My AIO Site

My Site

Pentesting Tools Security

Installing MobSF Sandbox in an LXC Container using Podman

ByAbhi

May 22, 2025 #Android Pentesting, #APK Scanner, #Container Security, #Cybersecurity Tools, #DevSecOps Tools, #Docker Alternative, #Dynamic Analysis, #iOS Pentesting, #Linux Containers, #LXC Container, #Malware Analysis, #Mobile App Analysis, #Mobile Security Framework, #MobSF, #Open Source Security Tools, #Podman, #Proxmox, #Self-hosted Security Tools, #Static Analysis

In this guide, I’ll walk you through setting up the Mobile Security Framework (MobSF) inside an LXC container on Proxmox, using Podman as a container runtime. MobSF is a powerful automated mobile application pen-testing framework capable of static and dynamic analysis of Android and iOS apps.

Create an LXC Container

First, create a new unprivileged LXC container (or reuse an existing one) on your Proxmox server. For this guide, let’s assume the container ID is 102.

Once the container is created, modify its configuration to enable required features:

nano /etc/pve/lxc/102.conf
features: keyctl=1,nesting=1
lxc.apparmor.profile: unconfined
lxc.cgroup.devices.allow: a
lxc.cap.drop:

pct reboot 102

Install Podman

Log in to your LXC container and install Podman. If you’re using a Debian-based container (like Debian or Ubuntu), use:

Pull the MobSF Image

Once Podman is set up, pull the latest MobSF image from Docker Hub:

podman pull docker.io/opensecurity/mobile-security-framework-mobsf:latest

Running MobSF 

podman run --rm -it -p 8000:8000 docker.io/opensecurity/mobile-security-framework-mobsf:latest

The default MobSF credentials are mobsf/mobsf. This is the standard username and password used to access the MobSF web interface. Navigating to http://localhost:8000/ (or http://127.0.0.1:8000/ or Server IP and Port 8000) in your browser will typically lead to the MobSF login page, where you can use these default credentials to access the platform. 

Upload an APK for Analysis

Once you’re logged in, you can drag and drop or upload a sample .apk file directly into the MobSF dashboard. The analysis will begin automatically, offering insights on permissions, API calls, and potential vulnerabilities.

A Note of Thanks

A heartfelt thank you to the developers and contributors of the Mobile Security Framework (MobSF) project. Your dedication to building and maintaining such a powerful, open-source tool has significantly contributed to the mobile security and ethical hacking community. Your work empowers security researchers, developers, and enthusiasts like me to analyze and secure mobile applications effectively.

Thank you for your continued efforts and commitment to open-source excellence.

By Abhi

Related Post

Open SOC Security Security Automation

N8N – Automating Threat Intelligence for Your Environment (Without AI Overhead)

Mar 19, 2026 Abhi
Open SOC Pentesting Tools Security

Deploying OpenAEV with Docker: A Hands‑On Self‑Hosted Setup

Jan 14, 2026 Abhi
Digital forensic Security

Getting Started with Autopsy: A Beginner’s Guide to Digital Forensics

May 31, 2025 Abhi

Leave a Reply

Your email address will not be published. Required fields are marked *

You missed

Cycling Hobby

Smart Cycling Upgrade: DIY GPS Bike Computer with ESP32-C3, NEO-6M & OLED Display

23/03/2026 Abhi
Open SOC Security Security Automation

N8N – Automating Threat Intelligence for Your Environment (Without AI Overhead)

19/03/2026 Abhi
Cycling Hobby

Smart Cycling Upgrade: High‑Visibility 12V Indicator System (Standalone Hardware Build)

15/01/2026 Abhi
Open SOC Pentesting Tools Security

Deploying OpenAEV with Docker: A Hands‑On Self‑Hosted Setup

14/01/2026 Abhi