{% extends "base/base_layout.html" %} {% block sidebar_option %} sidebar-collapse {% endblock %} {% block content %}

API Docs

API Key: {{ api_key}}

Static Analysis

api/v1/upload - Upload a File
api/v1/scan - Scan a File
api/v1/scan_logs - Display Live Scan Logs
api/v1/search - Search a Scan
api/v1/scans - Display Recent Scans
api/v1/tasks - Display Scan Tasks
api/v1/delete_scan - Delete a Scan
api/v1/scorecard - App Scorecard
api/v1/download_pdf - Download PDF Report
api/v1/report_json - Generate JSON Report
api/v1/view_source - View Source Files
api/v1/compare - Compare Apps
api/v1/suppress_by_rule - Suppress by Rule
api/v1/suppress_by_files - Suppress by Files
api/v1/list_suppressions - List Suppressions
api/v1/delete_suppression - Delete Suppressions

Dynamic Analysis Android

api/v1/dynamic/get_apps - Get Apps for Dynamic Analysis
api/v1/dynamic/start_analysis - Start Dynamic Analysis
api/v1/android/logcat - View Logcat
api/v1/android/mobsfy - MobSFy VM/Emulator/Device
api/v1/android/adb_command - Execute ADB Commands
api/v1/android/root_ca - Install or Remove MobSF Root CA
api/v1/android/global_proxy - Set or Unset MobSF HTTP(S) Proxy
api/v1/android/activity - Activity or Exported Activity Tester
api/v1/android/start_activity - Start an Activity or Exported Activity
api/v1/android/tls_tests - TLS/SSL Security Tester
api/v1/frida/instrument - Frida Instrument App
api/v1/frida/api_monitor - Frida API Monitor
api/v1/frida/get_dependencies - Frida Get Dependencies
api/v1/frida/logs - Frida View Logs
api/v1/frida/list_scripts - Frida List Scripts
api/v1/frida/get_script - Frida Get Script
api/v1/dynamic/stop_analysis - Stop Dynamic Analysis
api/v1/dynamic/report_json - Dynamic Analysis JSON report
api/v1/dynamic/view_source - Dynamic Analysis View Source

Dynamic Analysis iOS

api/v1/ios/corellium_supported_models - Supported Corellium iOS Models
api/v1/ios/corellium_ios_versions - Supported Corellium iOS Versions
api/v1/ios/corellium_create_ios_instance - Create an iOS VM in Corellium
api/v1/ios/dynamic_analysis - iOS Dynamic Analysis
api/v1/ios/corellium_start_instance - Start iOS VM in Corellium
api/v1/ios/corellium_stop_instance - Stop iOS VM in Corellium
api/v1/ios/corellium_unpause_instance - Unpause iOS VM in Corellium
api/v1/ios/corellium_reboot_instance - Reboot iOS VM in Corellium
api/v1/ios/corellium_destroy_instance - Destroy iOS VM in Corellium
api/v1/ios/corellium_list_apps - List Apps in Corellium iOS VM
api/v1/ios/setup_environment - Setup iOS Dynamic Analysis Environment
api/v1/ios/dynamic_analyzer - iOS Dynamic Analyzer
api/v1/ios/run_app - Run App
api/v1/ios/stop_app - Stop App
api/v1/ios/remove_app - Remove App
api/v1/ios/take_screenshot - Take Screenshot
api/v1/ios/get_app_container_path - Get App Container Path
api/v1/ios/network_capture - Network Capture
api/v1/ios/live_pcap_download - Live PCAP Download
api/v1/ios/ssh_execute - SSH Execute
api/v1/ios/download_app_data - Download App Data
api/v1/ios/instance_input - Instance Input
api/v1/ios/system_logs - System Logs
api/v1/ios/file_upload - File Upload
api/v1/ios/file_download - File Download
api/v1/frida/ios_instrument - Frida Instrument App
api/v1/dynamic/ios_report_json - iOS Dynamic Analysis Report

Upload File API

API to upload a file. Supported file types are apk, zip, ipa and appx.

URL: /api/v1/upload
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
file	multipart/form-data	Yes

Success Response:
Error Response:
Sample Call:

Scan File API

API to scan a file that is already uploaded. Supports scanning apk, xapk, apks, jar, aar, zip, ipa, so, dylib, a, and appx extensions.

URL: /api/v1/scan
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
re_scan	0 or 1, default is 0	No

Success Response:
Error Response:
Sample Call:

Scan Logs API

API that provides live and latest scan logs.

URL: /api/v1/scan_logs
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Search API

API for querying scan results. You can search using an MD5 checksum, app name, package name, or file name. The API returns the closest match based on your search term.

URL: /api/v1/search
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
query	hash of the scan or text	Yes

Success Response:
Error Response:
Sample Call:

Delete Scan API

API to delete scan results.

URL: /api/v1/delete_scan
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

App Scorecrd API

Get MobSF Application Security Scorecard

URL: /api/v1/scorecard
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Generate PDF Report API

API to generate PDF Report.

URL: /api/v1/download_pdf
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Generate JSON Report API

API to generate JSON Report.

URL: /api/v1/report_json
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

View Source Files API

API to view source files.

URL: /api/v1/view_source
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
file	relative file path	Yes
type	apk/ipa/studio/eclipse/ios	Yes

Success Response:
Error Response:
Sample Call:

Display Recent Scans API

API to Display Recent Scans.

URL: /api/v1/scans
Method: GET
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
page	the number of page	Yes
page_size	per page size	Yes

Success Response:
Error Response:
Sample Call:

Scan Tasks API

Displays the scan tasks queue, accessible only when the asynchronous scan queue is enabled.

URL: /api/v1/tasks
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Success Response:
Error Response:
Sample Call:

Compare Apps API

API to Compare scan results.

URL: /api/v1/compare
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash1	first scan hash	Yes
hash2	second scan hash to compare with	Yes

Success Response:
Error Response:
Sample Call:

Suppress by Rule

Suppress findings by rule id.

URL: /api/v1/suppress_by_rule
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
type	code or manifest	Yes
rule	rule id	Yes

Success Response:
Error Response:
Sample Call:

Suppress by Files

Suppress findings by files.

URL: /api/v1/suppress_by_files
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
type	code	Yes
rule	rule id	Yes

Success Response:
Error Response:
Sample Call:

View Suppressions

View suppressions associated with a scan.

URL: /api/v1/list_suppressions
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Delete Suppressions

Delete suppressions.

URL: /api/v1/delete_suppression
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
type	code or manifest	Yes
rule	rule id	Yes
kind	rule or file	Yes

Success Response:
Error Response:
Sample Call:

Get Apps API

Get Apps available for Dynamic Analysis. You must perform static analysis before attempting dynamic analysis.

URL: /api/v1/dynamic/get_apps
Method: GET
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Success Response:
Error Response:
Sample Call:

Start Dynamic Analysis API

Start MobSF Dynamic Analyzer. Ensure that dynamic analysis environment (Android VM/Emulator/Device) is configured and running before calling this API.

URL: /api/v1/dynamic/start_analysis
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
re_install	0 or 1, default is 1	No
install	0 or 1, default is 1	No

Success Response:
Error Response:
Sample Call:

View Logcat API

API view Logcat logs.

URL: /api/v1/android/logcat
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
package	package name of the app	Yes

Success Response:
Error Response:
Sample Call:

MobSFy API

API to MobSFY android runtime environment.

URL: /api/v1/android/mobsfy
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
identifier	ADB identifier of Android VM/Emulator/Device	Yes

Success Response:
Error Response:
Sample Call:

Execute ADB Commands API

Execute ADB commands inside VM/Emulator/Device.

URL: /api/v1/android/adb_command
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
cmd	non blocking adb commands	Yes

Success Response:
Error Response:
Sample Call:

Install or Remove Root CA API

API to install or remove MobSF Root CA to or from the Android VM/Emulator/Device.

URL: /api/v1/android/root_ca
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
action	install/remove	Yes

Success Response:
Error Response:
Sample Call:

Set or Unset MobSF Global HTTP(S) Proxy API

API to apply or remove global HTTP(S) proxy configuration to Android VM/Emulator/Device.

URL: /api/v1/android/global_proxy
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
action	set/unset	Yes

Success Response:
Error Response:
Sample Call:

Activity or Exported Activity Tester API

API to run Activity or Exported Activity Tester.

URL: /api/v1/android/activity
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
test	exported/activity	Yes

Success Response:
Error Response:
Sample Call:

Start Activity or Exported Activity API

API to manually launch an Activity or Exported Activity.

URL: /api/v1/android/start_activity
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
activity	Fully qualified name of the activity or exported activity	Yes

Success Response:
Error Response:
Sample Call:

TLS/SSL Security Tester API

API to run TLS/SSL Security Tester.

URL: /api/v1/android/tls_tests
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Frida Instrument App API

API to start Frida Instrumentation.

URL: /api/v1/frida/instrument
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes
default_hooks	comma separated default hooks to load	Yes
auxiliary_hooks	comma separated auxiliary hooks to load	Yes
frida_code	user defined frida code to load	Yes
class_name	class name to perform method enumeration when `enum_methods` auxiliary_hook is specified	No
class_search	pattern to search when `search_class` auxiliary_hook is specified	No
class_trace	class name to trace when `trace_class` auxiliary_hook is specified	No
frida_action	spawn/session/ps. The default action is spawn	No
new_package	New package name to attach	No
pid	Process id of the new package to attach	No

Success Response:
Error Response:
Sample Call:

Frida API Monitor API

API to view Frida API monitor output.

URL: /api/v1/frida/api_monitor
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Frida Get Runtime Dependencies API

API to collect runtime dependencies.

URL: /api/v1/frida/get_dependencies
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Frida View Logs API

API to view Frida log output.

URL: /api/v1/frida/logs
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Frida List Scripts API

API to list available frida scripts.

URL: /api/v1/frida/list_scripts
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
device	android/ios	Yes

Success Response:
Error Response:
Sample Call:

Frida Get Script API

API to generate frida script based on selection.

URL: /api/v1/frida/get_script
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
scripts[]	name of the script from the output of Frida List Scripts (/api/v1/frida/list_scripts) API.	Yes
device	android/ios	Yes

Success Response:
Error Response:
Sample Call:

Stop Dynamic Analysis API

Stop MobSF Dynamic Analyzer. This API must be called to stop dynamic analysis and prior to report generation.

URL: /api/v1/dynamic/stop_analysis
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Dynamic Analysis JSON Report API

Generate JSON Report of Dynamic Analysis. Stop Dynamic Analysis (/api/v1/dynamic/stop_analysis) API must be called before calling this API.

URL: /api/v1/dynamic/report_json
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Dynamic Analysis View Source API

API to view source of files dumped from device after dynamic analysis. Stop Dynamic Analysis (/api/v1/dynamic/stop_analysis) API must be called before calling this API.

URL: /api/v1/dynamic/view_source
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
file	relative path of the file	Yes
type	xml/db/others	Yes
hash	hash of the scan	Yes

Success Response:
Error Response:
Sample Call:

Supported Corellium iOS Models API

List out supported iOS Corellium VMs.

URL: /api/v1/ios/corellium_supported_models
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Success Response:
Error Response:
Sample Call:

Supported Corellium iOS Versions API

List out supported iOS versions for a device.

URL: /api/v1/ios/corellium_ios_versions
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
model	iOS model	Yes

Success Response:
Error Response:
Sample Call:

Corellium Create iOS Instance API

Create a jailbroken iOS instance in Corellium with desired flavor and iOS version.

URL: /api/v1/ios/corellium_create_ios_instance
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
project_id	Corellium Project ID	Yes
name	Name of the VM	Yes
flavor	iOS Flavor	Yes
version	iOS Version	Yes

Success Response:
Error Response:
Sample Call:

iOS Dynamic Analysis API

List iOS Instance & Apps Available for Dynamic Analysis.

URL: /api/v1/ios/dynamic_analysis
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params
Success Response:
Error Response:
Sample Call:

Corellium Start iOS Instance API

Start iOS VM in previously created in Corellium by instance identifier.

URL: /api/v1/ios/corellium_start_instance
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

Success Response:
Error Response:
Sample Call:

Corellium Stop iOS Instance API

Stop iOS VM in Corellium by instance identifier.

URL: /api/v1/ios/corellium_stop_instance
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

Success Response:
Error Response:
Sample Call:

Corellium Unpause iOS Instance API

Unpause iOS VM in Corellium by instance identifier.

URL: /api/v1/ios/corellium_unpause_instance
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

Success Response:
Error Response:
Sample Call:

Corellium Reboot iOS Instance API

Reboot iOS VM in Corellium by instance identifier.

URL: /api/v1/ios/corellium_reboot_instance
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

Success Response:
Error Response:
Sample Call:

Corellium Destroy iOS Instance API

Destroy iOS VM in Corellium by instance identifier.

URL: /api/v1/ios/corellium_destroy_instance
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

Success Response:
Error Response:
Sample Call:

Corellium List Apps in Instance API

List all apps present in the Corellium iOS VM.

URL: /api/v1/ios/corellium_list_apps
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>
Data Params

Param Name	Param Value	Required
instance_id	iOS VM instance identifier	Yes

Success Response:
Error Response:
Sample Call:

Setup iOS Dynamic Analysis Environment API

Setup iOS Dynamic Analysis Environment for an IPA. This API call is required for apps not installed in the Corellium iOS VM.

URL: /api/v1/ios/setup_environment
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id	Yes
hash	MD5 hash of the IPA file	Yes

Success Response:
Error Response:
Sample Call:

iOS Dynamic Analyzer API

Start iOS Dynamic Analyzer with an app. Setup environment (api/v1/ios/setup_environment) API should be called before running dynamic analyzer for IPAs not installed in the Corellium VM.

URL: /api/v1/ios/dynamic_analyzer
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

Run App API

Run the app in the Corellium VM.

URL: /api/v1/ios/run_app
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

Stop App API

Kill the app in the Corellium VM.

URL: /api/v1/ios/stop_app
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

Remove App API

Remove an app from the Corellium VM.

URL: /api/v1/ios/remove_app
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

Take Screenshot API

Take a screenshot.

URL: /api/v1/ios/take_screenshot
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

Get App Container Path API

Get App container path. App must be instrumented before calling this API.

URL: /api/v1/ios/get_app_container_path
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

Network Capture API

Enable/Disable Network Capture.

URL: /api/v1/ios/network_capture
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
state	on/off	Yes

Success Response:
Error Response:
Sample Call:

Live PCAP Download API

Download live packet capture.

URL: /api/v1/ios/live_pcap_download
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

SSH Execute API

Execute OS Commands inside the VM over SSH.

URL: /api/v1/ios/ssh_execute
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
cmd	OS Command	Yes

Success Response:
Error Response:
Sample Call:

Download App Data API

Download app data from the VM.

URL: /api/v1/ios/download_app_data
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

Instance Input API

Provide text, swipe and touch events to the VM

URL: /api/v1/ios/instance_input
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
x	x-axis integer / Text input text when event parameter is set to text	No
y	y-axis integer	No
event	text/home/enter/backspace/left/right/swipe_up/swipe_down/swipe_left/swipe_right/touch.	No
max_x	Max Screen size x-axis	No
max_y	Max Screen size y-axis	No

Success Response:
Error Response:
Sample Call:

System Logs API

Get VM system logs.

URL: /api/v1/ios/system_logs
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

File Upload API

Upload a file to the the VM.

URL: /api/v1/ios/file_upload
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
file	multipart/form-data	Yes

Success Response:
Error Response:
Sample Call:

File Download API

Download a file from the VM.

URL: /api/v1/ios/file_download
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
file	Path to the file in VM	Yes

Success Response:
Error Response:
Sample Call:

Frida Instrument API

Instrument iOS App.

URL: /api/v1/frida/ios_instrument
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes
hash	MD5 hash of the IPA file	Yes
default_hooks	comma separated default hooks to load	Yes
dump_hooks	comma separated dump hooks to load (network,crypto,cookies,file-access,json,sqlite,data-dir,keychain,nslog,text-inputs,nsurlcredentialstorage,nsuserdefaults,pasteboard)	Yes
auxiliary_hooks	comma separated auxiliary hooks to load	Yes
frida_code	user defined frida code to load	Yes
class_name	class name to perform method enumeration when `enum_methods` auxiliary_hook is specified	No
class_search	pattern to search when `search_class` auxiliary_hook is specified	No
class_trace	class name to trace when `trace_class` auxiliary_hook is specified	No
method_search	look for classes with this method	No
frida_action	spawn/session/ps. The default action is spawn	No
new_package	New package name to attach	No
pid	Process id of the new package to attach	No

Success Response:
Error Response:
Sample Call:

iOS Dynamic Analysis Report API

Get iOS Dynamic Analysis Report.

URL: /api/v1/dynamic/ios_report_json
Method: POST
Header: Authorization: <api_key> Or X-Mobsf-Api-Key: <api_key>

Param Name	Param Value	Required
instance_id	iOS instance id (Available from /api/v1/ios/dynamic_analysis)	Yes
bundle_id	iOS app bundle id (Available from /api/v1/ios/dynamic_analysis)	Yes

Success Response:
Error Response:
Sample Call:

{% endblock %}