What is Mobsf Mcp Server

mobsf-mcp-server is a Model Context Protocol (MCP) compatible tool that utilizes the MobSF (Mobile Security Framework) APIs to scan and analyze APK and IPA files directly.

Use cases

Use cases include scanning mobile applications for security vulnerabilities, automating security assessments during the development process, and integrating with other tools that support MCP for enhanced security workflows.

How to use

To use mobsf-mcp-server, clone the repository, install dependencies, set up the environment variables with your MobSF API key, and run the server. You can then use any MCP client to scan files by sending commands like ‘scan .apk’ or ‘scan .ipa’.

Key features

Key features include support for scanning APK and IPA files, utilizing MobSF’s REST API for file uploads, triggering scans, fetching analysis summaries, and automatically filtering large results to prevent output overload.

Where to use

mobsf-mcp-server is primarily used in mobile application security testing, allowing developers and security professionals to analyze mobile applications for vulnerabilities and security issues.

🛡MobSF MCP Tool

This is an MCP (Model Context Protocol) compatible tool that allows MobSF (Mobile Security Framework) to scan APK and IPA files directly via Claude, 5ire, or any MCP-capable client.

Prerequisites

• MobSF should be installed on the system.
• Download the MCP typescript sdk and rename the folder to sdk.

🚀 Features

• Supports APK and IPA file scanning

• Uses MobSF’s REST API to:

Upload files

Trigger scans

Fetch analysis summary

Automatically filters large results like strings or secrets (to prevent output overload)

MCP-compatible interface via server.ts

🎞️ Installation

Clone the repo and install dependencies:

git clone https://github.com/yourusername/mobsf-mcp.git
cd mobsf-mcp
npm install 

🔐 Setup

Copy the .env.example to .env:

cp .env.example .env

Edit .env to include your MobSF API key:

MOBSF_API_KEY=YOUR_MOBSF_API_KEY

MOBSF_URL=http://localhost:8000 

▶️ Run the Server

• Add the configuration settings shown at the end for claude AI desktop app, it will automatically run the server.

• Make sure your MobSF server is running locally at http://localhost:8000.

🧲 Example Input

• The server exposes tool scanFile . So, use any MCP client to try the following prompt scan .apk or scan .ipa. It will scan the IPA or APK file and will analyze the report(json) for you.

📌 Notes

• Only .apk and .ipa file types are supported.

• This tool avoids fetching large fields like raw strings or source code dumps to keep responses fast and compliant with Claude/5ire message limits.

✅ Claude Config file (Example)

 {
  "mcpServers": {
    "mobsf": {
      "command": "npx",
      "args": ["tsx", "/absolute/path/to/server.ts"]
    }
  }
}