Apk Security Guard MCP Suite

🚀 APK Security Guard MCP Suite

This project offers a one - stop automated solution for Android APK security analysis and vulnerability detection, integrating mainstream tools and unifying them into MCP standard API interfaces to enhance efficiency.

🚀 Quick Start

The APK Security Guard MCP Suite is designed to provide a comprehensive solution for Android APK security analysis. It integrates multiple tools and offers a unified API interface for easy use.

✨ Features

• One - stop Solution: Integrate mainstream decompilation, static analysis, dynamic analysis tools such as JEB, JADX, APKTOOL, FlowDroid, MobSF, etc.
• Automated Analysis: Unify tools into MCP standard API interfaces to improve the automation and efficiency of security analysis.
• Multi - expert Decision Model: Use a multi - expert decision model to comprehensively analyze APK security, improving the comprehensiveness of vulnerability discovery and the credibility of results.

📦 Installation

🧩 Install Dependencies

It is highly recommended to use a Python virtual environment to manage project dependencies to avoid global environment conflicts. Here are the detailed steps:

1. Create a new virtual environment:

# For Windows
python -m venv myenv
myenv\Scripts\activate

# For Linux/MacOS
python -m venv myenv
source myenv/bin/activate

2. After activating the virtual environment (you should see (myenv) in the command prompt), install project dependencies:

pip install -r requirements.txt

3. If you need to use MobSF - related APIs, install Node.js dependencies separately. Navigate to the MobSF - MCP directory:

npm install -g mobsf - mcp

⚠️ Important Note

• It is recommended to use Python 3.11.
• Remember to activate the virtual environment every time you start a new working session.

📦 Plugin or Script Installation Recommendations

JEB MCP Script

The script needs to be placed in the scripts folder of the JEB tool in advance.

1. Open JEB and go to File > Scripts > Script Selector.
2. Select and run MCP.py from the script list.
3. If the script is loaded and running successfully, you should see the following messages in the JEB output console:

[MCP] Plugin loaded
[MCP] Plugin running
[MCP] Server started at http://localhost:16161

JADX MCP Plugin

• Java 17 is required to build and run the plugin.
• In the JADX - MCP root directory, run:

  ./gradlew build
  

• After building, the plugin JAR will be generated at:

  plugin/build/libs/JADX - MCP - Plugin.jar
  

• Alternatively, you can directly use the pre - built JAR package: [Download JADX - MCP - Plugin.jar](https://github.com/nkcc - apk/APK - Security - Guard - MCP - Suite/blob/main/JADX - MCP/JADX - MCP - Plugin.jar )
• Copy the JAR file to the lib folder of your jadx - gui installation:

  cp plugin/build/libs/JADX - MCP - Plugin.jar <path - to - jadx - gui>/lib/
  

APKTool

To install APKTool on Windows, you can use Chocolatey (a popular Windows package manager):

Open PowerShell as Administrator.

1. Install Chocolatey by running the following command:

Set - ExecutionPolicy Bypass - Scope Process - Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol - bor 3072; iex ((New - Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

2. After installing Chocolatey, install APKTool with:

choco install apktool

After installation, you can use apktool directly from the command line. For more details and advanced usage, please refer to the official APKTool documentation.

MobSF MCP

First, make sure [MobSF](https://github.com/MobSF/Mobile - Security - Framework - MobSF) is installed.

If you want to extend the functionality and add new APIs, run the following command in the MobSF - MCP root directory of your project:

npm run build

After the build is complete, you will find the generated index.js and mobsf.js files in the build folder.

Open PowerShell as Administrator.

• Set the required environment variables in the command line:

  $env:MOBSF_URL="http://localhost:8000"; 
  $env:MOBSF_API_KEY="your_api_key_here"; 
  

• Start the MobSF MCP server with:

  npx mobsf - mcp
  

FlowDroid

To set up FlowDroid for use with this suite:

1. Download the FlowDroid soot - infoflow - cmd - 2.13.0 - jar - with - dependencies.jar command - line JAR from the [official releases page](https://github.com/secure - software - engineering/FlowDroid/releases).

2. In the FlowDroid - MCP directory, locate the .env file. Open it with a text editor and configure the path to your FlowDroid JAR. For example:

FLOWDROID_WORKSPACE=../flowdroid_workspace
FLOWDROID_JAR_PATH=/home/user/tools/flowdroid/flowdroid.jar
JAVA_HOME=/usr/lib/jvm/java - 11 - openjdk

In the flowdroid_mcp.py script, FlowDroid relies on several key environment variables to run. Make sure these variables are configured correctly before running the script.

# line 15 - 18 
FLOWDROID_WORKSPACE = os.getenv("FLOWDROID_WORKSPACE", "flowdroid_workspace")
FLOWDROID_JAR_PATH = os.getenv("FLOWDROID_JAR_PATH", "FlowDroid.jar")
JAVA_HOME = os.getenv("JAVA_HOME")

# line 134 - 144
command = [
    "java",
    "-jar",
    FLOWDROID_JAR_PATH,  # Make sure the path is correct
    "-a", apk_path,
    "-o", output_dir,
    "-p", "Android\\Sdk\\platforms",  # The platforms directory must be specified
    "-s", "FlowDroid - MCP\\script\\SourcesAndSinks.txt",  # You must specify a source/sink file
]

⚠️ Important Note

• Replace all paths with your actual system paths.
• Ensure the Android SDK platforms directory is correctly specified.

🖥️ VSCode Cline Extension Configuration

To use this project with the [cline](https://marketplace.visualstudio.com/items?itemName=cline - tools.cline) extension in VSCode, add the following configuration to your cline configuration file:

{
  "mcpServers": {
    "Jadx MCP Server": {
      "disabled": false,
      "timeout": 60,
      "command": "myenv\\Scripts\\python.exe",
      "args": [
        "JADX - MCP\\fastmcp_adapter.py"
      ],
      "transportType": "stdio"
    },
    "JEB MCP Server": {
      "disabled": false,
      "timeout": 1800,
      "command": "myenv\\Scripts\\python.exe",
      "args": [
        "JEB - MCP\\server.py"
      ],
      "transportType": "stdio"
    },
    "FlowDroid MCP Server": {
      "disabled": false,
      "timeout": 60,
      "command": "myenv\\Scripts\\python.exe",
      "args": [
        "FlowDroid - MCP\\script\\flowdroid_mcp.py"
      ],
      "transportType": "stdio"
    },
    "MobSF MCP Server": {
      "disabled": false,
      "timeout": 60,
      "command": "Nodejs\\node.exe",
      "args": [
        "MobSF - MCP\\build\\index.js"
      ],
      "env": {
        "MOBSF_URL": "http://localhost:8000",
        "MOBSF_API_KEY": "your_api_key_here"
      },
      "transportType": "stdio"
    },
    "APKTOOL MCP Server": {
      "disabled": false,
      "timeout": 60,
      "command": "myenv\\Scripts\\python.exe",
      "args": [
        "APKTOOL - MCP\\apktool_mcp_server.py"
      ],
      "transportType": "stdio"
    }
  }
}

⚠️ Important Note

Please adjust according to your actual file path and configuration (adjust according to your system). Make sure to fill in your actual MOBSF_API_KEY in the configuration.

💻 Usage Examples

JEB MCP

# Example of using JEB MCP to get APK permissions
from jeb_mcp_client import JebMcpClient

client = JebMcpClient()
permissions = client.get_apk_permissions('path/to/your/apk.apk')
print(permissions)

JADX MCP

# Example of using JADX MCP to list all classes
from jadx_mcp_client import JadxMcpClient

client = JadxMcpClient()
classes = client.list_all_classes()
print(classes)

APKTool MCP

# Example of using APKTool MCP to decode an APK
from apktool_mcp_client import ApktoolMcpClient

client = ApktoolMcpClient()
client.decode_apk('path/to/your/apk.apk', force=True, no_res=False, no_src=False)

MobSF MCP

# Example of using MobSF MCP to upload a file for analysis
import requests

url = 'http://localhost:8000/api/uploadFile'
files = {'file': open('path/to/your/apk.apk', 'rb')}
response = requests.post(url, files=files)
print(response.json())

FlowDroid MCP

# Example of using FlowDroid MCP to run taint analysis
from flowdroid_mcp_client import FlowdroidMcpClient

client = FlowdroidMcpClient()
client.run_flowdroid_analysis('path/to/your/apk.apk', 'output/directory')

📚 Documentation

🛠️ API

JEB MCP

Based on the architecture of https://github.com/flankerhqd/jebmcp

✨ Main API Functions:

Parameter notes:

• filepath should be the absolute path to the APK file.
• method_signature and class_signature use Java - style internal addresses, e.g. Lcom/abc/Foo;->bar(I[JLjava/Lang/String;)V for methods, Lcom/abc/Foo; for classes.

JADX MCP

Based on the architecture of https://github.com/mobilehackinglab/jadx - mcp - plugin

✨ Main API Functions:

Parameter notes:

• class_name should be the fully qualified class name, e.g. com.example.MyClass.
• method_name is the method's name as shown in the decompiled code.
• limit and offset are for pagination when listing classes.
• query: search keyword, used to search for class names or method names containing the keyword.
• return_type: the return type of the method, used to search for methods by return type.
• field_name: the name of the field, used to obtain detailed information about the field.

APKTool MCP

Based on the architecture of https://github.com/zinja - coder/apktool - mcp - server (Apache 2.0 License)

✨ Main API Functions:

Parameter notes:

• project_dir: Path to the APKTool project directory
• apk_path: Path to the APK file
• class_name: Fully qualified class name (e.g. "com.example.MyClass")
• resource_type: Resource directory name (e.g. "layout", "drawable", "values")
• create_backup: Whether to create backup before modifications (default: True)
• file_extensions: List of file extensions to search in (default: [".smali", ".xml"])

MobSF MCP

✨ Main API Functions:

📊 Report Section APIs:

MobSF provides detailed section - specific APIs for accessing different parts of the analysis report. Each section can be accessed using getJsonSection_{section}(hash):

Parameter notes:

• file: Path to the mobile application file (APK/IPA/APPX)
• hash: MD5 hash of the analyzed application
• section: Name of the report section to retrieve
• page: Page number for paginated results
• pageSize: Number of items per page
• type: File type (apk/ipa/studio/eclipse/ios)
• rule: Rule ID for suppression management
• kind: Suppression kind (rule/file)

FlowDroid MCP

✨ Main API Functions:

Parameter notes:

• apk_path: Path to the APK file to analyze
• output_dir: Optional output directory (defaults to workspace/apk_name)
• analysis_dir: Path to FlowDroid analysis output directory

🧠 Multi - expert decision model

This project uses a "multi - expert decision" model to comprehensively analyze APK security.

Analysis process overview

1. Multiple experts answer independently

• 5 reverse analysis tools (MCP) independently perform static analysis on the same APK and automatically generate their own vulnerability reports.
• Each tool, as an "expert", independently discovers potential security issues from different perspectives and technical details.

2. Big model frequency statistics and ranking

• Use the big model to merge, deduplicate and content analyze the vulnerabilities output by all tools, count the frequency of each vulnerability in the 5 tool reports, and record its source.
• Rank all vulnerabilities by frequency of occurrence. The higher the frequency, the more reliable it is.

3. Local priority screening and diversion

• The top 60% of high - frequency vulnerabilities (i.e., vulnerabilities that appear more frequently and are more reliable in the five tools) are automatically retained locally.
• The bottom 40% of vulnerabilities are divided into two categories:
  • No MobSF source: that is, vulnerabilities that are only discovered by other reverse tools are all retained.
  • With MobSF source: that is, low - frequency vulnerabilities that only appear in MobSF reports are handed over to the big model for further evaluation of their danger, and only high - risk vulnerabilities are retained.

4. Final comprehensive integration All high - priority vulnerabilities, unique vulnerabilities, and MobSF vulnerabilities that are evaluated as high - risk by the big model are integrated locally in the third step to generate the final comprehensive vulnerability analysis report.

CrossValidation_APKAnalysis MCP

✨ Main API Functions:

Parameter notes:

• apk_path: Absolute path to the APK file to be analyzed.
• report_paths: List of standardized report file paths from each tool.
• combined_report_path: Path to the merged preliminary comprehensive report.
• mobsf_low_priority_path: Path to low - priority vulnerabilities only from MobSF.
• high_priority_path, unique_low_priority_path, high_risk_mobsf_path: Paths to different priority vulnerability reports.

🖥️ VSCode Cline Extension Configuration

To use this project with the [cline](https://marketplace.visualstudio.com/items?itemName=cline - tools.cline) extension in VSCode, add the following configuration to your cline configuration file:

{
  "mcpServers": {
   "apk_analysis": {
      "disabled": false,
      "timeout": 60,
      "command": "myenv\\Scripts\\python.exe",
      "args": [
        "CrossValidation_APKAnalysis.py"
      ],
      "transportType": "stdio"
    }
  }
}

Through the above process, the project has achieved multi - tool, multi - perspective vulnerability discovery and automated decision - making, greatly improving the comprehensiveness, accuracy and practical value of the analysis results.

📄 License

This project is licensed under the Apache License 2.0. For details, see the LICENSE file.

🙏 Acknowledgments

This project builds upon and integrates several outstanding open - source tools and projects.

Special thanks to:

• The developers and maintainers of all integrated tools
• The open - source community for their continuous contributions
• All contributors who have helped improve this project

⚠️ Disclaimer and Legal Notice

This tool suite is designed for security researchers, penetration testers, and developers for legitimate security testing and analysis purposes only. Users must:

1. Only analyze applications they own or have explicit permission to test
2. Comply with all applicable laws and regulations
3. Respect intellectual property rights and terms of service
4. Use the tools responsibly and ethically

Users must ensure their use of this tool complies with:

• Local and international laws
• Software license agreements
• Terms of service of analyzed applications
• Data protection and privacy regulations

🤝 Contributing

We warmly welcome contributions from the community! Whether you're fixing bugs, improving documentation, adding new features, or suggesting enhancements, your help is appreciated.

• 🐛 Report bugs and issues
• 💡 Propose new features or improvements
• 📝 Improve documentation
• 🔍 Review code and pull requests
• 💻 Submit pull requests

We strive to make this project better together. Your contributions help make this tool more powerful and useful for the entire security research community.