π Automated APK security scanning & PDF reporting with MobSF, AI & Google Drive
β‘ 143 views Β· π SecOps & Security Automation
Description
APK Security Scanner & PDF Report Generator
This workflow automatically analyzes any newly uploaded APK file and produces a clean, professional PDF security report. When an APK appears in Google Drive, the workflow downloads it, sends it to MobSF for security scanning, summarizes the results, generates an HTML report using AI, converts it into a PDF via PDF.co and finally saves the PDF back to Google Drive.
Quick Start: Fastest Way to Use This Workflow
- Set up a Google Drive folder for uploading APKs.
- Install MobSF using Docker and copy your API key.
- Add credentials for Google Drive, MobSF, OpenAI and PDF.co in n8n.
- Import the workflow JSON.
- Update node credentials.
- Upload an APK to the watched folder and let the automation run.
What It Does
This workflow provides a complete automated pipeline for analyzing Android APK files. It removes the manual process of scanning apps, extracting security insights, formatting reports and distributing results. Each step is designed to streamline application security checks for development teams, QA engineers and product managers.
Once the workflow detects a new APK in Google Drive, it passes the file to MobSF for a detailed static analysis. The workflow extracts the results, transforms them into a clear and well-structured HTML report using AI and then converts the report into a PDF. This ensures the end-user receives a polished audit-ready security document with zero manual involvement.
Whoβs It For
This workflow is ideal for:
- Mobile development teams performing security checks on apps.
- QA and testing teams validating APK builds before release.
- DevSecOps engineers needing automated, repeatable security audits.
- Software companies generating compliance and audit documentation.
- Agencies reviewing client apps for vulnerabilities.
Requirements to Use This Workflow
- An n8n instance (self-hosted or cloud)
- A Google Drive account with a folder for APK uploads
- Docker installed to run MobSF locally
- MobSF API key
- OpenAI API key
- PDF.co API key
- Basic understanding of n8n nodes and credentials setup
How It Works & Setup Instructions
Step 1 β Prepare Google Drive
Create a folder specifically for APK uploads. Configure the Watch APK Uploads (Google Drive) node to monitor this folder for new files.
Step 2 β Install and Run MobSF Using Docker
Install Docker and run:
docker run -it --rm -p 8000:8000 \
-v $(pwd)/mobsf:/home/mobsf/.MobSF \
opensecurity/mobile-security-framework-mobsfOpen MobSF at http://localhost:8000 and copy your API key.
Step 3 β Add Credentials in n8n
Add credentials for:
- Google Drive
- MobSF (API key in headers)
- OpenAI
- PDF.co
Step 4 β Configure Malware Scanning
- Upload APK to Analyzer (MobSF Upload API) sends the file.
- Start Security Scan (MobSF Scan API) triggers the vulnerability scan.
Step 5 β Summarize & Generate HTML Report
- Summarize MobSF Report (JS Code) extracts key vulnerabilities.
- Generate HTML Report (GPT Model) formats them in a structured report.
- Clean HTML Output (JS Code) removes escaped characters.
Step 6 β Convert HTML to PDF
Use Generate PDF (PDF.co API) to convert the HTML to PDF.
Step 7 β Save Final Report
Download using Download Generated PDF, then upload via Upload PDF to Google Drive.
How To Customize Nodes
- Google Drive Trigger: Change the folder ID to watch a different upload directory.
- MobSF API Nodes: Update URLs if MobSF runs on another port or server.
- AI Report Generator: Modify prompt instructions to change the writing style or report template.
- PDF Generation: Edit margins, page size, or output filename in the PDF.co node.
- Save Location: Change Google Drive folder where the final PDF is stored.
Add-Ons
You can extend this workflow with:
- Slack or Email Notifications when a report is ready
- Automatic naming conventions (e.g., report-{{date}}-{{app_name}}.pdf)
- Saving reports into Airtable or Notion
- Multi-file batch scanning
- VirusTotal scan integration before generating the PDF
Use Case Examples
- Automated security scanning for every new build generated by CI/CD.
- Pre-release vulnerability checks for client-delivered APKs.
- Compliance documentation generation for internal security audits.
- Bulk scanning of legacy APKs for modernization projects.
- Creating professional PDF security reports for customers.
(Many more use cases can be built using the same workflow foundation.)
Troubleshooting Guide
| Issue | Possible Cause | Solution |
|---|---|---|
| MobSF API call fails | Wrong API key or URL | Check MobSF is running and API key is correct. |
| PDF not generated | Invalid HTML or PDF.co key | Validate HTML output and verify PDF.co credentials. |
| Workflow not triggering | Wrong Google Drive folder | Reconfigure Drive Trigger node with the correct folder ID. |
| APK upload fails | File not in binary mode | Ensure HTTP Upload node is using βBinary Dataβ correctly. |
| Scan returns empty data | MobSF not fully started | Wait for full MobSF startup logs before scanning. |
Need Help?
If you need assistance setting up this workflow, customizing it or adding advanced features such as Slack alerts, CI/CD integration or bulk scanning, our n8n workflow development team at WeblineIndia can help.
We specialize in building secure, scalable, automation-driven workflows on n8n for businesses of all sizes.
Contact us anytime for support or to build custom workflow automation solutions.
π Nodes Used
HTTP Request, Google Drive, Google Drive Trigger, OpenAI
π₯ Import
Download workflow.json and import into n8n:
Workflow menu β Import from File