Need help with iOS?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

ansjdnakjdnajkd
652 Stars 139 Forks Apache License 2.0 19 Commits 2 Opened issues

Description

Most usable tools for iOS penetration testing

Services available

!
?

Need anything else?

Contributors list

# 44,186
Swift
ghidra
macOS
iOS
18 commits
# 140,493
Swift
ghidra
macOS
iOS
1 commit

iOS/macOS penetration testing cheatsheet

| Action | macOS | Linux | Win | iOS w/JB | | --- | --- | --- | --- | --- | |

MobSF
| MobSF | MobSF | MobSF | --- | |
Plist view
| plutil or Xcode |
apt-get install libplist-utils
| Plist Viewer | plutil | |
Ghidra
| Ghidra | Ghidra | Ghidra | --- | |
Frida
| Frida | Frida | Frida | --- | |
Awesome Frida
| Awesome Frida | --- | --- | Awesome Frida | |
Objection
| Objection | Objection | Objection | Objection | |
Needle
| Needle | Needle | --- | --- | |
Keychain dumper
| Keychain dumper | --- | --- | Keychain dumper | |
iOS URL Schemes
| iOS URL Schemes | --- | --- | iOS URL Schemes | |
Debug Hacks
| Debug Hacks | --- | --- | --- | |
SandBox Dumper
| SandBox Dumper | --- | --- | --- | |
PassionFruit
| PassionFruit | PassionFruit | --- | --- | |
iPhoneTunnel
| iPhoneTunnel | --- | iPhoneTunnel | --- | |
iRET
| iRET | --- | --- | --- | |
idb
| idb | idb | --- | --- | |
XSecurity
| XSecurity | --- | --- | --- |

macOS Quick Look plugin for iOS & OSX developers

https://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for

.ipa
.app
.appex
.mobileprovision
.provisionprofile

iOS / macOS obfuscation

https://github.com/obfuscator-llvm/obfuscator/wiki – ollvm

Static analyze

| Project/App | Swift | Objective-c | | --- | --- | --- | | Swift Lint | + | - |

Jailbreak

| Jailbreak check | | --- | | Jailbreak Chart | | Can I Jailbreak? | | Jailbreak list |

| Repos | | --- | | http://cydia.iphonecake.com | | http://apt.saurik.com/ | | http://repo.nesolabs.de/ | | https://build.frida.re/ | | http://appsec-labs.com/cydia/ | | http://cydia.zodttd.com/repo/cydia/ | | http://mobiletools.mwrinfosecurity.com/cydia/ | | http://repo666.ultrasn0w.com/ | | http://apt.thebigboss.org/repofiles/cydia/ | | http://cydia.radare.org/ | | http://apt.modmyi.com/ | | http://coolstar.org/publicrepo/ | | http://getdelta.co/ < Flex3 working | | http://julioverne.github.io/ | | http://brunonfl.github.io/ | | http://apt.bingner.com/ | | http://repo.dynastic.co/ | | http://mcapollo.github.io/Public/ | | http://apt.hackcn.net/ | | http://repo.chariz.io/ | | http://cydia.ichitaso.com/ | | https://level3tjg.github.io < bfdecrypt (ios11/ios12)| | http://ryleyangus.com/repo < Liberty Lite (beta) for JB bypas|

Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)

  • Configure burp proxy on iOS device – Visit [yourproxyadress]:[proxy_port]/mobileassistant.deb – Download file and install
    • Via iFile
    • Via ssh like `dpkg -i path/to/mobileassistant.deb
  • Respring
  • Launch Mobile Assistant
  • Add app in bottom panel
  • Turn-on switcher next to app
  • Launch your app
  • Congrats

More info here NB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)

AppSign / Rebuild / Resign / Inject / Useful tools

Schema

Download and decrypt

| Tool | Description | Link | | --- | --- | --- | |

iFunBox
| App | iFunBox | |
Appdb
| Download&resign .ipa | Appdb | |
iphonecake
| Download&resign .ipa | iphonecake | |
4pda
| Download&resign .ipa | 4pda | |
iTunes w/app tab
| iTunes 12.6.3.6 | Apple Support | |
Download old version .ipa
| Manual how-to | Lifehacker |

Extract data

| Tool | Description | Link | | --- | --- | --- | |

Rasticrac
| Jailbreak(+) | Rasticrac | |
Clutch
| Jailbreak(+) | Clutch | |
bfinject
| Jailbreak(+), iOS 11-12 | bfinject |

All in one (Inject > Repack > Resign > Upload)

| Tool | Description | Link | | --- | --- | --- | |

IPA Patch
| Xcode Project | IPA Patch | |
Resign
| Xcode Project | Regisn |

Inject framework

| Tool | Description | Link | | --- | --- | --- | |

CydiaSubstrate
| Framework | Site & .deb file | |
Reveal app
| Project | Reveal app | |
JSPatch
| Framework | JSPatch | |
FRAPL
| Framework | FRAPL | |
Frida Gadget
| Framework | Frida Gadget | |
Cycript
| Framework | Frida+Cycript & Site |

Repack and resign binary

| Tool | Description | Link | | --- | --- | --- | |

Node Resign
| Xcode Project | Node Resign | |
iOS App Signer
| Xcode Project | iOS App Signer | |
AppAddict
| App | AppAddict |

Upload and run on device

| Tool | Description | Link | | --- | --- | --- | |

iFunBox
| App | iFunBox | |
Impactor
| App | Cydia Impactor | |
IPA installer
| Xcode Project | IPA installer |

Useful tools

| Tool | Description | Link | | --- | --- | --- | |

Runtime Headers
| Xcode Project | Runtime Headers | |
SSL Killswitch 2
| Jailbreak(+) | SSL Killswitch 2 | |
Theos
| Project | Theos | |
Dumpdecrypted
| Project | Dumpdecrypted | |
BundleID
| Jailbreak(+) | BundleID | |
IPSW
| Download Firmware | IPSW |

Slides and articles and links

| Name | Link | | --- | --- | |

Malware wellbeing on iOS devices
| Slides | |
DVIA
| Homepage | |
Dynamic analysis of iOS apps w/o Jailbreak
| Article En Article RU & Slides | |
Ro(o)tten Apples Vulnerability Heaven in the iOS Sandbox
| Slides | |
Light and Dark side of Code Instrumentation
| Slides | |
Комбайны безопасности для iOS и Android
| Slides |

Author: @ansjdnakjdnajkd

Do you want to add or fix? - Write to me or pull request!

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.