API Docs

API Key: 40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23

Static Analysis

1. api/v1/upload - Upload a File
2. api/v1/scan - Scan a File
3. api/v1/scans - Display Recent Scans
4. api/v1/delete_scan - Delete a Scan
5. api/v1/scorecard - App Scorecard
6. api/v1/download_pdf - Download PDF Report
7. api/v1/report_json - Generate JSON Report
8. api/v1/view_source - View Source Files
9. api/v1/compare - Compare Apps
10. api/v1/suppress_by_rule - Suppress by Rule
11. api/v1/suppress_by_files - Suppress by Files
12. api/v1/list_suppressions - List Suppressions
13. api/v1/delete_suppression - Delete Suppressions

Dynamic Analysis Android

1. api/v1/dynamic/get_apps - Get Apps for Dynamic Analysis
2. api/v1/dynamic/start_analysis - Start Dynamic Analysis
3. api/v1/android/logcat - View Logcat
4. api/v1/android/mobsfy - MobSFy VM/Emulator/Device
5. api/v1/android/adb_command - Execute ADB Commands
6. api/v1/android/root_ca - Install or Remove MobSF Root CA
7. api/v1/android/global_proxy - Set or Unset MobSF HTTP(S) Proxy
8. api/v1/android/activity - Activity or Exported Activity Tester
9. api/v1/android/start_activity - Start an Activity or Exported Activity
10. api/v1/android/tls_tests - TLS/SSL Security Tester
11. api/v1/frida/instrument - Frida Instrument App
12. api/v1/frida/api_monitor - Frida API Monitor
13. api/v1/frida/get_dependencies - Frida Get Dependencies
14. api/v1/frida/logs - Frida View Logs
15. api/v1/frida/list_scripts - Frida List Scripts
16. api/v1/frida/get_script - Frida Get Script
17. api/v1/dynamic/stop_analysis - Stop Dynamic Analysis
18. api/v1/dynamic/report_json - Dynamic Analysis JSON report
19. api/v1/dynamic/view_source - Dynamic Analysis View Source

Dynamic Analysis iOS

1. api/v1/ios/corellium_supported_models - Supported Corellium iOS Models
2. api/v1/ios/corellium_ios_versions - Supported Corellium iOS Versions
3. api/v1/ios/corellium_create_ios_instance - Create an iOS VM in Corellium
4. api/v1/ios/dynamic_analysis - iOS Dynamic Analysis
5. api/v1/ios/corellium_start_instance - Start iOS VM in Corellium
6. api/v1/ios/corellium_stop_instance - Stop iOS VM in Corellium
7. api/v1/ios/corellium_unpause_instance - Unpause iOS VM in Corellium
8. api/v1/ios/corellium_reboot_instance - Reboot iOS VM in Corellium
9. api/v1/ios/corellium_destroy_instance - Destroy iOS VM in Corellium
10. api/v1/ios/corellium_list_apps - List Apps in Corellium iOS VM
11. api/v1/ios/setup_environment - Setup iOS Dynamic Analysis Environment
12. api/v1/ios/dynamic_analyzer - iOS Dynamic Analyzer
13. api/v1/ios/run_app - Run App
14. api/v1/ios/stop_app - Stop App
15. api/v1/ios/remove_app - Remove App
16. api/v1/ios/take_screenshot - Take Screenshot
17. api/v1/ios/get_app_container_path - Get App Container Path
18. api/v1/ios/network_capture - Network Capture
19. api/v1/ios/live_pcap_download - Live PCAP Download
20. api/v1/ios/ssh_execute - SSH Execute
21. api/v1/ios/download_app_data - Download App Data
22. api/v1/ios/instance_input - Instance Input
23. api/v1/ios/system_logs - System Logs
24. api/v1/ios/file_upload - File Upload
25. api/v1/ios/file_download - File Download
26. api/v1/frida/ios_instrument - Frida Instrument App
27. api/v1/dynamic/ios_report_json - iOS Dynamic Analysis Report

---

Upload File API

API to upload a file. Supported file types are apk, zip, ipa and appx.

• URL: /api/v1/upload

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
file	multipart/form-data	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"file_name": "diva-beta.apk", "hash": "82ab8b2193b3cfb1c737e3a786be363a", "scan_type": "apk"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -F 'file=@/Users/ajin/Desktop/diva-beta.apk' http://localhost:8000/api/v1/upload -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -F 'file=@/Users/ajin/Desktop/diva-beta.apk' http://localhost:8000/api/v1/upload -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Scan File API

API to scan a file that is already uploaded. Supports scanning apk, xapk, apks, jar, aar, zip, ipa, so, dylib, a, and appx extensions.

• URL: /api/v1/scan

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
re_scan	0 or 1, default is 0	No

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content:

  {"act_count": "17", "api": {"Loading Native Code (Shared Library) ": {"path":
                    ["jakhar/aseem/diva/DivaJni.java"]}, "Local File I/O Operations": {"path":
                    ["jakhar/aseem/diva/InsecureDataStorage2Activity.java", "jakhar/aseem/diva/SQLInjectionActivity.java"]},
                    "Starting Activity": {"path": ["jakhar/aseem/diva/AccessControl1Activity.java",
                    "jakhar/aseem/diva/AccessControl2Activity.java", "jakhar/aseem/diva/AccessControl3Activity.java",
                    "jakhar/aseem/diva/MainActivity.java"]}, "Query Database of SMS, Contacts etc.": {"path":
                    ["jakhar/aseem/diva/AccessControl3NotesActivity.java", "jakhar/aseem/diva/NotesProvider.java"]}
                    SNIPPED
                    

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Delete Scan API

API to delete scan results.

• URL: /api/v1/delete_scan

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"deleted": "yes"} or {"deleted": "scan hash not found"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/delete_scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/delete_scan --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

App Scorecrd API

Get MobSF Application Security Scorecard

• URL: /api/v1/scorecard

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/scorecard --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/scorecard --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Generate PDF Report API

API to generate PDF Report.

• URL: /api/v1/download_pdf

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/pdf
    Content: PDF Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/download_pdf --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Generate JSON Report API

API to generate JSON Report.

• URL: /api/v1/report_json

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/report_json --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/report_json --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

View Source Files API

API to view source files.

• URL: /api/v1/view_source

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
file	relative file path	Yes
type	apk/ipa/studio/eclipse/ios	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=18e244926da1e49c5b8ffc1c30de8abc&type=apk&file=b/a/a/a/a/a.java" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  • curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=6c23c2970551be15f32bbab0b5db0c71&type=ipa&file=classdump.txt" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=18e244926da1e49c5b8ffc1c30de8abc&type=apk&file=b/a/a/a/a/a.java" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  • curl -X POST --url http://localhost:8000/api/v1/view_source --data "hash=6c23c2970551be15f32bbab0b5db0c71&type=ipa&file=classdump.txt" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Display Recent Scans API

API to Display Recent Scans.

• URL: /api/v1/scans

• Method: GET

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
page	the number of page	Yes
page_size	per page size	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"content": [{"id": 7, "ANALYZER": "static_analyzer_ios", "SCAN_TYPE": "ipa", "FILE_NAME": "ios.ipa", "APP_NAME": "helloworld", "PACKAGE_NAME": "com.kthcorp.helloworld", "VERSION_NAME": "1.0", "MD5": "6c23c2970551be15f32bbab0b5db0c71", "TIMESTAMP": "2020-11-15T03:17:11.733Z"}, {"id": 6, "ANALYZER": "static_analyzer", "SCAN_TYPE": "apk", "FILE_NAME": "android.apk", "APP_NAME": "HelloWorld", "PACKAGE_NAME": "opensecurity.helloworld", "VERSION_NAME": "1.0", "MD5": "3a552566097a8de588b8184b059b0158", "TIMESTAMP": "2020-11-15T03:16:34.171Z"}, {"id": 3, "ANALYZER": "static_analyzer", "SCAN_TYPE": "zip", "FILE_NAME": "ios_src.zip", "APP_NAME": "DamnVulnerableIOSApp", "PACKAGE_NAME": "com.highaltitudehacks.dvia.watchkitapp", "VERSION_NAME": "2.0", "MD5": "57bb5be0ea44a755ada4a93885c3825e", "TIMESTAMP": "2020-11-15T03:08:49.089Z"}], "count": 3, "num_pages": 1}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl --url "http://localhost:8000/api/v1/scans" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  • curl --url "http://localhost:8000/api/v1/scans?page=1&page_size=10" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl --url "http://localhost:8000/api/v1/scans" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  • curl --url "http://localhost:8000/api/v1/scans?page=1&page_size=10" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Compare Apps API

API to Compare scan results.

• URL: /api/v1/compare

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash1	first scan hash	Yes
hash2	second scan hash to compare with	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/compare --data "hash1=82ab8b2193b3cfb1c737e3a786be363a&hash2=f56c96f2b1f0a7c46eb6fef3a035f3dd" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/compare --data "hash1=82ab8b2193b3cfb1c737e3a786be363a&hash2=f56c96f2b1f0a7c46eb6fef3a035f3dd" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Suppress by Rule

Suppress findings by rule id.

• URL: /api/v1/suppress_by_rule

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
type	code or manifest	Yes
rule	rule id	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/suppress_by_rule --data "hash=82ab8b2193b3cfb1c737e3a786be363a&type=manifest&rule=app_allowbackup" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/suppress_by_rule --data "hash=82ab8b2193b3cfb1c737e3a786be363a&type=code&rule=android_logging" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Suppress by Files

Suppress findings by files.

• URL: /api/v1/suppress_by_files

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
type	code	Yes
rule	rule id	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/suppress_by_files --data "hash=82ab8b2193b3cfb1c737e3a786be363a&type=code&rule=app_allowbackup" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/suppress_by_files --data "hash=82ab8b2193b3cfb1c737e3a786be363a&type=code&rule=android_logging" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

View Suppressions

View suppressions associated with a scan.

• URL: /api/v1/list_suppressions

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/list_suppressions --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/list_suppressions --data "hash=82ab8b2193b3cfb1c737e3a786be363a" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Delete Suppressions

Delete suppressions.

• URL: /api/v1/delete_suppression

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
type	code or manifest	Yes
rule	rule id	Yes
kind	rule or file	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/delete_suppression --data "hash=82ab8b2193b3cfb1c737e3a786be363a&kind=file&type=code&rule=android_sql_raw_query" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/delete_suppression --data "hash=82ab8b2193b3cfb1c737e3a786be363a&kind=rule&type=manifest&rule=receiver_exported_intent_filter_exists" -H "X-Mobsf-Api-Key:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Get Apps API

Get Apps available for Dynamic Analysis. You must perform static analysis before attempting dynamic analysis.

• URL: /api/v1/dynamic/get_apps

• Method: GET

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "apks": [ { "MD5": "3a552566097a8de588b8184b059b0158", "APP_NAME": "HelloWorld", "VERSION_NAME": "1.0", "FILE_NAME": "android.apk", "PACKAGE_NAME": "opensecurity.helloworld" }, { "MD5": "6825bb9fde2fc671322df005976755a1", "APP_NAME": "Wikipedia", "VERSION_NAME": "2.7.277-r-2019-12-11", "FILE_NAME": "org.wikipedia_2.7.277-r-2019-12-11-30277_minAPI19(x86)(nodpi)_apkmirror.com.apk", "PACKAGE_NAME": "org.wikipedia" }, ], "identifier": "192.168.56.139:5555", "proxy_ip": "192.168.56.1", "proxy_port": 1337, "title": "MobSF Dynamic Analysis", "version": "v3.1.8 Beta" }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl --url http://localhost:8000/api/v1/dynamic/get_apps -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Start Dynamic Analysis API

Start MobSF Dynamic Analyzer. Ensure that dynamic analysis environment (Android VM/Emulator/Device) is configured and running before calling this API.

• URL: /api/v1/dynamic/start_analysis

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
re_install	0 or 1, default is 1	No
install	0 or 1, default is 1	No

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "screen_witdth": "1440", "screen_height": "2960", "package": "opensecurity.helloworld", "hash": "3a552566097a8de588b8184b059b0158", "android_version": 8, "version": "v3.1.8 Beta", "title": "Dynamic Analyzer" }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/dynamic/start_analysis --data "hash=3a552566097a8de588b8184b059b0158" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

View Logcat API

API view Logcat logs.

• URL: /api/v1/android/logcat

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
package	package name of the app	Yes

• Success Response:

  • Code: 200
    Content-Type: text/event-stream
    Content: Logcat Stream Data

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/android/logcat --data "package=org.wikipedia" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

MobSFy API

API to MobSFY android runtime environment.

• URL: /api/v1/android/mobsfy

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
identifier	ADB identifier of Android VM/Emulator/Device	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "status": "ok", "android_version": 8 }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/android/mobsfy --data "identifier=192.168.56.139:5555" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Execute ADB Commands API

Execute ADB commands inside VM/Emulator/Device.

• URL: /api/v1/android/adb_command

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
cmd	non blocking adb commands	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "status": "ok", "message": "acct\nbugreports\ncache\ncharger\nconfig\nadd\nadata\nadefault.prop\nadev\netc\nfstab.vbox86\ninit\ninit.environ.rc\ninit.rc\ninit.usb.configfs.rc\ninit.usb.rc\ninit.vbox86.rc\ninit.zygote32.rc\nmnt\nnonplat_file_contexts\nnonplat_hwservice_contexts\nnonplat_property_contexts\nnonplat_seapp_contexts\nnonplat_service_contexts\noem\nplat_file_contexts\nplat_hwservice_contexts\nplat_property_contexts\nplat_seapp_contexts\nplat_service_contexts\nproc\nrom.trace\nroot\nsbin\nsdcard\nsepolicy\nstorage\nsys\nsystem\ntmp\nueventd.rc\nueventd.vbox86.rc\nvar\nvendor\nvndservice_contexts\n" }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/android/adb_command --data "cmd=shell ls" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Install or Remove Root CA API

API to install or remove MobSF Root CA to or from the Android VM/Emulator/Device.

• URL: /api/v1/android/root_ca

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
action	install/remove	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "status": "ok", "message": "installed" }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/android/root_ca --data "action=install" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Set or Unset MobSF Global HTTP(S) Proxy API

API to apply or remove global HTTP(S) proxy configuration to Android VM/Emulator/Device.

• URL: /api/v1/android/global_proxy

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
action	set/unset	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "status": "ok", "message": "set" }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/android/global_proxy --data "action=set" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Activity or Exported Activity Tester API

API to run Activity or Exported Activity Tester.

• URL: /api/v1/android/activity

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
test	exported/activity	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "status": "ok" }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/android/activity --data "hash=6825bb9fde2fc671322df005976755a1&test=exported" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Start Activity or Exported Activity API

API to manually launch an Activity or Exported Activity.

• URL: /api/v1/android/start_activity

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
activity	Fully qualified name of the activity or exported activity	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "status": "ok" }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/android/start_activity --data "hash=6825bb9fde2fc671322df005976755a1&activity=com.package.android.MainActivity" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

TLS/SSL Security Tester API

API to run TLS/SSL Security Tester.

• URL: /api/v1/android/tls_tests

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "tls_tests": {"tls_misconfigured": false, "no_tls_pin_or_transparency": false, "pin_or_transparency_bypassed": false, "has_cleartext": false}}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/android/tls_tests --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Frida Instrument App API

API to start Frida Instrumentation.

• URL: /api/v1/frida/instrument

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
default_hooks	comma separated default hooks to load	Yes
auxiliary_hooks	comma separated auxiliary hooks to load	Yes
frida_code	user defined frida code to load	Yes
class_name	class name to perform method enumeration when `enum_methods` auxiliary_hook is specified	No
class_search	pattern to search when `search_class` auxiliary_hook is specified	No
class_trace	class name to trace when `trace_class` auxiliary_hook is specified	No
frida_action	spawn/session/ps. The default action is spawn	No
new_package	New package name to attach	No
pid	Process id of the new package to attach	No

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "status": "ok" }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/frida/instrument --data "hash=6825bb9fde2fc671322df005976755a1&default_hooks=api_monitor,ssl_pinning_bypass,root_bypass,debugger_check_bypass&auxiliary_hooks=&frida_code=" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

  OR

  • curl -X POST --url http://localhost:8000/api/v1/frida/instrument --data "hash=6825bb9fde2fc671322df005976755a1&default_hooks=api_monitor,ssl_pinning_bypass,root_bypass,debugger_check_bypass&auxiliary_hooks=enum_class,string_catch,string_compare,enum_methods,search_class,trace_class&class_name=java.io.File&class_search=ssl&class_trace=javax.net.ssl.TrustManager&frida_code=Java.perform(function()+%7B%0A++%2F%2F+Use+send()+for+logging%0A%7D)%3B" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Frida API Monitor API

API to view Frida API monitor output.

• URL: /api/v1/frida/api_monitor

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/frida/api_monitor --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Frida Get Runtime Dependencies API

API to collect runtime dependencies.

• URL: /api/v1/frida/get_dependencies

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/frida/get_dependencies --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Frida View Logs API

API to view Frida log output.

• URL: /api/v1/frida/logs

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/frida/logs --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Frida List Scripts API

API to list available frida scripts.

• URL: /api/v1/frida/list_scripts

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
device	android/ios	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "status": "ok", "files": [ "hook_java_reflection", "jni_hook_by_address", "bypass_flag_secure", "file_trace", "hook_constructor", "jni_trace", "default", "get_android_id", "aes_key", "inputstream_dump", "helper" ] }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/frida/list_scripts --data "device=android" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Frida Get Script API

API to generate frida script based on selection.

• URL: /api/v1/frida/get_script

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
scripts[]	name of the script from the output of Frida List Scripts (/api/v1/frida/list_scripts) API.	Yes
device	android/ios	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/frida/get_script --data "device=android&scripts[]=hook_java_reflection&scripts[]=jni_hook_by_address&scripts[]=default&scripts[]=get_android_id" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Stop Dynamic Analysis API

Stop MobSF Dynamic Analyzer. This API must be called to stop dynamic analysis and prior to report generation.

• URL: /api/v1/dynamic/stop_analysis

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: { "status": "ok" }

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/dynamic/stop_analysis --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Dynamic Analysis JSON Report API

Generate JSON Report of Dynamic Analysis. Stop Dynamic Analysis (/api/v1/dynamic/stop_analysis) API must be called before calling this API.

• URL: /api/v1/dynamic/report_json

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/dynamic/report_json --data "hash=6825bb9fde2fc671322df005976755a1" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Dynamic Analysis View Source API

API to view source of files dumped from device after dynamic analysis. Stop Dynamic Analysis (/api/v1/dynamic/stop_analysis) API must be called before calling this API.

• URL: /api/v1/dynamic/view_source

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
file	relative path of the file	Yes
type	xml/db/others	Yes
hash	hash of the scan	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/dynamic/view_source --data "file=data/data/org.wikipedia/shared_prefs/org.wikipedia_preferences.xml&hash=6825bb9fde2fc671322df005976755a1&type=xml" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Supported Corellium iOS Models API

List out supported iOS Corellium VMs.

• URL: /api/v1/ios/corellium_supported_models

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_supported_models -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Supported Corellium iOS Versions API

List out supported iOS versions for a device.

• URL: /api/v1/ios/corellium_ios_versions

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
model	iOS model	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_ios_versions --data "model=iPhone15,3" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Corellium Create iOS Instance API

Create a jailbroken iOS instance in Corellium with desired flavor and iOS version.

• URL: /api/v1/ios/corellium_create_ios_instance

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
project_id	Corellium Project ID	Yes
name	Name of the VM	Yes
flavor	iOS Flavor	Yes
version	iOS Version	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_create_ios_instance --data "project_id=728bb423-68bc-4300-a484-6e32a43be9cf&name=iosvm&flavor=iphone15p&version=16.0" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

iOS Dynamic Analysis API

List iOS Instance & Apps Available for Dynamic Analysis.

• URL: /api/v1/ios/dynamic_analysis

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/dynamic_analysis -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Corellium Start iOS Instance API

Start iOS VM in previously created in Corellium by instance identifier.

• URL: /api/v1/ios/corellium_start_instance

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Starting VM Instance"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_start_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Corellium Stop iOS Instance API

Stop iOS VM in Corellium by instance identifier.

• URL: /api/v1/ios/corellium_stop_instance

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Instance stopped"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_stop_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Corellium Unpause iOS Instance API

Unpause iOS VM in Corellium by instance identifier.

• URL: /api/v1/ios/corellium_unpause_instance

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Instance unpaused"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_unpause_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Corellium Reboot iOS Instance API

Reboot iOS VM in Corellium by instance identifier.

• URL: /api/v1/ios/corellium_reboot_instance

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Rebooting instance"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_reboot_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Corellium Destroy iOS Instance API

Destroy iOS VM in Corellium by instance identifier.

• URL: /api/v1/ios/corellium_destroy_instance

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Destroying instance"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_destroy_instance --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Corellium List Apps in Instance API

List all apps present in the Corellium iOS VM.

• URL: /api/v1/ios/corellium_list_apps

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

• Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: JSON Contents

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/corellium_list_apps --data "instance_id=ce9cf65d-5ce5-4fad-823f-5d784c802d21" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Setup iOS Dynamic Analysis Environment API

Setup iOS Dynamic Analysis Environment for an IPA. This API call is required for apps not installed in the Corellium iOS VM.

• URL: /api/v1/ios/setup_environment

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id	Yes
hash	MD5 hash of the IPA file	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Testing Environment is Ready!"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/setup_environment --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&hash=35469622303ba10a2195557a3ad1810a" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

iOS Dynamic Analyzer API

Start iOS Dynamic Analyzer with an app. Setup environment (api/v1/ios/setup_environment) API should be called before running dynamic analyzer for IPAs not installed in the Corellium VM.

• URL: /api/v1/ios/dynamic_analyzer

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"hash": "9d6698108e706f669183737f8d20e1e4", "instance_id": "bd057756-87a8-45a6-945d-35c7ce48eafe", "bundle_id": "com.highaltitudehacks.DVIAswiftv2", "version": "v3.9.4 Beta", "form": null, "title": "iOS Dynamic Analyzer"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/dynamic_analyzer --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Run App API

Run the app in the Corellium VM.

• URL: /api/v1/ios/run_app

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "App Started"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/run_app --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Stop App API

Kill the app in the Corellium VM.

• URL: /api/v1/ios/stop_app

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "App Killed"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/stop_app --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Remove App API

Remove an app from the Corellium VM.

• URL: /api/v1/ios/remove_app

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "App uninstalled"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/remove_app --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Take Screenshot API

Take a screenshot.

• URL: /api/v1/ios/take_screenshot

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA..."}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/take_screenshot --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Get App Container Path API

Get App container path. App must be instrumented before calling this API.

• URL: /api/v1/ios/get_app_container_path

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "/var/mobile/Containers/Data/Application/DDEACD38-727E-491C-AB9B-5DE80BB9EA71/"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/get_app_container_path --data "bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Network Capture API

Enable/Disable Network Capture.

• URL: /api/v1/ios/network_capture

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
state	on/off	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Enabled network capture"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/network_capture --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&state=on" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Live PCAP Download API

Download live packet capture.

• URL: /api/v1/ios/live_pcap_download

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/vnd.tcpdump.pcap
    Content: PCAP File

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/live_pcap_download --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

SSH Execute API

Execute OS Commands inside the VM over SSH.

• URL: /api/v1/ios/ssh_execute

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
cmd	OS Command	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Library\nMedia\n\n"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/ssh_execute --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&cmd=ls" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Download App Data API

Download app data from the VM.

• URL: /api/v1/ios/download_app_data

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Downloaded application data"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/download_app_data --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Instance Input API

Provide text, swipe and touch events to the VM

• URL: /api/v1/ios/instance_input

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
x	x-axis integer / Text input text when event parameter is set to text	No
y	y-axis integer	No
event	text/home/enter/backspace/left/right/swipe_up/swipe_down/swipe_left/swipe_right/touch.	No
max_x	Max Screen size x-axis	No
max_y	Max Screen size y-axis	No

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/instance_input --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&x=264&y=824&event=finger&max_x=750&max_y=1334" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

System Logs API

Get VM system logs.

• URL: /api/v1/ios/system_logs

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "iBoot version: iHoot-1975.1.46.1.2\r\ncorecrypto_kex..."}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/system_logs --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

File Upload API

Upload a file to the the VM.

• URL: /api/v1/ios/file_upload

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
file	multipart/form-data	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -F "file=@/Users/foo/foo.sh" -F "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe" --url http://localhost:8000/api/v1/ios/file_upload -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

File Download API

Download a file from the VM.

• URL: /api/v1/ios/file_download

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
file	Path to the file in VM	Yes

• Success Response:

  • Code: 200
    Content-Type: application/octet-stream
    Content: File Data

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/ios/file_download --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&file=/var/mobile/Containers/Data/Application/6DC4F886-537F-4F6D-87EE-ED976F4F4682/Library/Application Support/com.braze.core.persistence/data/61cbc3f/remote-configuration.json" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

Frida Instrument API

Instrument iOS App.

• URL: /api/v1/frida/ios_instrument

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes
hash	MD5 hash of the IPA file	Yes
default_hooks	comma separated default hooks to load	Yes
dump_hooks	comma separated dump hooks to load (network,crypto,cookies,file-access,json,sqlite,data-dir,keychain,nslog,text-inputs,nsurlcredentialstorage,nsuserdefaults,pasteboard)	Yes
auxiliary_hooks	comma separated auxiliary hooks to load	Yes
frida_code	user defined frida code to load	Yes
class_name	class name to perform method enumeration when `enum_methods` auxiliary_hook is specified	No
class_search	pattern to search when `search_class` auxiliary_hook is specified	No
class_trace	class name to trace when `trace_class` auxiliary_hook is specified	No
method_search	look for classes with this method	No
frida_action	spawn/session/ps. The default action is spawn	No
new_package	New package name to attach	No
pid	Process id of the new package to attach	No

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"status": "ok", "message": "Frida Instrumentation successful"}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/frida/ios_instrument --data "frida_action=spawn&pid=&new_bundle_id=&hash=f49355aa96053a36248905f78d5419a8&bundle_id=com.1debit.beta.ChimeApp&instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&default_hooks=jailbreak_bypass&dump_hooks=network,crypto,cookies,file-access,json,sqlite,data-dir,keychain,nslog,text-inputs,nsurlcredentialstorage,nsuserdefaults,pasteboard&auxiliary_hooks=&class_name=&class_search=&method_search=asdad&class_trace=&frida_code=" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"
                      

---

iOS Dynamic Analysis Report API

Get iOS Dynamic Analysis Report.

• URL: /api/v1/dynamic/ios_report_json

• Method: POST

• Header: Authorization:<api_key> Or X-Mobsf-Api-Key:<api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

• Success Response:

  • Code: 200
    Content-Type: application/json; charset=utf-8
    Content: {"hash": "9d6698108e706f669183737f8d20e1e4", "version": "v3.9.4 Beta", "title": "iOS Dynamic Analysis Report", "instance_id": "bd057756-87a8-45a6-945d-35c7ce48eafe", "bundleid": "com.highaltitudehacks.DVIAswiftv2", "trackers": {"detected_trackers": 0, "total_trackers": 432,...."}

• Error Response:

  • Code: 500 Internal Server Error or 405 Method Not Allowed or 422 Unprocessable Entity
    Content-Type: application/json; charset=utf-8
    Content: {"error": <error message> }

  OR

  • Code: 401 Unauthorized
    Content-Type: application/json; charset=utf-8
    Content: {"error": "You are unauthorized to make this request." }

• Sample Call:

  • curl -X POST --url http://localhost:8000/api/v1/dynamic/ios_report_json --data "instance_id=bd057756-87a8-45a6-945d-35c7ce48eafe&bundle_id=com.highaltitudehacks.DVIAswiftv2" -H "Authorization:40596453e9ccd6796fd33c667818a447e59d7b7006f2e93339a67e822753ee23"