Awesome
<!--lint ignore double-link--> <!--lint disable awesome-heading-->Awesome iOS Security <a href="https://github.com/Cy-clon3/awesome-ios-security/"><img src="https://awesome.re/badge.svg" alt="Awesome"></a>
<a href="https://github.com/Cy-clon3/awesome-ios-security/"><img src="https://upload.wikimedia.org/wikipedia/commons/5/56/IOS_15_logo.png" align="right" width="70" alt="iOS 15"></a>
<!--lint enable double-link--><img src="https://upload.wikimedia.org/wikipedia/commons/thumb/1/1b/Apple_logo_grey.svg/30px-Apple_logo_grey.svg.png" width="16"> A curated list of awesome iOS application security resources.
A collection of awesome tools, books, courses, blog posts, and cool stuff about iOS Application Security and Penetration Testing.
Contents
- Tools
- Tweaks
- Frida Scripts
- Courses
- Books
- Sessions & Workshops
- Articles & Tutorials
- Checklists & Cheatsheets
- Labs
- CTF
- Writeups
- Misc
Tools
<a name="reverse-engineering-tools"></a>
Reverse Engineering Tools
- Hopper - A reverse engineering tool that will assist you in your static analysis of executable files.
- Ghidra - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
- Radare2 - UNIX-like reverse engineering framework and command-line toolset.
- Cutter - Free and Open Source Reverse Engineering Platform powered by rizin.
- frida-ios-dump - A tool to pull a decrypted IPA from a jailbroken device.
- bagbak - Yet another frida based App decryptor. Requires jailbroken iOS device and frida.re.
- flexdecrypt - An iOS App & Mach-O binary decryptor.
- bfdecrypt - Utility to decrypt App Store apps on jailbroken iOS 11.x.
- bfinject - Easy dylib injection for jailbroken 64-bit iOS 11.0 - 11.1.2. Compatible with Electra and LiberiOS jailbreaks.
- r2flutch - Yet another tool to decrypt iOS apps using r2frida.
- Clutch - A high-speed iOS decryption tool.
- dsdump - An improved nm + objc/swift class-dump tool.
- class-dump - A command-line utility for examining the Objective-C segment of Mach-O files.
- SwiftDump - A command-line tool for retriving the Swift Object info from Mach-O file.
- jtool - An app inspector, disassembler, and signing utility for the macOS, iOS.
- Sideloadly - An app to sideload your favorite games and apps to Jailbroken & Non-Jailbroken iOS devices.
- Cydia Impactor - A GUI tool for sideloading iOS application.
- AltStore - Allows to sideload other apps (.ipa files) onto iOS device.
- iOS App Signer - An app for macOS that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
<a name="static-analysis-tools"></a>
Static Analysis Tools
- iLEAPP - An iOS Logs, Events, And Plist Parser.
- Keychain Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.
- BinaryCookieReader - A tool to read the binarycookie format of Cookies on iOS applications.
- PList Viewer - Gtk application to view property list files.
- XMachOViewer - A Mach-O viewer for Windows, Linux and macOS.
- MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.
- iFunbox - A general file management software for iPhone and other Apple products.
- 3uTools - An All-in-One management software for iOS devices.
- iTools - An All-in-One solution for iOS devices management.
<a name="dynamic-analysis-tools"></a>
Dynamic Analysis Tools
- Corellium - The only platform offering ARM-based mobile device virtualization using a custom-built hypervisor for real-world accuracy and high performance.
- Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
- frida-gum - Cross-platform instrumentation and introspection library written in C.
- Fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
- r2frida - Radare2 and Frida better together.
- r2ghidra - An integration of the Ghidra decompiler for radare2.
- iproxy - A utility allows binding local TCP ports so that a connection to one (or more) of the local ports will be forwarded to the specified port (or ports) on a usbmux device.
- itunnel - Use to forward SSH via USB.
- objection - A runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
- Grapefruit - Runtime Application Instruments for iOS.
- Passionfruit - Simple iOS app blackbox assessment tool, powered by frida 12.x and vuejs.
- Runtime Mobile Security (RMS) - Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
- membuddy - Dynamic memory analysis & visualisation tool for security researchers.
- unidbg - Allows you to emulate an Android ARM32 and/or ARM64 native library, and an experimental iOS emulation.
- Qiling - An advanced binary emulation framework.
- fishhook - A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
- Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida.
- FridaHookSwiftAlamofire - A frida tool that capture GET/POST HTTP requests of iOS Swift library 'Alamofire' and disable SSL Pinning.
- ios-deploy - Install and debug iOS apps from the command line. Designed to work on un-jailbroken devices.
- aah - Run iOS arm64 binaries on x86_64 macOS, with varying degrees of success.
- LLDB - A next generation, high-performance debugger.
- mitmproxy - A free and open source interactive HTTPS proxy.
- Burp Suite - An advanced HTTPS proxy software.
Tweaks
<a name="reverse-engineering-tweaks"></a>
Reverse Engineering Tweaks
- FoulDecrypt - A lightweight and simpling iOS binary decryptor, supports iOS 13.5 and later.
- iGameGod - Cheat Engine, Speed Manager, Auto Touch, Device Spoofer & App Decryptor.
- CrackerXI - Tool to Decrypt iOS Apps, based on BFInject, Supports Electra as well as Unc0ver Jailbreaks.
- flexdecrypt - Command line tool for decrypting Mach-O binaries.
- Flex 3 Beta - Flex gives you the power to modify apps and change their behavior, with no coding experience needed.
- Frida - Frida server for iOS.
- OpenSSH - Secure remote access between machines.
- Apple File Conduit "2" - Unlocks filesystem access over USB on Windows or macOS on jailbroken devices.
- AppSync Unified - Enables the ability to install unsigned/fakesigned iOS applications.
- NewTerm 2 - A powerful terminal app for iOS.
- Filza File Manager - A Powerful File Manager for iOS with IPA Installer, DEB Installer, Web viewer, and Terminal.
<a name="static-analysis-tweaks"></a>
Jailbrek Detection Bypass Tweaks
- Shadow - A lightweight general jailbreak detection bypass tweak.
- A-Bypass - A tool that helps block some apps from accessing unauthorized space or calling functions not authorized by Apple due to jailbreak.
- FlyJB X - A jailbreak bypass that allows you to bypass the in-app jailbreak detection mechanism.
- Liberty Lite (Beta) - A general purpose jailbreak detection bypass patch.
- vnodebypass - An expermental tool to hide jailbreak files for bypass detection.
- KernBypass (Unofficial) - A kernel level jailbreak detection bypass tweak.
- HideJB - Bybass jailbreak detection in certain apps.
- Hestia - A global jailbreak detection bypass tweak.
- Choicy - An advanced tweak configurator.
<a name="dynamic-analysis-tweaks"></a>
SSL Pinning Bypass Tweaks
- SSL Kill Switch 2 - A blackbox tool to disable SSL/TLS certificate validation - including certificate pinning - within iOS and macOS applications.
- SSLBypass - An iOS SSL Pinning Bypass Tweak (iOS 8 - 14).
Frida Scripts
- FridaSwiftDump - A Frida script for retriving the Swift Object info from an running app.
- iOS 13 SSL Bypass - SSL Pinning Bypass for iOS 13.
- iOS 12 SSL Bypass - SSL Pinning Bypass for iOS 12.
- iOS Jailbreak Detection Bypass - A Frida script used for bypass iOS jailbreak detection by hooking some methods and functions.
- iOS App Static Analysis - Script for iOS app's static analysis.
- Touch ID Bypass - A Frida script for iOS Touch/Face ID Bypass.
Courses
- Pentesting iOS Applications - By PentesterAcademy.
- iOS Pentesting - By Mantis.
- iOS Application Pentesting Series - By Sateesh Verma.
- IOS: Penetration Testing - By Noisy Hacker.
Books
- iOS Hacking Guide - By Security Innovation.
- iOS Application Security: The Definitive Guide for Hackers and Developers - By David Thiel.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- Learning iOS Penetration Testing - By Swaroop Yermalkar.
- Hacking and Securing iOS Applications - By Jonathan Zdziarski.
- iOS Hacker's Handbook - By Charlie Miller.
Sessions & Workshops
- iOS + Frida Tutorial - A 3-parts workshop contains an introduction to Frida and iOS, low-level iOS interfaces (GCD, XPC, IOKit, Mach), and Objective-C instrumentation by @naehrdine.
- Exploiting Common iOS Apps' Vulnerabilities - A session by @ivRodriguezCA that walks through some of the most common vulnerabilities on iOS apps and shows how to exploit them.
- iOS Reverse Engineering With Frida - How to get started in iOS RE with any PC/Mac, an iPhone, and Frida by @x71n3.
- iOS Application Vulnerabilities and how to find them - How to get started with hacking iOS apps, environment requirement, play ground etc. by @0ctac0der.
Articles & Tutorials
<a name="penetration-testing-articles"></a>
Penetration Testing Articles
- A Comprehensive guide to iOS Penetration Testing
- Getting Started with iOS Penetration Testing
- iOS Pentesting 101
- Insecure iOS Storage - DVIAv2
<a name="reverse-engineering-articles"></a>
Reverse Engineering Articles
- iOS Pentesting Tools Part 1: App Decryption and class-dump
- Anti Anti Hooking/Debugging - DVIAv2
- Runtime Manipulation - DVIAv2
- Reverse Engineering iOS Apps - iOS 11 Edition
<a name="jailbrek-detection-bypass-articles"></a>
Jailbrek Detection Bypass Articles
- Bypass Jailbreak Detection with Frida in iOS applications
- iOS Swift Anti-Jailbreak Bypass with Frida
- Bypassing JailBreak Detection - DVIAv2
- Gotta Catch 'Em All: Frida & jailbreak detection
<a name="ssl-pinning-bypass-articles"></a>
SSL Pinning Bypass Articles
- SSL Pinning bypass in iOS application
- Bypass Facebook SSL Certificate Pinning for iOS
- Bypass SSL Pinning with LLDB on AppStore iOS apps
<a name="checklists-cheatsheets"></a>
Checklists & Cheatsheets
- HackTricks iOS Pentesting Checklist
- OWASP Mobile Application Security Verification Standard (MASVS)
- iOS CheatSheet
- iOS Client-Side Attacks and Tests
Labs
CTF
- OWASP UnCrackable Mobile Apps
- r2con Crackmes
- Headbook-CTF
- iOS CTF
- DFA/CCSC Spring 2020 CTF – Apple iOS Forensics with iLEAPP
- NCC Con 2018 iOS CTF
- Cellebrite CTF 2021 - Beth's iPhone
Writeups
- A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
- Airdrop: Symbolic Link Following
- XSS STORED IN FILES.SLACK.COM VIA XML/SVG FILE (IOS)
- Facebook iOS address bar spoofing
Misc
- iOS Jailbreak Downloads - Download Jailbreak Tools for All iOS Versions.
- MOBEXLER - A customised virtual machine, designed to help in penetration testing of Android & iOS applications.
- frida Workbench - Unofficial frida workbench for VSCode.
- Apple Configurator - Apple Configurator features a flexible, device-centric design that enables you to configure one or dozens of devices quickly and easily.
- Apple Platform Security - Explore Apple Platform Security.
- IPSW Downloads - Download current and previous versions of Apple's iOS, iPadOS, macOS, watchOS, tvOS and audioOS firmware and receive notifications when new firmwares are released.
- theos - A cross-platform suite of tools for building and deploying software for iOS and other platforms.
Contributing
Your contributions are always welcome! Please read the contribution guidelines first.