Most usable tools for iOS penetration testing
Available items
No Items, yet!
The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:
iOS/macOS penetration testing cheatsheet
| Action | macOS | Linux | Win | iOS w/JB | | --- | --- | --- | --- | --- | |
MobSF| MobSF | MobSF | MobSF | --- | |
Plist view| plutil or Xcode |
apt-get install libplist-utils| Plist Viewer | plutil | |
Ghidra| Ghidra | Ghidra | Ghidra | --- | |
Frida| Frida | Frida | Frida | --- | |
Awesome Frida| Awesome Frida | --- | --- | Awesome Frida | |
Objection| Objection | Objection | Objection | Objection | |
Needle| Needle | Needle | --- | --- | |
Keychain dumper| Keychain dumper | --- | --- | Keychain dumper | |
iOS URL Schemes| iOS URL Schemes | --- | --- | iOS URL Schemes | |
Debug Hacks| Debug Hacks | --- | --- | --- | |
SandBox Dumper| SandBox Dumper | --- | --- | --- | |
PassionFruit| PassionFruit | PassionFruit | --- | --- | |
iPhoneTunnel| iPhoneTunnel | --- | iPhoneTunnel | --- | |
iRET| iRET | --- | --- | --- | |
idb| idb | idb | --- | --- | |
XSecurity| XSecurity | --- | --- | --- |
macOS Quick Look plugin for iOS & OSX developers
https://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for
.ipa
.app
.appex
.mobileprovision
.provisionprofile
iOS / macOS obfuscation
https://github.com/obfuscator-llvm/obfuscator/wiki – ollvm
Static analyze
| Project/App | Swift | Objective-c | | --- | --- | --- | | Swift Lint | + | - |
Jailbreak
| Jailbreak check | | --- | | Jailbreak Chart | | Can I Jailbreak? | | Jailbreak list |
| Repos | | --- | | http://cydia.iphonecake.com | | http://apt.saurik.com/ | | http://repo.nesolabs.de/ | | https://build.frida.re/ | | http://appsec-labs.com/cydia/ | | http://cydia.zodttd.com/repo/cydia/ | | http://mobiletools.mwrinfosecurity.com/cydia/ | | http://repo666.ultrasn0w.com/ | | http://apt.thebigboss.org/repofiles/cydia/ | | http://cydia.radare.org/ | | http://apt.modmyi.com/ | | http://coolstar.org/publicrepo/ | | http://getdelta.co/ < Flex3 working | | http://julioverne.github.io/ | | http://brunonfl.github.io/ | | http://apt.bingner.com/ | | http://repo.dynastic.co/ | | http://mcapollo.github.io/Public/ | | http://apt.hackcn.net/ | | http://repo.chariz.io/ | | http://cydia.ichitaso.com/ | | https://level3tjg.github.io < bfdecrypt (ios11/ios12)| | http://ryleyangus.com/repo < Liberty Lite (beta) for JB bypas|
Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)
- Configure burp proxy on iOS device
– Visit [yourproxyadress]:[proxy_port]/mobileassistant.deb
– Download file and install
- Via iFile
- Via ssh like `dpkg -i path/to/mobileassistant.deb
- Respring
- Launch Mobile Assistant
- Add app in bottom panel
- Turn-on switcher next to app
- Launch your app
- Congrats
More info here NB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)
AppSign / Rebuild / Resign / Inject / Useful tools
Download and decrypt
| Tool | Description | Link | | --- | --- | --- | |
iFunBox| App | iFunBox | |
Appdb| Download&resign .ipa | Appdb | |
iphonecake| Download&resign .ipa | iphonecake | |
4pda| Download&resign .ipa | 4pda | |
iTunes w/app tab| iTunes 12.6.3.6 | Apple Support | |
Download old version .ipa| Manual how-to | Lifehacker |
Extract data
| Tool | Description | Link | | --- | --- | --- | |
Rasticrac| Jailbreak(+) | Rasticrac | |
Clutch| Jailbreak(+) | Clutch | |
bfinject| Jailbreak(+), iOS 11-12 | bfinject |
All in one (Inject > Repack > Resign > Upload)
| Tool | Description | Link | | --- | --- | --- | |
IPA Patch| Xcode Project | IPA Patch | |
Resign| Xcode Project | Regisn |
Inject framework
| Tool | Description | Link | | --- | --- | --- | |
CydiaSubstrate| Framework | Site & .deb file | |
Reveal app| Project | Reveal app | |
JSPatch| Framework | JSPatch | |
FRAPL| Framework | FRAPL | |
Frida Gadget| Framework | Frida Gadget | |
Cycript| Framework | Frida+Cycript & Site |
Repack and resign binary
| Tool | Description | Link | | --- | --- | --- | |
Node Resign| Xcode Project | Node Resign | |
iOS App Signer| Xcode Project | iOS App Signer | |
AppAddict| App | AppAddict |
Upload and run on device
| Tool | Description | Link | | --- | --- | --- | |
iFunBox| App | iFunBox | |
Impactor| App | Cydia Impactor | |
IPA installer| Xcode Project | IPA installer |
Useful tools
| Tool | Description | Link | | --- | --- | --- | |
Runtime Headers| Xcode Project | Runtime Headers | |
SSL Killswitch 2| Jailbreak(+) | SSL Killswitch 2 | |
Theos| Project | Theos | |
Dumpdecrypted| Project | Dumpdecrypted | |
BundleID| Jailbreak(+) | BundleID | |
IPSW| Download Firmware | IPSW |
Slides and articles and links
| Name | Link | | --- | --- | |
Malware wellbeing on iOS devices| Slides | |
DVIA| Homepage | |
Dynamic analysis of iOS apps w/o Jailbreak| Article En Article RU & Slides | |
Ro(o)tten Apples Vulnerability Heaven in the iOS Sandbox| Slides | |
Light and Dark side of Code Instrumentation| Slides | |
Комбайны безопасности для iOS и Android| Slides |
Author: @ansjdnakjdnajkd
Do you want to add or fix? - Write to me or pull request!