- Home
- MCP servers
- MobSF
MobSF
- javascript
22
GitHub Stars
javascript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"il-il1-mobsf-mcp": {
"command": "npx",
"args": [
"mobsf-mcp"
],
"env": {
"MOBSF_URL": "http://localhost:8000",
"MOBSF_API_KEY": "your_api_key_here"
}
}
}
}MobSF-MCP is a Node.js based implementation of the Model Context Protocol for MobSF. It provides a standardized way to integrate MobSF security analysis into automated workflows and tools, enabling programmatic access to scans, reports, and other MobSF capabilities through a lightweight MCP server.
How to use
To use MobSF-MCP with an MCP client, start by ensuring MobSF is running with API access. The MCP server exposes a set of endpoints for uploading apps, retrieving reports, and performing analyses. In typical workflows you will configure a client to point at the local MCP server, then perform actions such as uploading an APK/IPA, fetching a full JSON report, or generating a PDF report. Use the client to orchestrate scans, view logs, and retrieve results for automated processing and integration into CI/CD pipelines.
How to install
Prerequisites: Node.js v14 or higher, npm, and a running MobSF instance with API access.
Install the MobSF-MCP server globally:
npm install -g mobsf-mcp
Configure environment variables and start the MobSF MCP server using the npx command. Open a PowerShell session with administrator privileges and set the MobSF connection details, then start the MCP server:
$env:MOBSF_URL="http://localhost:8000";
$env:MOBSF_API_KEY="your_api_key_here";
npx mobsf-mcp
Additional sections
Configuration for integration with the VSCode cline extension is provided in the README. To use MobSF-MCP with the cline extension, add the following MCP server configuration to your cline settings. This config uses stdio transport and the Windows path for Node.js as shown in the example.
{
"mcpServers": {
"MobSF MCP Server": {
"disabled": false,
"timeout": 60,
"command": "Nodejs\\node.exe",
"args": [
"index.js"
],
"env": {
"MOBSF_URL": "http://localhost:8000",
"MOBSF_API_KEY": "your_api_key_here"
},
"transportType": "stdio"
}
}
}
Notes and security
This MCP server is intended for legitimate security testing and automated workflows with explicit authorization. Do not use it to access systems or data without permission. Always protect your MobSF API key and restrict access to the MCP server.
Available tools
uploadFile
Uploads an app file (APK, IPA, APPX) for security analysis.
getScanLogs
Retrieves detailed scan logs for a given scan hash.
getJsonReport
Fetches the full JSON security analysis report for a scan.
getJsonReportSection
Gets a specific section of the JSON report by section name.
getRecentScans
Lists recent security scans with pagination.
searchScanResult
Searches scans by hash, name, or package.
deleteScan
Deletes scan results by hash.
getScorecard
Retrieves the application security scorecard.
generatePdfReport
Generates a PDF version of the security report.
viewSource
Views source files from the analysis.
getScanTasks
Returns the scan tasks queue for async processing.
compareApps
Compares two scans by their hashes.
suppressByRule
Suppresses findings by rule ID.
suppressByFiles
Suppresses findings by files.
listSuppressions
Lists suppressions for a scan.
deleteSuppression
Deletes a suppression by type and rule/file.
listAllHashes
Lists all report MD5 hashes.