API Docs

API Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664

Static Analysis

  1. api/v1/upload - Upload a File
  2. api/v1/scan - Scan a File
  3. api/v1/scan_logs - Display Live Scan Logs
  4. api/v1/search - Search a Scan
  5. api/v1/scans - Display Recent Scans
  6. api/v1/tasks - Display Scan Tasks
  7. api/v1/delete_scan - Delete a Scan
  8. api/v1/scorecard - App Scorecard
  9. api/v1/download_pdf - Download PDF Report
  10. api/v1/report_json - Generate JSON Report
  11. api/v1/view_source - View Source Files
  12. api/v1/compare - Compare Apps
  13. api/v1/suppress_by_rule - Suppress by Rule
  14. api/v1/suppress_by_files - Suppress by Files
  15. api/v1/list_suppressions - List Suppressions
  16. api/v1/delete_suppression - Delete Suppressions

Dynamic Analysis Android

  1. api/v1/dynamic/get_apps - Get Apps for Dynamic Analysis
  2. api/v1/dynamic/start_analysis - Start Dynamic Analysis
  3. api/v1/android/logcat - View Logcat
  4. api/v1/android/mobsfy - MobSFy VM/Emulator/Device
  5. api/v1/android/adb_command - Execute ADB Commands
  6. api/v1/android/root_ca - Install or Remove MobSF Root CA
  7. api/v1/android/global_proxy - Set or Unset MobSF HTTP(S) Proxy
  8. api/v1/android/activity - Activity or Exported Activity Tester
  9. api/v1/android/start_activity - Start an Activity or Exported Activity
  10. api/v1/android/tls_tests - TLS/SSL Security Tester
  11. api/v1/frida/instrument - Frida Instrument App
  12. api/v1/frida/api_monitor - Frida API Monitor
  13. api/v1/frida/get_dependencies - Frida Get Dependencies
  14. api/v1/frida/logs - Frida View Logs
  15. api/v1/frida/list_scripts - Frida List Scripts
  16. api/v1/frida/get_script - Frida Get Script
  17. api/v1/dynamic/stop_analysis - Stop Dynamic Analysis
  18. api/v1/dynamic/report_json - Dynamic Analysis JSON report
  19. api/v1/dynamic/view_source - Dynamic Analysis View Source

Dynamic Analysis iOS

  1. api/v1/ios/corellium_supported_models - Supported Corellium iOS Models
  2. api/v1/ios/corellium_ios_versions - Supported Corellium iOS Versions
  3. api/v1/ios/corellium_create_ios_instance - Create an iOS VM in Corellium
  4. api/v1/ios/dynamic_analysis - iOS Dynamic Analysis
  5. api/v1/ios/corellium_start_instance - Start iOS VM in Corellium
  6. api/v1/ios/corellium_stop_instance - Stop iOS VM in Corellium
  7. api/v1/ios/corellium_unpause_instance - Unpause iOS VM in Corellium
  8. api/v1/ios/corellium_reboot_instance - Reboot iOS VM in Corellium
  9. api/v1/ios/corellium_destroy_instance - Destroy iOS VM in Corellium
  10. api/v1/ios/corellium_list_apps - List Apps in Corellium iOS VM
  11. api/v1/ios/setup_environment - Setup iOS Dynamic Analysis Environment
  12. api/v1/ios/dynamic_analyzer - iOS Dynamic Analyzer
  13. api/v1/ios/run_app - Run App
  14. api/v1/ios/stop_app - Stop App
  15. api/v1/ios/remove_app - Remove App
  16. api/v1/ios/take_screenshot - Take Screenshot
  17. api/v1/ios/get_app_container_path - Get App Container Path
  18. api/v1/ios/network_capture - Network Capture
  19. api/v1/ios/live_pcap_download - Live PCAP Download
  20. api/v1/ios/ssh_execute - SSH Execute
  21. api/v1/ios/download_app_data - Download App Data
  22. api/v1/ios/instance_input - Instance Input
  23. api/v1/ios/system_logs - System Logs
  24. api/v1/ios/file_upload - File Upload
  25. api/v1/ios/file_download - File Download
  26. api/v1/frida/ios_instrument - Frida Instrument App
  27. api/v1/dynamic/ios_report_json - iOS Dynamic Analysis Report

Upload File API

API to upload a file. Supported file types are apk, zip, ipa and appx.

  • URL: /api/v1/upload

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
file multipart/form-data Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"file_name": "diva-beta.apk", "hash": "82ab8b2193b3cfb1c737e3a786be363a", "scan_type": "apk"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -F 'file=@/Users/ajin/Desktop/diva-beta.apk' http://localhost:8000/api/v1/upload -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -F 'file=@/Users/ajin/Desktop/diva-beta.apk' http://localhost:8000/api/v1/upload -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Scan File API

API to scan a file that is already uploaded. Supports scanning apk, xapk, apks, jar, aar, zip, ipa, so, dylib, a, and appx extensions.

  • URL: /api/v1/scan

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes
re_scan 0 or 1, default is 0 No

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content:
    {"act_count": "17", "api": {"Loading Native Code (Shared Library) ": {"path":
                      ["jakhar/aseem/diva/DivaJni.java"]}, "Local File I/O Operations": {"path":
                      ["jakhar/aseem/diva/InsecureDataStorage2Activity.java", "jakhar/aseem/diva/SQLInjectionActivity.java"]},
                      "Starting Activity": {"path": ["jakhar/aseem/diva/AccessControl1Activity.java",
                      "jakhar/aseem/diva/AccessControl2Activity.java", "jakhar/aseem/diva/AccessControl3Activity.java",
                      "jakhar/aseem/diva/MainActivity.java"]}, "Query Database of SMS, Contacts etc.": {"path":
                      ["jakhar/aseem/diva/AccessControl3NotesActivity.java", "jakhar/aseem/diva/NotesProvider.java"]}
                      SNIPPED
                      
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Scan Logs API

API that provides live and latest scan logs.

  • URL: /api/v1/scan_logs

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content:
    { "logs": [ { "timestamp": "2024-08-04 00:23:35", "status": "Generating Hashes",
                       "exception": null }, { "timestamp": "2024-08-04 00:23:35", "status": "
                      Extracting APK", "exception": null }, { "timestamp": "2024-08-04 00:23:35",
                       "status": "Unzipping", "exception": null },
                      SNIPPED
                      
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/scan_logs --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/scan_logs --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Search API

API for querying scan results. You can search using an MD5 checksum, app name, package name, or file name. The API returns the closest match based on your search term.

  • URL: /api/v1/search

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
query hash of the scan or text Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 404 Not Found or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <You can search by MD5, app name, package name, or file name.> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/search --data "query=com.foo.bar" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/search --data "query=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Delete Scan API

API to delete scan results.

  • URL: /api/v1/delete_scan

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"deleted": "yes"} or {"deleted": "scan hash not found"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/delete_scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/delete_scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

App Scorecrd API

Get MobSF Application Security Scorecard

  • URL: /api/v1/scorecard

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/scorecard --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/scorecard --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Generate PDF Report API

API to generate PDF Report.

  • URL: /api/v1/download_pdf

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/pdf
      Content: PDF Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Generate JSON Report API

API to generate JSON Report.

  • URL: /api/v1/report_json

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/report_json --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/report_json --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

View Source Files API

API to view source files.

  • URL: /api/v1/view_source

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes
file relative file path Yes
type apk/ipa/studio/eclipse/ios Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=18e244926da1e49c5b8ffc1c30de8abc&type=apk&file=b/a/a/a/a/a.java" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        
    • curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=6c23c2970551be15f32bbab0b5db0c71&type=ipa&file=classdump.txt" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=18e244926da1e49c5b8ffc1c30de8abc&type=apk&file=b/a/a/a/a/a.java" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        
    • curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=6c23c2970551be15f32bbab0b5db0c71&type=ipa&file=classdump.txt" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Display Recent Scans API

API to Display Recent Scans.

  • URL: /api/v1/scans

  • Method: GET

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
page the number of page Yes
page_size per page size Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"content": [{"id": 7, "ANALYZER": "static_analyzer_ios", "SCAN_TYPE": "ipa", "FILE_NAME": "ios.ipa", "APP_NAME": "helloworld", "PACKAGE_NAME": "com.kthcorp.helloworld", "VERSION_NAME": "1.0", "MD5": "6c23c2970551be15f32bbab0b5db0c71", "TIMESTAMP": "2020-11-15T03:17:11.733Z"}, {"id": 6, "ANALYZER": "static_analyzer", "SCAN_TYPE": "apk", "FILE_NAME": "android.apk", "APP_NAME": "HelloWorld", "PACKAGE_NAME": "opensecurity.helloworld", "VERSION_NAME": "1.0", "MD5": "3a552566097a8de588b8184b059b0158", "TIMESTAMP": "2020-11-15T03:16:34.171Z"}, {"id": 3, "ANALYZER": "static_analyzer", "SCAN_TYPE": "zip", "FILE_NAME": "ios_src.zip", "APP_NAME": "DamnVulnerableIOSApp", "PACKAGE_NAME": "com.highaltitudehacks.dvia.watchkitapp", "VERSION_NAME": "2.0", "MD5": "57bb5be0ea44a755ada4a93885c3825e", "TIMESTAMP": "2020-11-15T03:08:49.089Z"}], "count": 3, "num_pages": 1}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl --url "http://localhost:8000/api/v1/scans" -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        
    • curl --url "http://localhost:8000/api/v1/scans?page=1&page_size=10" -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl --url "http://localhost:8000/api/v1/scans" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        
    • curl --url "http://localhost:8000/api/v1/scans?page=1&page_size=10" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Scan Tasks API

Displays the scan tasks queue, accessible only when the asynchronous scan queue is enabled.

  • URL: /api/v1/tasks

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>


  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/tasks -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/tasks -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Compare Apps API

API to Compare scan results.

  • URL: /api/v1/compare

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash1 first scan hash Yes
hash2 second scan hash to compare with Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/compare --data "hash1=82ab8b2193b3cfb1c737e3a786be363a&hash2=f56c96f2b1f0a7c46eb6fef3a035f3dd" -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/compare --data "hash1=82ab8b2193b3cfb1c737e3a786be363a&hash2=f56c96f2b1f0a7c46eb6fef3a035f3dd" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Suppress by Rule

Suppress findings by rule id.

  • URL: /api/v1/suppress_by_rule

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes
type code or manifest Yes
rule rule id Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/suppress_by_rule --data "hash=82ab8b2193b3cfb1c737e3a786be363a&type=manifest&rule=app_allowbackup" -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/suppress_by_rule --data "hash=82ab8b2193b3cfb1c737e3a786be363a&type=code&rule=android_logging" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Suppress by Files

Suppress findings by files.

  • URL: /api/v1/suppress_by_files

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes
type code Yes
rule rule id Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/suppress_by_files --data "hash=82ab8b2193b3cfb1c737e3a786be363a&type=code&rule=app_allowbackup" -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/suppress_by_files --data "hash=82ab8b2193b3cfb1c737e3a786be363a&type=code&rule=android_logging" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

View Suppressions

View suppressions associated with a scan.

  • URL: /api/v1/list_suppressions

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/list_suppressions --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/list_suppressions --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Delete Suppressions

Delete suppressions.

  • URL: /api/v1/delete_suppression

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes
type code or manifest Yes
rule rule id Yes
kind rule or file Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/delete_suppression --data "hash=82ab8b2193b3cfb1c737e3a786be363a&kind=file&type=code&rule=android_sql_raw_query" -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/delete_suppression --data "hash=82ab8b2193b3cfb1c737e3a786be363a&kind=rule&type=manifest&rule=receiver_exported_intent_filter_exists" -H "X-Mobsf-Api-Key: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Get Apps API

Get Apps available for Dynamic Analysis. You must perform static analysis before attempting dynamic analysis.

  • URL: /api/v1/dynamic/get_apps

  • Method: GET

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>


  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "apks": [ { "MD5": "3a552566097a8de588b8184b059b0158", "APP_NAME": "HelloWorld", "VERSION_NAME": "1.0", "FILE_NAME": "android.apk", "PACKAGE_NAME": "opensecurity.helloworld" }, { "MD5": "6825bb9fde2fc671322df005976755a1", "APP_NAME": "Wikipedia", "VERSION_NAME": "2.7.277-r-2019-12-11", "FILE_NAME": "org.wikipedia_2.7.277-r-2019-12-11-30277_minAPI19(x86)(nodpi)_apkmirror.com.apk", "PACKAGE_NAME": "org.wikipedia" }, ], "identifier": "192.168.56.139:5555", "proxy_ip": "192.168.56.1", "proxy_port": 1337, "title": "MobSF Dynamic Analysis", "version": "v3.1.8 Beta" }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl --url http://localhost:8000/api/v1/dynamic/get_apps -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Start Dynamic Analysis API

Start MobSF Dynamic Analyzer. Ensure that dynamic analysis environment (Android VM/Emulator/Device) is configured and running before calling this API.

  • URL: /api/v1/dynamic/start_analysis

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes
re_install 0 or 1, default is 1 No
install 0 or 1, default is 1 No

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "screen_witdth": "1440", "screen_height": "2960", "package": "opensecurity.helloworld", "hash": "3a552566097a8de588b8184b059b0158", "android_version": 8, "version": "v3.1.8 Beta", "title": "Dynamic Analyzer" }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/dynamic/start_analysis --data "hash=3a552566097a8de588b8184b059b0158" -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

View Logcat API

API view Logcat logs.

  • URL: /api/v1/android/logcat

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
package package name of the app Yes

  • Success Response:

    • Code: 200
      Content-Type: text/event-stream
      Content: Logcat Stream Data
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/android/logcat --data "package=org.wikipedia" -H "Authorization:  ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

MobSFy API

API to MobSFY android runtime environment.

  • URL: /api/v1/android/mobsfy

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
identifier ADB identifier of Android VM/Emulator/Device Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "status": "ok", "android_version": 8 }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/android/mobsfy --data "identifier=192.168.56.139:5555" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Execute ADB Commands API

Execute ADB commands inside VM/Emulator/Device.

  • URL: /api/v1/android/adb_command

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
cmd non blocking adb commands Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "status": "ok", "message": "acct\nbugreports\ncache\ncharger\nconfig\nadd\nadata\nadefault.prop\nadev\netc\nfstab.vbox86\ninit\ninit.environ.rc\ninit.rc\ninit.usb.configfs.rc\ninit.usb.rc\ninit.vbox86.rc\ninit.zygote32.rc\nmnt\nnonplat_file_contexts\nnonplat_hwservice_contexts\nnonplat_property_contexts\nnonplat_seapp_contexts\nnonplat_service_contexts\noem\nplat_file_contexts\nplat_hwservice_contexts\nplat_property_contexts\nplat_seapp_contexts\nplat_service_contexts\nproc\nrom.trace\nroot\nsbin\nsdcard\nsepolicy\nstorage\nsys\nsystem\ntmp\nueventd.rc\nueventd.vbox86.rc\nvar\nvendor\nvndservice_contexts\n" }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/android/adb_command --data "cmd=shell ls" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Install or Remove Root CA API

API to install or remove MobSF Root CA to or from the Android VM/Emulator/Device.

  • URL: /api/v1/android/root_ca

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
action install/remove Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "status": "ok", "message": "installed" }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/android/root_ca --data "action=install" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Set or Unset MobSF Global HTTP(S) Proxy API

API to apply or remove global HTTP(S) proxy configuration to Android VM/Emulator/Device.

  • URL: /api/v1/android/global_proxy

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
action set/unset Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "status": "ok", "message": "set" }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/android/global_proxy --data "action=set" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Activity or Exported Activity Tester API

API to run Activity or Exported Activity Tester.

  • URL: /api/v1/android/activity

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes
test exported/activity Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "status": "ok" }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/android/activity --data "hash=6825bb9fde2fc671322df005976755a1&test=exported" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Start Activity or Exported Activity API

API to manually launch an Activity or Exported Activity.

  • URL: /api/v1/android/start_activity

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes
activity Fully qualified name of the activity or exported activity Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "status": "ok" }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/android/start_activity --data "hash=6825bb9fde2fc671322df005976755a1&activity=com.package.android.MainActivity" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

TLS/SSL Security Tester API

API to run TLS/SSL Security Tester.

  • URL: /api/v1/android/tls_tests

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "tls_tests": {"tls_misconfigured": false, "no_tls_pin_or_transparency": false, "pin_or_transparency_bypassed": false, "has_cleartext": false}}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/android/tls_tests --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Frida Instrument App API

API to start Frida Instrumentation.

  • URL: /api/v1/frida/instrument

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes
default_hooks comma separated default hooks to load Yes
auxiliary_hooks comma separated auxiliary hooks to load Yes
frida_code user defined frida code to load Yes
class_name class name to perform method enumeration when `enum_methods` auxiliary_hook is specified No
class_search pattern to search when `search_class` auxiliary_hook is specified No
class_trace class name to trace when `trace_class` auxiliary_hook is specified No
frida_action spawn/session/ps. The default action is spawn No
new_package New package name to attach No
pid Process id of the new package to attach No

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "status": "ok" }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/frida/instrument --data "hash=6825bb9fde2fc671322df005976755a1&default_hooks=api_monitor,ssl_pinning_bypass,root_bypass,debugger_check_bypass&auxiliary_hooks=&frida_code=" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

    OR

    • curl -X POST --url http://localhost:8000/api/v1/frida/instrument --data "hash=6825bb9fde2fc671322df005976755a1&default_hooks=api_monitor,ssl_pinning_bypass,root_bypass,debugger_check_bypass&auxiliary_hooks=enum_class,string_catch,string_compare,enum_methods,search_class,trace_class&class_name=java.io.File&class_search=ssl&class_trace=javax.net.ssl.TrustManager&frida_code=Java.perform(function()+%7B%0A++%2F%2F+Use+send()+for+logging%0A%7D)%3B" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Frida API Monitor API

API to view Frida API monitor output.

  • URL: /api/v1/frida/api_monitor

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/frida/api_monitor --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Frida Get Runtime Dependencies API

API to collect runtime dependencies.

  • URL: /api/v1/frida/get_dependencies

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/frida/get_dependencies --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Frida View Logs API

API to view Frida log output.

  • URL: /api/v1/frida/logs

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/frida/logs --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Frida List Scripts API

API to list available frida scripts.

  • URL: /api/v1/frida/list_scripts

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
device android/ios Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "status": "ok", "files": [ "hook_java_reflection", "jni_hook_by_address", "bypass_flag_secure", "file_trace", "hook_constructor", "jni_trace", "default", "get_android_id", "aes_key", "inputstream_dump", "helper" ] }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/frida/list_scripts --data "device=android" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Frida Get Script API

API to generate frida script based on selection.

  • URL: /api/v1/frida/get_script

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
scripts[] name of the script from the output of Frida List Scripts (/api/v1/frida/list_scripts) API. Yes
device android/ios Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/frida/get_script --data "device=android&scripts[]=hook_java_reflection&scripts[]=jni_hook_by_address&scripts[]=default&scripts[]=get_android_id" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Stop Dynamic Analysis API

Stop MobSF Dynamic Analyzer. This API must be called to stop dynamic analysis and prior to report generation.

  • URL: /api/v1/dynamic/stop_analysis

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: { "status": "ok" }
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/dynamic/stop_analysis --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Dynamic Analysis JSON Report API

Generate JSON Report of Dynamic Analysis. Stop Dynamic Analysis (/api/v1/dynamic/stop_analysis) API must be called before calling this API.

  • URL: /api/v1/dynamic/report_json

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/dynamic/report_json --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Dynamic Analysis View Source API

API to view source of files dumped from device after dynamic analysis. Stop Dynamic Analysis (/api/v1/dynamic/stop_analysis) API must be called before calling this API.

  • URL: /api/v1/dynamic/view_source

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
file relative path of the file Yes
type xml/db/others Yes
hash hash of the scan Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/dynamic/view_source --data "file=data/data/org.wikipedia/shared_prefs/org.wikipedia_preferences.xml&hash=6825bb9fde2fc671322df005976755a1&type=xml" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Supported Corellium iOS Models API

List out supported iOS Corellium VMs.

  • URL: /api/v1/ios/corellium_supported_models

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>


  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_supported_models -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Supported Corellium iOS Versions API

List out supported iOS versions for a device.

  • URL: /api/v1/ios/corellium_ios_versions

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
model iOS model Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_ios_versions --data "model=iPhone15,3" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Corellium Create iOS Instance API

Create a jailbroken iOS instance in Corellium with desired flavor and iOS version.

  • URL: /api/v1/ios/corellium_create_ios_instance

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
project_id Corellium Project ID Yes
name Name of the VM Yes
flavor iOS Flavor Yes
version iOS Version Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_create_ios_instance --data "project_id=728bb423-68bc-4300-a484-6e32a43be9cf&name=iosvm&flavor=iphone15p&version=16.0" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

iOS Dynamic Analysis API

List iOS Instance & Apps Available for Dynamic Analysis.

  • URL: /api/v1/ios/dynamic_analysis

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params


  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/dynamic_analysis -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Corellium Start iOS Instance API

Start iOS VM in previously created in Corellium by instance identifier.

  • URL: /api/v1/ios/corellium_start_instance

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
instance_id iOS VM instance identifier Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Starting VM Instance"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_start_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Corellium Stop iOS Instance API

Stop iOS VM in Corellium by instance identifier.

  • URL: /api/v1/ios/corellium_stop_instance

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
instance_id iOS VM instance identifier Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Instance stopped"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_stop_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Corellium Unpause iOS Instance API

Unpause iOS VM in Corellium by instance identifier.

  • URL: /api/v1/ios/corellium_unpause_instance

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
instance_id iOS VM instance identifier Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Instance unpaused"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_unpause_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Corellium Reboot iOS Instance API

Reboot iOS VM in Corellium by instance identifier.

  • URL: /api/v1/ios/corellium_reboot_instance

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
instance_id iOS VM instance identifier Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Rebooting instance"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_reboot_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Corellium Destroy iOS Instance API

Destroy iOS VM in Corellium by instance identifier.

  • URL: /api/v1/ios/corellium_destroy_instance

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
instance_id iOS VM instance identifier Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Destroying instance"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_destroy_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Corellium List Apps in Instance API

List all apps present in the Corellium iOS VM.

  • URL: /api/v1/ios/corellium_list_apps

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

  • Data Params

Param Name Param Value Required
instance_id iOS VM instance identifier Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: JSON Contents
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_list_apps --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Setup iOS Dynamic Analysis Environment API

Setup iOS Dynamic Analysis Environment for an IPA. This API call is required for apps not installed in the Corellium iOS VM.

  • URL: /api/v1/ios/setup_environment

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id Yes
hash MD5 hash of the IPA file Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Testing Environment is Ready!"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/setup_environment --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&hash=35469622303ba10a2195557a3ad1810a" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

iOS Dynamic Analyzer API

Start iOS Dynamic Analyzer with an app. Setup environment (api/v1/ios/setup_environment) API should be called before running dynamic analyzer for IPAs not installed in the Corellium VM.

  • URL: /api/v1/ios/dynamic_analyzer

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
bundle_id iOS app bundle id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"hash": "9d6698108e706f669183737f8d20e1e4", "instance_id": "bd057756-87a8-45a6-945d-35c7ce48eafe", "bundle_id": "com.highaltitudehacks.DVIAswiftv2", "version": "v3.9.4 Beta", "form": null, "title": "iOS Dynamic Analyzer"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/dynamic_analyzer --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Run App API

Run the app in the Corellium VM.

  • URL: /api/v1/ios/run_app

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
bundle_id iOS app bundle id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "App Started"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/run_app --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Stop App API

Kill the app in the Corellium VM.

  • URL: /api/v1/ios/stop_app

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
bundle_id iOS app bundle id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "App Killed"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/stop_app --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Remove App API

Remove an app from the Corellium VM.

  • URL: /api/v1/ios/remove_app

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
bundle_id iOS app bundle id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "App uninstalled"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/remove_app --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Take Screenshot API

Take a screenshot.

  • URL: /api/v1/ios/take_screenshot

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA..."}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/take_screenshot --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Get App Container Path API

Get App container path. App must be instrumented before calling this API.

  • URL: /api/v1/ios/get_app_container_path

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
bundle_id iOS app bundle id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "/var/mobile/Containers/Data/Application/DDEACD38-727E-491C-AB9B-5DE80BB9EA71/"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/get_app_container_path --data "bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Network Capture API

Enable/Disable Network Capture.

  • URL: /api/v1/ios/network_capture

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
state on/off Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Enabled network capture"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/network_capture --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&state=on" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Live PCAP Download API

Download live packet capture.

  • URL: /api/v1/ios/live_pcap_download

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/vnd.tcpdump.pcap
      Content: PCAP File
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/live_pcap_download --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

SSH Execute API

Execute OS Commands inside the VM over SSH.

  • URL: /api/v1/ios/ssh_execute

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
cmd OS Command Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Library\nMedia\n\n"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/ssh_execute --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&cmd=ls" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Download App Data API

Download app data from the VM.

  • URL: /api/v1/ios/download_app_data

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
bundle_id iOS app bundle id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Downloaded application data"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/download_app_data --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Instance Input API

Provide text, swipe and touch events to the VM

  • URL: /api/v1/ios/instance_input

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
x x-axis integer / Text input text when event parameter is set to text No
y y-axis integer No
event text/home/enter/backspace/left/right/swipe_up/swipe_down/swipe_left/swipe_right/touch. No
max_x Max Screen size x-axis No
max_y Max Screen size y-axis No

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/instance_input --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&x=264&y=824&event=finger&max_x=750&max_y=1334" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

System Logs API

Get VM system logs.

  • URL: /api/v1/ios/system_logs

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "iBoot version: iHoot-1975.1.46.1.2\r\ncorecrypto_kex..."}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/system_logs --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

File Upload API

Upload a file to the the VM.

  • URL: /api/v1/ios/file_upload

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
file multipart/form-data Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -F "file=@/Users/foo/foo.sh" -F "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe" --url http://localhost:8000/api/v1/ios/file_upload -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

File Download API

Download a file from the VM.

  • URL: /api/v1/ios/file_download

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
file Path to the file in VM Yes

  • Success Response:

    • Code: 200
      Content-Type: application/octet-stream
      Content: File Data
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/ios/file_download --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&file=/var/mobile/Containers/Data/Application/6DC4F886-537F-4F6D-87EE-ED976F4F4682/Library/Application Support/com.braze.core.persistence/data/61cbc3f/remote-configuration.json" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

Frida Instrument API

Instrument iOS App.

  • URL: /api/v1/frida/ios_instrument

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
bundle_id iOS app bundle id (Available from /api/v1/ios/dynamic_analysis) Yes
hash MD5 hash of the IPA file Yes
default_hooks comma separated default hooks to load Yes
dump_hooks comma separated dump hooks to load (network,crypto,cookies,file-access,json,sqlite,data-dir,keychain,nslog,text-inputs,nsurlcredentialstorage,nsuserdefaults,pasteboard) Yes
auxiliary_hooks comma separated auxiliary hooks to load Yes
frida_code user defined frida code to load Yes
class_name class name to perform method enumeration when `enum_methods` auxiliary_hook is specified No
class_search pattern to search when `search_class` auxiliary_hook is specified No
class_trace class name to trace when `trace_class` auxiliary_hook is specified No
method_search look for classes with this method No
frida_action spawn/session/ps. The default action is spawn No
new_package New package name to attach No
pid Process id of the new package to attach No

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"status": "ok", "message": "Frida Instrumentation successful"}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/frida/ios_instrument --data "frida_action=spawn&pid=&new_bundle_id=&hash=f49355aa96053a36248905f78d5419a8&bundle_id=com.1debit.beta.ChimeApp&instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&default_hooks=jailbreak_bypass&dump_hooks=network,crypto,cookies,file-access,json,sqlite,data-dir,keychain,nslog,text-inputs,nsurlcredentialstorage,nsuserdefaults,pasteboard&auxiliary_hooks=&class_name=&class_search=&method_search=asdad&class_trace=&frida_code=" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"
                        

iOS Dynamic Analysis Report API

Get iOS Dynamic Analysis Report.

  • URL: /api/v1/dynamic/ios_report_json

  • Method: POST

  • Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name Param Value Required
instance_id iOS instance id (Available from /api/v1/ios/dynamic_analysis) Yes
bundle_id iOS app bundle id (Available from /api/v1/ios/dynamic_analysis) Yes

  • Success Response:

    • Code: 200
      Content-Type: application/json; charset=utf-8
      Content: {"hash": "9d6698108e706f669183737f8d20e1e4", "version": "v3.9.4 Beta", "title": "iOS Dynamic Analysis Report", "instance_id": "bd057756-87a8-45a6-945d-35c7ce48eafe", "bundleid": "com.highaltitudehacks.DVIAswiftv2", "trackers": {"detected_trackers": 0, "total_trackers": 432,...."}
  • Error Response:

    • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
      Content-Type: application/json; charset=utf-8
      Content: {"error": <error message> }

    OR

    • Code: 401 Unauthorized
      Content-Type: application/json; charset=utf-8
      Content: {"error": "You are unauthorized to make this request." }
  • Sample Call:

    • curl -X POST --url http://localhost:8000/api/v1/dynamic/ios_report_json --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization: ed3b2e68167514dff1c364334fc20451071ead482248f88cea1f2372d429e664"