MobSF MCP Server
Server Configuration
Describes the environment variables required to run the server.
| Name | Required | Description | Default |
|---|---|---|---|
| MOBSF_URL | No | URL of the MobSF server instance | http://localhost:8000 |
| MOBSF_API_KEY | Yes | API key for MobSF access |
Capabilities
Features and capabilities supported by this server
| Capability | Details |
|---|---|
| tools | {
"listChanged": true
} |
Tools
Functions exposed to the LLM to take actions
| Name | Description |
|---|---|
| uploadFileA | Upload a mobile application file (APK, IPA, or APPX) to MobSF for security analysis. This is the first step before scanning and must be done prior to using other analysis functions. |
| getScanLogsA | Retrieve detailed scan logs for a previously analyzed mobile application using its hash value. These logs contain information about the scanning process and any issues encountered. |
| getJsonReportA | Generate and retrieve a comprehensive security analysis report in JSON format for a scanned mobile application. This report includes detailed findings about security vulnerabilities, permissions, API calls, and other security-relevant information. |
| getJsonReportSectionC | Get a specific section of the MobSF JSON report by hash and section name. |
| getJsonReportSectionsA | Get all top-level section names of the MobSF JSON report. |
| getRecentScansB | Retrieve a list of recently performed security scans on the MobSF server, showing mobile applications that have been analyzed, their statuses, and basic scan information. |
| searchScanResultB | Search scan results by hash, app name, package name, or file name. |
| deleteScanA | Delete scan results by hash. |
| getScorecardB | Get MobSF Application Security Scorecard by hash. |
| generatePdfReportA | Generate PDF security report by hash. Returns PDF as base64 string. |
| viewSourceC | View source files by hash, file path, and type. |
| getScanTasksA | Get scan tasks queue (async scan queue must be enabled). |
| compareAppsC | Compare scan results by two hashes. |
| suppressByRuleB | Suppress findings by rule id. |
| suppressByFilesC | Suppress findings by files. |
| listSuppressionsC | View suppressions associated with a scan. |
| deleteSuppressionC | Delete suppressions. |
| listAllHashesC | Get all report MD5 hash values. |
| getJsonSection_versionB | Get the 'version' section of the MobSF JSON report by hash. |
| getJsonSection_titleC | Get the 'title' section of the MobSF JSON report by hash. |
| getJsonSection_file_nameB | Get the 'file_name' section of the MobSF JSON report by hash. |
| getJsonSection_app_nameA | Get the 'app_name' section of the MobSF JSON report by hash. |
| getJsonSection_app_typeB | Get the 'app_type' section of the MobSF JSON report by hash. |
| getJsonSection_sizeA | Get the 'size' section of the MobSF JSON report by hash. |
| getJsonSection_md5C | Get the 'md5' section of the MobSF JSON report by hash. |
| getJsonSection_sha1B | Get the 'sha1' section of the MobSF JSON report by hash. |
| getJsonSection_sha256A | Get the 'sha256' section of the MobSF JSON report by hash. |
| getJsonSection_package_nameB | Get the 'package_name' section of the MobSF JSON report by hash. |
| getJsonSection_main_activityC | Get the 'main_activity' section of the MobSF JSON report by hash. |
| getJsonSection_exported_activitiesB | Get the 'exported_activities' section of the MobSF JSON report by hash. |
| getJsonSection_browsable_activitiesA | Get the 'browsable_activities' section of the MobSF JSON report by hash. |
| getJsonSection_activitiesB | Get the 'activities' section of the MobSF JSON report by hash. |
| getJsonSection_receiversC | Get the 'receivers' section of the MobSF JSON report by hash. |
| getJsonSection_providersB | Get the 'providers' section of the MobSF JSON report by hash. |
| getJsonSection_servicesB | Get the 'services' section of the MobSF JSON report by hash. |
| getJsonSection_librariesB | Get the 'libraries' section of the MobSF JSON report by hash. |
| getJsonSection_target_sdkB | Get the 'target_sdk' section of the MobSF JSON report by hash. |
| getJsonSection_max_sdkA | Get the 'max_sdk' section of the MobSF JSON report by hash. |
| getJsonSection_min_sdkA | Get the 'min_sdk' section of the MobSF JSON report by hash. |
| getJsonSection_version_nameA | Get the 'version_name' section of the MobSF JSON report by hash. |
| getJsonSection_version_codeA | Get the 'version_code' section of the MobSF JSON report by hash. |
| getJsonSection_permissionsA | Get the 'permissions' section of the MobSF JSON report by hash. |
| getJsonSection_malware_permissionsA | Get the 'malware_permissions' section of the MobSF JSON report by hash. |
| getJsonSection_certificate_analysisA | Get the 'certificate_analysis' section of the MobSF JSON report by hash. |
| getJsonSection_manifest_analysisA | Get the 'manifest_analysis' section of the MobSF JSON report by hash. |
| getJsonSection_network_securityA | Get the 'network_security' section of the MobSF JSON report by hash. |
| getJsonSection_binary_analysisB | Get the 'binary_analysis' section of the MobSF JSON report by hash. |
| getJsonSection_file_analysisB | Get the 'file_analysis' section of the MobSF JSON report by hash. |
| getJsonSection_android_apiB | Get the 'android_api' section of the MobSF JSON report by hash. |
| getJsonSection_code_analysisB | Get the 'code_analysis' section of the MobSF JSON report by hash. |
| getJsonSection_niap_analysisB | Get the 'niap_analysis' section of the MobSF JSON report by hash. |
| getJsonSection_permission_mappingA | Get the 'permission_mapping' section of the MobSF JSON report by hash. |
| getJsonSection_urlsC | Get the 'urls' section of the MobSF JSON report by hash. |
| getJsonSection_domainsB | Get the 'domains' section of the MobSF JSON report by hash. |
| getJsonSection_emailsB | Get the 'emails' section of the MobSF JSON report by hash. |
| getJsonSection_stringsA | Get the 'strings' section of the MobSF JSON report by hash. |
| getJsonSection_firebase_urlsC | Get the 'firebase_urls' section of the MobSF JSON report by hash. |
| getJsonSection_exported_countA | Get the 'exported_count' section of the MobSF JSON report by hash. |
| getJsonSection_apkidA | Get the 'apkid' section of the MobSF JSON report by hash. |
| getJsonSection_behaviourA | Get the 'behaviour' section of the MobSF JSON report by hash. |
| getJsonSection_trackersA | Get the 'trackers' section of the MobSF JSON report by hash. |
| getJsonSection_playstore_detailsA | Get the 'playstore_details' section of the MobSF JSON report by hash. |
| getJsonSection_secretsA | Get the 'secrets' section of the MobSF JSON report by hash. |
| getJsonSection_logsB | Get the 'logs' section of the MobSF JSON report by hash. |
| getJsonSection_sbomB | Get the 'sbom' section of the MobSF JSON report by hash. |
| getJsonSection_average_cvssB | Get the 'average_cvss' section of the MobSF JSON report by hash. |
| getJsonSection_appsecA | Get the 'appsec' section of the MobSF JSON report by hash. |
| getJsonSection_virus_totalA | Get the 'virus_total' section of the MobSF JSON report by hash. |
| getJsonSection_base_urlB | Get the 'base_url' section of the MobSF JSON report by hash. |
| getJsonSection_dwd_dirC | Get the 'dwd_dir' section of the MobSF JSON report by hash. |
| getJsonSection_host_osA | Get the 'host_os' section of the MobSF JSON report by hash. |
Prompts
Interactive templates invoked by user choice
| Name | Description |
|---|---|
No prompts | |
Resources
Contextual data attached and managed by the client
| Name | Description |
|---|---|
No resources | |
Latest Blog Posts
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/il-il1/MobSF-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server