{% extends "base/base_layout.html" %} {% block sidebar_option %} sidebar-collapse {% endblock %} {% block content %}
REST API Key: {{ api_key }}
api/v1/upload
- 上传文件api/v1/scan
- 扫描文件api/v1/scans
- 最近扫描api/v1/delete_scan
- 删除扫描api/v1/download_pdf
- 下载pdf测试报告
api/v1/report_json
- 生成 JSON 报告
api/v1/view_source
- 查看源文件api/v1/compare
- 比较应用程序api/v1/dynamic/get_apps
- 获取动态分析应用api/v1/dynamic/start_analysis
- 开始动态分析api/v1/android/logcat
- 查看日志api/v1/android/mobsfy
- MobSFy
VM/Emulator/Deviceapi/v1/android/adb_command
- 执行 ADB 命令
api/v1/android/root_ca
- 安装或删除 MobSF 根 CA
api/v1/android/global_proxy
- 设置或取消设置 MobSF
HTTP(S) 代理api/v1/android/activity
- 活动或导出的活动测试器api/v1/android/tls_tests
- TLS/SSL 安全测试器
api/v1/frida/instrument
- Frida
Instrument Appapi/v1/frida/api_monitor
- Frida API
检测api/v1/frida/get_dependencies
- Frida
获取 依赖api/v1/frida/logs
- Frida 查看日志api/v1/frida/list_scripts
- Frida
List Scriptsapi/v1/frida/get_script
- Frida Get
Scriptapi/v1/dynamic/stop_analysis
- 停止动态扫描
api/v1/dynamic/report_json
- 动态扫描json报告
api/v1/dynamic/view_source
- 动态分析查看源上传文件接口. 支持类型: apk, zip, ipa and appx.
地址: /api/v1/upload
方法: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
参数
Param Name | Param Value | Required |
---|---|---|
file | multipart/form-data | Yes |
成功:
200
application/json; charset=utf-8
{"file_name": "diva-beta.apk",
"hash": "82ab8b2193b3cfb1c737e3a786be363a", "scan_type":
"apk"}
失败响应:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json;
charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json;
charset=utf-8
{"error": "You are
unauthorized to make this request." }
简单示例:
curl -F 'file=@/Users/ajin/Desktop/diva-beta.apk' http://localhost:8000/api/v1/upload -H "Authorization:{{ api_key }}"
OR
curl -F 'file=@/Users/ajin/Desktop/diva-beta.apk' http://localhost:8000/api/v1/upload -H "X-Mobsf-Api-Key:{{ api_key }}"
API to scan a file that is already uploaded.
URL: /api/v1/scan
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
scan_type | xapk, apk, zip, ipa, or appx | Yes |
file_name | Name of the app with extension | Yes |
hash | hash of the scan | Yes |
re_scan | 0 or 1, default is 0 | No |
Success Response:
200
application/json;
charset=utf-8
{"act_count": "17", "api": {"Loading Native Code (Shared Library) ": {"path":
["jakhar/aseem/diva/DivaJni.java"]}, "Local File I/O Operations": {"path":
["jakhar/aseem/diva/InsecureDataStorage2Activity.java", "jakhar/aseem/diva/SQLInjectionActivity.java"]},
"Starting Activity": {"path": ["jakhar/aseem/diva/AccessControl1Activity.java",
"jakhar/aseem/diva/AccessControl2Activity.java", "jakhar/aseem/diva/AccessControl3Activity.java",
"jakhar/aseem/diva/MainActivity.java"]}, "Query Database of SMS, Contacts etc.": {"path":
["jakhar/aseem/diva/AccessControl3NotesActivity.java", "jakhar/aseem/diva/NotesProvider.java"]}
SNIPPED
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json;
charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json;
charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/scan --data "scan_type=apk&file_name=diva-beta.apk&hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:{{ api_key }}"
OR
curl -X POST --url http://localhost:8000/api/v1/scan --data "scan_type=apk&file_name=diva-beta.apk&hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:{{ api_key }}"
API to delete scan results.
URL: /api/v1/delete_scan
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
Success Response:
200
application/json; charset=utf-8
{"deleted":
"yes"}
or {"deleted": "scan hash not
found"}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json;
charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json;
charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/delete_scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:{{ api_key }}"
OR
curl -X POST --url http://localhost:8000/api/v1/delete_scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:{{ api_key }}"
API to generate PDF Report.
URL: /api/v1/download_pdf
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
Success Response:
200
application/pdf
PDF Contents
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:{{ api_key }}"
OR
curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:{{ api_key }}"
API to generate JSON Report.
URL: /api/v1/report_json
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
Success Response:
200
application/json; charset=utf-8
JSON Contents
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/report_json --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:{{ api_key }}"
OR
curl -X POST --url http://localhost:8000/api/v1/report_json --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:{{ api_key }}"
API to view source files.
URL: /api/v1/view_source
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
file | relative file path | Yes |
type | apk/ipa/studio/eclipse/ios | Yes |
Success Response:
200
application/json; charset=utf-8
JSON Contents
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=18e244926da1e49c5b8ffc1c30de8abc&type=apk&file=b/a/a/a/a/a.java" -H "Authorization:{{ api_key }}"
curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=6c23c2970551be15f32bbab0b5db0c71&type=ipa&file=classdump.txt" -H "Authorization:{{ api_key }}"
OR
curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=18e244926da1e49c5b8ffc1c30de8abc&type=apk&file=b/a/a/a/a/a.java" -H "X-Mobsf-Api-Key:{{ api_key }}"
curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=6c23c2970551be15f32bbab0b5db0c71&type=ipa&file=classdump.txt" -H "X-Mobsf-Api-Key:{{ api_key }}"
API to Display Recent Scans.
URL: /api/v1/scans
Method: GET
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
page | the number of page | Yes |
page_size | per page size | Yes |
Success Response:
200
application/json; charset=utf-8
{"content": [{"id": 7, "ANALYZER": "static_analyzer_ios", "SCAN_TYPE":
"ipa", "FILE_NAME": "ios.ipa", "APP_NAME": "helloworld", "PACKAGE_NAME":
"com.kthcorp.helloworld", "VERSION_NAME": "1.0", "MD5":
"6c23c2970551be15f32bbab0b5db0c71", "TIMESTAMP":
"2020-11-15T03:17:11.733Z"}, {"id": 6, "ANALYZER": "static_analyzer",
"SCAN_TYPE": "apk", "FILE_NAME": "android.apk", "APP_NAME":
"HelloWorld", "PACKAGE_NAME": "opensecurity.helloworld", "VERSION_NAME":
"1.0", "MD5": "3a552566097a8de588b8184b059b0158", "TIMESTAMP":
"2020-11-15T03:16:34.171Z"}, {"id": 3, "ANALYZER": "static_analyzer",
"SCAN_TYPE": "zip", "FILE_NAME": "ios_src.zip", "APP_NAME":
"DamnVulnerableIOSApp", "PACKAGE_NAME":
"com.highaltitudehacks.dvia.watchkitapp", "VERSION_NAME": "2.0", "MD5":
"57bb5be0ea44a755ada4a93885c3825e", "TIMESTAMP":
"2020-11-15T03:08:49.089Z"}], "count": 3, "num_pages": 1}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl --url "http://localhost:8000/api/v1/scans" -H "Authorization:{{ api_key }}"
curl --url "http://localhost:8000/api/v1/scans?page=1&page_size=10" -H "Authorization:{{ api_key }}"
OR
curl --url "http://localhost:8000/api/v1/scans" -H "X-Mobsf-Api-Key:{{ api_key }}"
curl --url "http://localhost:8000/api/v1/scans?page=1&page_size=10" -H "X-Mobsf-Api-Key:{{ api_key }}"
API to Compare scan results.
URL: /api/v1/compare
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash1 | first scan hash | Yes |
hash2 | second scan hash to compare with | Yes |
Success Response:
200
application/json; charset=utf-8
JSON Contents
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/compare --data "hash1=82ab8b2193b3cfb1c737e3a786be363a&hash2=f56c96f2b1f0a7c46eb6fef3a035f3dd" -H "Authorization:{{ api_key }}"
OR
curl -X POST --url http://localhost:8000/api/v1/compare --data "hash1=82ab8b2193b3cfb1c737e3a786be363a&hash2=f56c96f2b1f0a7c46eb6fef3a035f3dd" -H "X-Mobsf-Api-Key:{{ api_key }}"
Get Apps available for Dynamic Analysis. You must perform static analysis before attempting dynamic analysis.
URL: /api/v1/dynamic/get_apps
Method: GET
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Success Response:
200
application/json; charset=utf-8
{
"apks": [
{
"ICON_FOUND": true,
"MD5": "3a552566097a8de588b8184b059b0158",
"APP_NAME": "HelloWorld",
"VERSION_NAME": "1.0",
"FILE_NAME": "android.apk",
"PACKAGE_NAME": "opensecurity.helloworld"
},
{
"ICON_FOUND": true,
"MD5": "6825bb9fde2fc671322df005976755a1",
"APP_NAME": "Wikipedia",
"VERSION_NAME": "2.7.277-r-2019-12-11",
"FILE_NAME":
"org.wikipedia_2.7.277-r-2019-12-11-30277_minAPI19(x86)(nodpi)_apkmirror.com.apk",
"PACKAGE_NAME": "org.wikipedia"
},
],
"identifier": "192.168.56.139:5555",
"proxy_ip": "192.168.56.1",
"proxy_port": 1337,
"title": "MobSF Dynamic Analysis",
"version": "v3.1.8 Beta"
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl --url http://localhost:8000/api/v1/dynamic/get_apps -H "Authorization:{{ api_key }}"
Start MobSF Dynamic Analyzer. Ensure that dynamic analysis environment (Android VM/Emulator/Device) is configured and running before calling this API.
URL: /api/v1/dynamic/start_analysis
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
re_install | 0 or 1, default is 1 | No |
install | 0 or 1, default is 1 | No |
Success Response:
200
application/json; charset=utf-8
{
"screen_witdth": "1440",
"screen_height": "2960",
"package": "opensecurity.helloworld",
"hash": "3a552566097a8de588b8184b059b0158",
"android_version": 8,
"version": "v3.1.8 Beta",
"title": "Dynamic Analyzer"
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/dynamic/start_analysis --data "hash=3a552566097a8de588b8184b059b0158" -H "Authorization:{{ api_key }}"
API view Logcat logs.
URL: /api/v1/android/logcat
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
package | package name of the app | Yes |
Success Response:
200
text/event-stream
Logcat Stream Data
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/android/logcat --data "package=org.wikipedia" -H "Authorization:{{ api_key }}"
API to MobSFY android runtime environment.
URL: /api/v1/android/mobsfy
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
identifier | ADB identifier of Android VM/Emulator/Device | Yes |
Success Response:
200
application/json; charset=utf-8
{
"status": "ok",
"android_version": 8
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/android/mobsfy --data "identifier=192.168.56.139:5555" -H "Authorization:{{ api_key }}"
Execute ADB commands inside VM/Emulator/Device.
URL: /api/v1/android/adb_command
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
cmd | non blocking adb commands | Yes |
Success Response:
200
application/json; charset=utf-8
{
"status": "ok",
"message":
"acct\nbugreports\ncache\ncharger\nconfig\nd\ndata\ndefault.prop\ndev\netc\nfstab.vbox86\ninit\ninit.environ.rc\ninit.rc\ninit.usb.configfs.rc\ninit.usb.rc\ninit.vbox86.rc\ninit.zygote32.rc\nmnt\nnonplat_file_contexts\nnonplat_hwservice_contexts\nnonplat_property_contexts\nnonplat_seapp_contexts\nnonplat_service_contexts\noem\nplat_file_contexts\nplat_hwservice_contexts\nplat_property_contexts\nplat_seapp_contexts\nplat_service_contexts\nproc\nrom.trace\nroot\nsbin\nsdcard\nsepolicy\nstorage\nsys\nsystem\ntmp\nueventd.rc\nueventd.vbox86.rc\nvar\nvendor\nvndservice_contexts\n"
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/android/adb_command --data "cmd=shell ls" -H "Authorization:{{ api_key }}"
API to install or remove MobSF Root CA to or from the Android VM/Emulator/Device.
URL: /api/v1/android/root_ca
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
action | install/remove | Yes |
Success Response:
200
application/json; charset=utf-8
{
"status": "ok",
"message": "installed"
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/android/root_ca --data "action=install" -H "Authorization:{{ api_key }}"
API to apply or remove global HTTP(S) proxy configuration to Android VM/Emulator/Device.
URL: /api/v1/android/global_proxy
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
action | set/unset | Yes |
Success Response:
200
application/json; charset=utf-8
{
"status": "ok",
"message": "set"
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/android/global_proxy --data "action=set" -H "Authorization:{{ api_key }}"
API to run Activity or Exported Activity Tester.
URL: /api/v1/android/activity
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
test | exported/activity | Yes |
Success Response:
200
application/json; charset=utf-8
{
"status": "ok"
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/android/activity --data "hash=6825bb9fde2fc671322df005976755a1&test=exported" -H "Authorization:{{ api_key }}"
API to run TLS/SSL Security Tester.
URL: /api/v1/android/tls_tests
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
Success Response:
200
application/json; charset=utf-8
{"status": "ok", "tls_tests":
{"tls_misconfigured": false, "no_tls_pin_or_transparency": false,
"pin_or_transparency_bypassed": false, "has_cleartext": false}}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/android/tls_tests --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:{{ api_key }}"
API to start Frida Instrumentation.
URL: /api/v1/frida/instrument
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
default_hooks | comma separated default hooks to load. | Yes |
auxiliary_hooks | comma separated auxiliary hooks to load. | Yes |
frida_code | user defined frida code to load. | Yes |
class_name | class name to perform method enumeration when `enum_methods` auxiliary_hook is specified. | No |
class_search | pattern to search when `search_class` auxiliary_hook is specified. | No |
class_trace | class name to trace when `trace_class` auxiliary_hook is specified. | No |
Success Response:
200
application/json; charset=utf-8
{
"status": "ok"
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/frida/instrument --data "hash=6825bb9fde2fc671322df005976755a1&default_hooks=api_monitor,ssl_pinning_bypass,root_bypass,debugger_check_bypass&auxiliary_hooks=&frida_code=" -H "Authorization:{{ api_key }}"
OR
curl -X POST --url http://localhost:8000/api/v1/frida/instrument --data "hash=6825bb9fde2fc671322df005976755a1&default_hooks=api_monitor,ssl_pinning_bypass,root_bypass,debugger_check_bypass&auxiliary_hooks=enum_class,string_catch,string_compare,enum_methods,search_class,trace_class&class_name=java.io.File&class_search=ssl&class_trace=javax.net.ssl.TrustManager&frida_code=Java.perform(function()+%7B%0A++%2F%2F+Use+send()+for+logging%0A%7D)%3B" -H "Authorization:{{ api_key }}"
API to view Frida API monitor output.
URL: /api/v1/frida/api_monitor
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
Success Response:
200
application/json; charset=utf-8
JSON Contents
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/frida/api_monitor --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:{{ api_key }}"
API to collect runtime dependencies.
URL: /api/v1/frida/get_dependencies
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
Success Response:
200
application/json; charset=utf-8
{"status": "ok"}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/frida/get_dependencies --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:{{ api_key }}"
API to view Frida log output.
URL: /api/v1/frida/logs
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
Success Response:
200
application/json; charset=utf-8
JSON Contents
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/frida/logs --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:{{ api_key }}"
API to list available frida scripts.
URL: /api/v1/frida/list_scripts
Method: GET
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Success Response:
200
application/json; charset=utf-8
{
"status": "ok",
"files": [
"hook_java_reflection",
"jni_hook_by_address",
"bypass_flag_secure",
"file_trace",
"hook_constructor",
"jni_trace",
"default",
"get_android_id",
"aes_key",
"inputstream_dump",
"helper"
]
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl --url http://localhost:8000/api/v1/frida/list_scripts -H "Authorization:{{ api_key }}"
API to generate frida script based on selection.
URL: /api/v1/frida/get_script
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
scripts[] | name of the script from the output of Frida List Scripts (/api/v1/frida/list_scripts) API. | Yes |
Success Response:
200
application/json; charset=utf-8
JSON Contents
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/frida/get_script --data "scripts[]=hook_java_reflection&scripts[]=jni_hook_by_address&scripts[]=default&scripts[]=get_android_id" -H "Authorization:{{ api_key }}"
Stop MobSF Dynamic Analyzer. This API must be called to stop dynamic analysis and prior to report generation.
URL: /api/v1/dynamic/stop_analysis
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
Success Response:
200
application/json; charset=utf-8
{
"status": "ok"
}
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/dynamic/stop_analysis --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:{{ api_key }}"
Generate JSON Report of Dynamic Analysis. Stop Dynamic Analysis (/api/v1/dynamic/stop_analysis) API must be called before calling this API.
URL: /api/v1/dynamic/report_json
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
hash | hash of the scan | Yes |
Success Response:
200
application/json; charset=utf-8
JSON Contents
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/dynamic/report_json --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:{{ api_key }}"
API to view source of files dumped from device after dynamic analysis. Stop Dynamic Analysis (/api/v1/dynamic/stop_analysis) API must be called before calling this API.
URL: /api/v1/dynamic/view_source
Method: POST
Header: Authorization:<api_key>
Or X-Mobsf-Api-Key:<api_key>
Data Params
Param Name | Param Value | Required |
---|---|---|
file | relative path of the file | Yes |
type | xml/db/others | Yes |
hash | hash of the scan | Yes |
Success Response:
200
application/json; charset=utf-8
JSON Contents
Error Response:
500 Internal Server Error
or 405
Method Not Allowed
or 422 Unprocessable Entity
application/json; charset=utf-8
{"error": <error message>
}
OR
401 Unauthorized
application/json; charset=utf-8
{"error": "You are
unauthorized to make this request." }
Sample Call:
curl -X POST --url http://localhost:8000/api/v1/dynamic/view_source --data "file=data/data/org.wikipedia/shared_prefs/org.wikipedia_preferences.xml&hash=6825bb9fde2fc671322df005976755a1&type=xml" -H "Authorization:{{ api_key }}"