moonpiesheldon1337

moonpiesheldon1337 / mobsf-fail-app

Public

In-browser false-positive triage for MobSF Community Edition reports. Local LLM, no uploads, no API keys.

29
0
89% credibility
Found May 20, 2026 at 29 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
TypeScript
AI Summary

mobsf-fail is a privacy-first web tool that helps mobile security testers and AppSec teams make sense of noisy MobSF scan reports. Instead of manually reviewing hundreds of findings, users drop their report into the browser where a local AI (running on their own graphics card) analyzes each issue against security expert knowledge. The AI identifies obvious false positives—like Stripe publishable keys flagged as 'secrets', or launcher activities flagged as 'exported'—and helps triage findings into real issues, likely false alarms, and items needing human review. Users can override verdicts, filter by category, and export clean Markdown or CSV reports for client delivery. Everything runs locally in the browser; no report data ever leaves the user's machine.

How It Works

1
📱 You get a MobSF report from a mobile app scan

After scanning an app with MobSF, you download the report in JSON, PDF, or HTML format.

2
🌐 You open the web app in your browser

You visit the website and everything loads locally - nothing is sent to any server.

3
📂 You drop your report into the browser

You drag and drop the MobSF file onto the page, and it instantly reads through all 200+ findings.

4
🤖 Your computer's AI brain reviews each finding

The app uses your graphics card to analyze each issue against security expert knowledge, flagging obvious false alarms.

5
You review the verdicts
✏️
Override the AI's verdict if needed

If you disagree with a classification, you can manually mark it as real issue, likely false alarm, or needs review.

📋
Skip ahead if the triage looks right

If the AI's work looks solid, you can move straight to exporting without changing anything.

6
📄 You export a clean report for your client

You download a Markdown report with only the real issues, or a CSV spreadsheet for tracking in your vuln tracker.

You deliver a report with 200 findings reduced to 20 real issues

Your client gets a focused, actionable security report instead of a wall of noise to sift through.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 29 to 29 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is mobsf-fail-app?

MobSF-fail-app is a browser-based triage tool for MobSF Community Edition security reports. You drop in a report—JSON, PDF, or HTML—and a local LLM running on your GPU (via WebLLM and WebGPU) classifies each finding as a true positive, likely false positive, or needs review. It exports clean Markdown reports you can hand to clients, stripping out the noise MobSF is notorious for producing. Built in TypeScript with React, it requires no API keys and nothing ever leaves your browser.

Why is it gaining traction?

The hook is simple: MobSF dumps 100-300 findings per APK, and a huge chunk are false positives. Stripe publishable keys flagged as secrets, emulator-only endpoints flagged as cleartext traffic, launcher activities flagged as exported—mobsf-fail-app encodes the heuristics experienced pentesters use to dismiss these. The category-specific prompts (code analysis, manifest, permissions, secrets, network security) are the actual product. It works offline after the initial model download, and the privacy story is airtight—open DevTools and watch zero network requests after load.

Who should use this?

Mobile penetration testers drowning in noisy MobSF exports. AppSec teams that need a local triage step before ticket creation or report writing. DevSecOps pipelines using MobSF in CI/CD that want reviewable Markdown output. Solo developers or security students learning mobile app security who want to understand which findings actually matter. If you scan APKs with MobSF and spend hours manually filtering findings, this saves real time.

Verdict

If you already use MobSF, mobsf-fail-app is a legitimate productivity multiplier—the prompts are where the value lives, and the local-only architecture is exactly right for sensitive client work. The credibility score of 0.8999999761581421% reflects a tiny, early-stage project with 29 stars and a single maintainer; the code is clean and the UX thoughtful, but test coverage and community size are minimal. Try the live demo with the sample report, but treat it as a triage aid, not a replacement for human judgment on your most critical findings.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.