/enhancements are not the top priority for the project at this time or require major rework to implement them. If you would like to prioritize them, please consider subscribing to MobSF Professional/Enterprise support plans https://opensecurity.in/#support

• Manifest String Expansion - [FEATURE] Android Manifest String resource expansion #2345
• Different Malware db - [FEATURE REQUEST] Use different malware db #2359
• Datatables export, Chinese character garbled - Datatables export function, when exporting a file, the Chinese in the file is garbled #2342
• Support file scan queuing to support lower configuration servers - Multiple files upload freezes computer with not enough RAM (there is no option to add to queue instead of scanning at the same time) #2302
• Optimizing the Storage of Privileges in the Database - [FEATURE] Optimizing the Storage of Privileges in the Database #2192
• Use Geoip2 - [FEATURE] I suggest replace IP2Location library with geoip2  #2073
• httptools UI URL is hardcoded to localhost - httptools UI URL is hardcoded to localhost #1667
• Download AndroidManifest from API - [FEATURE] Download AndroidManifest from API #1783
• Fridump integration - [FEATURE] Fridump integration  #1864
• validate against known vulnerable apps - [FEATURE] validate against known vulnerable apps #1836
• Add FileLink for Permissions - Add FileLink for Permissions #1894
• Support for GPlayDL - [FEATURE] Support for GPlayDL #1900
• PDF Reports Chinese translation - [FEATURE]How to convert PDF report to Chinese #1925
• SHA256 hash support in UI Lookup - SHA256 hash support in UI Lookup #1930
• Google Fonts fails to load in China - CSS file loading fail in China #1870
• Browse all files - [FEATURE] browse all files #1724
• Sticky horizontal scrollbar in code/xml views - [UX] Sticky horizontal scrollbar in code/xml views #1693
• Responsive UI changes - Web UI elements overlap or spread afar on Mobile & big screen #1569
• Update EnligherJS - Lack of ability to View Source in browser in some cases until upstream EnlighterJS bug is fixed #1603
• App Scores in Recent Page - Recent scan page [FEATURE] #1526
• Support non app directory for android source code - StaticAnalysis: Allow different source paths for Android Studio when using zip format. #1553
• Specify version of Dataset used - [FEATURE] Specify versions of data sets used #1357
• Frida Memory Dump - [FEATURE] Add memory dump feature for mobsf #1431
• REST API Response format - [FEATURE] Provide codes for simplified classification of issues #1356
• Submit to VT - [Feature] Add "Submit" button in VirusTotal section #1349
• Apple CAR parser - Assets.car parser #1271
• Better handling of Info.plist in iOS Source [FEATURE] Better handling of info.plist files in IOS Source #1241
• CSV Results Allow for CSV export of findings[FEATURE] #1155
• MISP Project about IOC [FEATURE] Mobile-Security API-Framework-MobSF within MISP Project about IOC(Indicator_of_compromise) #1147
• Support Git Scanning [FEATURE] Scanning from git repository  #1146
• Dark mode [FEATURE] Dark Mode #1088
• Android SCA Username and Path Disclosure - Android Static Analysis test request #468
• Code Graph - Please add code path diagrams [Feature Request] #606
• Detect Vulnerable Javascript Libraries in Hybrid Mobile Apps Detect Vulnerable Javascript Libraries in Hybrid Mobile Apps #368
• [windows_static] appxbundle https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/254
• config.py used by USE_HOME needs to be updated in the background config.py used by USE_HOME needs to be updated in the background #355
• Feature Request: Can we export the details in Excel Format. https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/248
• Android: Enhancement : Edit Code, Save, Recompile and Intent Vulnerability POC Generation https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/110
• Analyzing string values looking for credentials - [FEATURE] Analyzing string values looking for credentials #1866
• Secret Detection with Regex - [FEATURE] Enhancing secret detection with regex rules #2191

Third Party

• Android Library Detection and Analysis [Contributing] Integration of Library Detection & Analysis into MobSF #1614

DONE

• Android: Dynamic Analysis: Exported Activity Tester to support intents. https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/135
• Websocket protocol to display analysis progress related logs in real time on the front end - [FEATURE] use the websocket protocol to display analysis progress related logs in real time on the front end, providing better visual progress information. #2303
• MobSF Authentication Support - Add Username & ID Options for Security #2317
• Too much data loaded, causing browser to stall - Too much data is loaded at one time, causing the browser to stall #2305
• [FR] Integrate Android unused permission flag (Yes/No) under the permission table https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/269
• iOS Dynamic Analysis - [FEATURE] Dynamic Analysis of iOS apps utilizing jailbroken iPhones #1453
• PDF Export revamp - PDF export is dead, find a better option #1982
• Improve IP Address Regex - IP address disclosure issue #1299
• More granular settings split - [FEATURE] Split settings.py #1697
• Non root docker user - Create non root docker image [FEATURE] #1639
• Support non windows compatible filenames in Windows "OSError: [Errno 22] Invalid argument: " Dynamic Analysis - Windows 10 - MobSF v.2.0 #1086
• Support XAPK - [FEATURE] Properly Handle Multi-Part-apk Files (apx) #1267
• Marking Finding as False Positive Marking vulnerability as false positive #1189
• Download APK - download apk #1528
• Swift Code Scan [FEATURE] Support of Swift #1145
• Framework: Move from Debug Mode to Production https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/136
• Android: Dynamic Analysis Strings and ReadELF https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/105
• Scanning Pacakge at the same time An error will be reported when scanning a package at the same time #721
• Investigate hook https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/180
• VirusTotal Scan for Windows Binaries - Add VT Support for Windows Binaries #488
• Dynamic Analysis: Restart - VM : Reconnenct https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/157
• Support for Diffing, Remove False Positives, Report Missed Vulnerabilities https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/249
• Sortable tables need more information [FEATURE] Sortable Tables #1090
• PDF Scaling - PDF-Report scales with screen resolution #420
• Better Names for JSON response params The some field name in api of report response is wrong  #708
• -pie and -fpic binary detection seems outdated or broken -pie and -fpic binary detection seems outdated or broken #1029
• Live logcat and filtering during dynamic analysis https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/181
• Certficate Unpinning https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/162
• [Enc] Add some graphs in reports https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/149
• Update Android Permission Mapping DB - Permission 'com.google.android.c2dm.permission.RECEIVE ' Unknown #552
• Support iOS Swift Apps class-dump for iOS apps written in Swift? #332
• Slack Discussion Group https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/261
• Regex for Capturing IP Static Regex Needed #373
• OWASP Mobile Top 10 [Suggestion - Enhancement] Would be better to have OWASP Top 10 tag with the code anaysis which gives good impression. #17
• Auto Check for Latest Version https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/238
• Python ADB https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/188
• Update PDF Python Lib https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/173
• App Scoring https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/144
• Download Apps from PlayStore https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/142
• Android Test Suite https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/131
• Safe Browsing https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/284
• Dynamic Analyzer: More Hooks https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/140
• feature (diff permissions for android app based on previous scans) https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/195

INVALID

• API Fuzzer: enhancements https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/107
• Find API keys/secrets by matching regex - [FEATURE] Find API keys/secrets by matching regex #1843
• Better logging (pidcat) - [FEATURE] Integrate something similar to pidcat to see the logs during Dynamic analysis #1376
• Koodus API - [FEATURE] Koodous API integration for vote and upload #1367
• Dynamic analysis with wired adb instead of wifi adb - adding option for dynamic analysis with wired adb instead of wifi adb #404
• False Posivitives related to Code Analysis https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/220
• Android N Support https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/191
• Android: Pulling apps from device https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/147
• Use Github releases for VM https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/187
• Support for both "armeabi-v7a and armeabi-v7a x86" in MobSF VM - Enhancement - Support for both "armeabi-v7a and armeabi-v7a x86" #661
• Android: permission mapping https://github.com/ajinabraham/Mobile-Security-Framework-MobSF/issues/133
• Android 7.0 VM support - to support Android version 7.0 above #487

[0xspade]

Please add a feature that will highlight the vulnerable line of code in the a APK Files.

[martinbydefault]

#261 is done right? (https://github.com/MobSF/Mobile-Security-Framework-MobSF#contribution-feature-requests--bugs)

[ajinabraham]

Nope it's an enhancement to be added.

[martinbydefault]

Maybe I understood #261 incorrectly but since there is now a Slack (https://mobsf.slack.com/) for the project, isn't the issue fulfilled?

[ajinabraham]

Oh no. That's a DevSecOps use case where you can add a slack bot to interact with MobSF through REST API

[ajinabraham]

Infact you are right. I got confused. Closing it

[oxr463]

Looks like this might be out of date.

[ajinabraham]

@phspade Line numbers are now available in latest master

[hayalolsam]

AndroidPentest-2019.ova.zip

[DayNja]

Good day, not sure how i would go about this, still reletivly noob, but i love open-source projects,

im trying to do some security testing of a mobile app on android, however i see MobSF only supports up to android 11, i am using genymotion and android studio as my emulator, when i load the application on my emulator the app breaks and i cannot do dynamic analysis, but when i use android 15 via android studio the app works perfectly fine, but i cannt do my analysis,
if you could kindly point me in the direction to either getting the app to work on android 11 with the dynamic analyizer or how to get MobSF to work with the android 15
thanking you in advanced, and i really like this project keep up the good work :)