Introspy-iOS
Reviewed by 0x000216
on
Friday, October 05, 2018
Rating: 5
iOS App Security Assessment Tool - idb
idb is a tool to simplify some common tasks for iOS app security assessments and research. Please see the Documentation for a more detailed summary of each function.
Features
Features
- Assessment Setup
- SSH port forwarding
- Installation of helper utilities
- App Information
- Bundle information
- Registered URL Schemes
- Platform and SDK Versions
- Data folder location
- Entitlements
- Data Storage
- List plist files and data protection class
- List sqlite files and data protection class
- List Cache.db files and data protection class
- Full app file system browser
- Browse files
- Download/view files
- Check data protection
- Rsync folders and keep git revisions
- Dump iOS keychain
- Binary Analysis
- Check for encryption
- Check for protections (ASLR/PIE, DEP, ARC)
- List shared libraries
- Extract strings in app binary
- Dump class and method signatures
- IPC
- List URL handlers
- Invoke and fuzz URL handlers
- Monitor the iOS pasteboardA
- Other Tools
- Check for iOS backgrounding screenshot
- Install certificates
- Edit
/etc/hosts
file
iOS App Security Assessment Tool - idb
Reviewed by 0x000216
on
Saturday, March 25, 2017
Rating: 5
OWASP iOSForensic - Tool to help in forensics analysis on iOS
OWASP iOSForensic is a python tool to help in forensics analysis on iOS.
It get files, logs, extract sqlite3 databases and uncompress .plist files in xml.
OWASP iOSForensic provides:
- Application's files
- Conversion of .plist files in XML
- Extract all databases
- Conversion of binary cookies
- Application's logs
- A List of all packages
- Extraction multiple packages
Options
- -h --help : show help message
- -a --about : show informations
- -v --verbose : verbose mode
- -i --ip : local ip address of the iOS terminal
- -p --port : ssh port of the iOS terminal (default 22)
- -P --password : root password of the iOS terminal (default alpine)
Examples:
./iOSForensic.py -i 192.168.1.10 [OPTIONS] APP_NAME.app INCOMPLETE_APP_NAME APP_NAME2_WITHOUT_DOT_APP
./iOSForensic.py -i 192.168.1.10 -p 1337 -P pwd MyApp.app angry MyApp2
OWASP iOSForensic - Tool to help in forensics analysis on iOS
Reviewed by 0x000216
on
Wednesday, July 02, 2014
Rating: 5
iRET - iOS Reverse Engineering Toolkit
iOS Reverse Engineering Toolkit o iRet es un conjunto de herramientas que ayudan al auditor de seguridad a llevar a cabo tareas comunes de forma automática. Dichas tareas se enfocan en análisis e ingeniería inversa de aplicaciones iOS, plataforma móvil de Apple (iPhone/iPad).
De entre las tareas que este toolkit es capaz de automatizar, tenemos:
- Binary Analysis (basado en otool)
- Keychain Analysis (keychain_dumper)
- Database Analysis (sqlite3)
- Log Viewer
- Plist Viewer
- Header Files
- Create, edit, save and build theos tweaks
- Display cached screenshots
iRET - iOS Reverse Engineering Toolkit
Reviewed by 0x000216
on
Friday, March 28, 2014
Rating: 5
[DVIA] Damn Vulnerable iOS Application
Damn Vulnerable iOS App (DVIA) is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment.
This application covers all the common vulnerabilities found in iOS applications (following OWASP top 10 mobile risks) and contains several challenges that the user can try.
Vulnerabilities and Challenges Included
- Insecure Data Storage
- Jailbreak Detection
- Runtime Manipulation
- Transport Layer Security
- Client Side Injection
- Information Disclosure
- Broken Cryptography
- Application Patching
All these vulnerabilities and their solutions have been tested upto IOS 7.0.4.
Every challenge/vulnerability has a link for a tutorial that users can read to learn more on that topic.
[DVIA] Damn Vulnerable iOS Application
Reviewed by 0x000216
on
Saturday, February 22, 2014
Rating: 5
[evasi0n7] iOS 7.x Jailbreak
Evasi0n Jailbreaking tools available for Apple iOS 7 users. This jailbreak utility/tool made by Evad3rs team after 3 months of iOS 7 launched. evasi0n is available for Mac and Windows, and is untethered. Here are the requirements posted on the evasi0n website:
- A computer, running Windows (XP minimum), Mac OS X (10.6 minimum) or Linux (x86 / x86_64)
- iTunes installed if you’re running Windows
- An iPhone, iPad or iPod running iOS 7.0 through 7.0.4 (you may check in Settings / General / About => Version)
- A USB cable to connect the device to the computer
evasi0n7 is an untethered jailbreak which supports iOS 7, iOS 7.0.1, iOS 7.0.2, iOS 7.0.3, iOS 7.0.4.
It is compatible with the following iOS 7.x.x devices:
- iPhone 5s, iPhone 5c, iPhone 5, iPhone 4S, iPhone 4, iPhone 3GS
- iPad Air, iPad 4, iPad 3, iPad 2
- Retina iPad mini, iPad mini
- iPod touch 5G
[evasi0n7] iOS 7.x Jailbreak
Reviewed by 0x000216
on
Monday, December 23, 2013
Rating: 5