Skip to content

Instantly share code, notes, and snippets.



Created Aug 16, 2019
What would you like to do?
Install MobSF Framework on CentOS 7 (with Headless Dynamic Analysis)
# Maintainer: Harold Kim (
# Tested in CentOS 7.6.1810
# $ lsb_release -a
# LSB Version: :core-4.1-amd64:core-4.1-noarch
# Distributor ID: CentOS
# Description: CentOS Linux release 7.6.1810 (Core)
# Release: 7.6.1810
# Codename: Core
# Run this file as root
sudo bash
# Let's install files on /srv/
mkdir -p /srv/MobSF
cd /srv/MobSF
# Install dependencies
yum install libxslt libjpeg zlib libxml2-devel libffi-devel openssl-libs
# Download latest sqlite and replace old ones with latest files
tar xvfz sqlite-*
cd sqlite-*
./configure --prefix=/usr/local
make install
mv /usr/bin/sqlite3 /usr/bin/sqlite3_old
ln -s /usr/local/bin/sqlite3 /usr/bin/sqlite3
echo 'export LD_LIBRARY_PATH="/usr/local/lib"' > ~/.bashrc
export LD_LIBRARY_PATH="/usr/local/lib"
cd ..
# Install Python 3.6 from ius repo
yum install -y
yum install -y python36 python36-devel python36-pip python36-setuptools python36-tools python36-libs python36-tkinter
# Install MobSF Framework
git clone
cd Mobile-Security-Framework-MobSF
# Install Dynamic analysis
# Installing VirtualBox 5.2, because 6.0 does not support x86 android devices
yum install -y kernel-devel kernel-headers gcc make perl
yum -y install wget
rpm --import oracle_vbox.asc
wget -O /etc/yum.repos.d/virtualbox.repo
yum install -y VirtualBox-5.2
# Grab the id from the download page
# Download ova file via gdrive
wget --load-cookies /tmp/cookies.txt \
"$(wget --quiet --save-cookies /tmp/cookies.txt --keep-session-cookies --no-check-certificate "${GDRIVE_DOWNLOAD_ID}" -O- | sed -rn 's/.*confirm=([0-9A-Za-z_]+).*/\1\n/p')&id=${GDRIVE_DOWNLOAD_ID}" \
-O MobSF_VM_0.3.ova && rm -rf /tmp/cookies.txt
# Import vm to virtualbox
vboxmanage import MobSF_VM_0.3.ova
# Check if it's imported proerly.
VBOX_NAME=`vboxmanage list vms | grep -i 'MobSF_[A-Za-z0-9]*_[0-9]*.[0-9]*' -oh`
echo "======== Check VM Name ==="
echo "Selected VM Name: " $VBOX_NAME
echo "=========================="
# According to MobSF wiki, it is recommended to create both HostOnly and NAT network
VBoxManage hostonlyif create
VBoxManage natnetwork add --netname natnet1 --network "" --enable --dhcp on
VBoxManage natnetwork start --netname natnet1
# We assign created network on VM
VBoxManage modifyvm "$VBOX_NAME" --nic1 hostonly
VboxManage modifyvm "$VBOX_NAME" --nic2 nat
# Start VM on headless, otherwise it crashes.
VBoxManage startvm "$VBOX_NAME" --type=headless
# Now it should show us that the VM is running properly
echo "======== Running VM ==="
VBoxManage list runningvms
echo "======================="
# You can also check IPs and Proxy Connection Tests
VBoxManage guestproperty enumerate "$VBOX_NAME" | grep androvm_ip_management | grep 192.168 --color
# Check if the value is
# If so, you shouldn't have much problem from here.
# You can test the connection proxy here
# $ nc -vlp 1337
# Ncat: Version 7.50 ( )
# Ncat: Listening on
# Ncat: Connection from
# Ncat: Connection from
# GET HTTP/1.1
# User-Agent: Dalvik/1.6.0 (Linux; U; Android 4.4.2; Samsung Galaxy S4 - 4.4.2 - API 19 - 1080x1920 Build/KOT49H)
# Host:
# Connection: Keep-Alive
# Accept-Encoding: gzip
# Wait for the device to boot
echo "[*] Waiting 60 seconds to let the device boot"
sleep 60
# add snapshot, so that the machine does not get broken
VBoxManage snapshot $VBOX_NAME take SAVED_STATE
# Get VM_UUID and Snapshot_UUID
VM_UUID=`vboxmanage list runningvms | grep MobSF | grep -i '[A-Za-z0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*' -oh`
SNAPSHOT_UUID=`vboxmanage snapshot ${VM_UUID} list | grep SAVED_STATE | grep -i '[A-Za-z0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*' -oh`
echo "[*] Installation Complete. If you have setup correctly, VM_UUID and SNAPSHOT_UUID should show up properly"
echo "VM_UUID: " $VM_UUID
# Get MobSF Configuration UUID and Snapshot_UUID
CURRENT_SETTING_UUID=`cat MobSF/ | grep 'UUID =' | grep -v 'SUUID' | grep -i '[A-Za-z0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*' -oh`
CURRENT_SETTING_SNAPSHOT_UUID=`cat MobSF/ | grep 'SUUID =' | grep -i '[A-Za-z0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*-[A-Fa-f0-9]*' -oh`
# Since we're on a headless mode, we also need to change headless config
HEADLESS_CHECK=`cat MobSF/ | grep "HEADLESS" | xargs`
# Replace them
sed -i "s/${CURRENT_SETTING_UUID}/${VM_UUID}/g" MobSF/
sed -i "s/${HEADLESS_CHECK}/VBOX_HEADLESS = True/g" MobSF/
# We are ready to run. let's go!

This comment has been minimized.

Copy link
Owner Author

@stypr stypr commented Aug 16, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.