Awesome
iOS/macOS penetration testing cheatsheet
| Action | macOS | Linux | Win | iOS w/JB |
|---|---|---|---|---|
MobSF | MobSF | MobSF | MobSF | --- |
Plist view | plutil or Xcode | apt-get install libplist-utils | Plist Viewer | plutil |
Ghidra | Ghidra | Ghidra | Ghidra | --- |
Frida | Frida | Frida | Frida | --- |
Awesome Frida | Awesome Frida | --- | --- | Awesome Frida |
Objection | Objection | Objection | Objection | Objection |
Needle | Needle | Needle | --- | --- |
Keychain dumper | Keychain dumper | --- | --- | Keychain dumper |
iOS URL Schemes | iOS URL Schemes | --- | --- | iOS URL Schemes |
Debug Hacks | Debug Hacks | --- | --- | --- |
SandBox Dumper | SandBox Dumper | --- | --- | --- |
PassionFruit | PassionFruit | PassionFruit | --- | --- |
iPhoneTunnel | iPhoneTunnel | --- | iPhoneTunnel | --- |
iRET | iRET | --- | --- | --- |
idb | idb | idb | --- | --- |
XSecurity | XSecurity | --- | --- | --- |
macOS Quick Look plugin for iOS & OSX developers
https://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for .ipa .app .appex .mobileprovision .provisionprofile
iOS / macOS obfuscation
https://github.com/obfuscator-llvm/obfuscator/wiki – ollvm
Static analyze
| Project/App | Swift | Objective-c |
|---|---|---|
| Swift Lint | + | - |
Jailbreak
| Jailbreak check |
|---|
| Jailbreak Chart |
| Can I Jailbreak? |
| Jailbreak list |
Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)
- Configure burp proxy on iOS device
– Visit [your_proxy_adress]:[proxy_port]/mobileassistant.deb
– Download file and install
- Via iFile
- Via ssh like `dpkg -i path/to/mobileassistant.deb
- Respring
- Launch Mobile Assistant
- Add app in bottom panel
- Turn-on switcher next to app
- Launch your app
- Congrats
More info here NB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)
AppSign / Rebuild / Resign / Inject / Useful tools
Download and decrypt
| Tool | Description | Link |
|---|---|---|
iFunBox | App | iFunBox |
Appdb | Download&resign .ipa | Appdb |
iphonecake | Download&resign .ipa | iphonecake |
4pda | Download&resign .ipa | 4pda |
iTunes w/app tab | iTunes 12.6.3.6 | Apple Support |
Download old version .ipa | Manual how-to | Lifehacker |
Extract data
| Tool | Description | Link |
|---|---|---|
Rasticrac | Jailbreak(+) | Rasticrac |
Clutch | Jailbreak(+) | Clutch |
bfinject | Jailbreak(+), iOS 11-12 | bfinject |
All in one (Inject > Repack > Resign > Upload)
| Tool | Description | Link |
|---|---|---|
IPA Patch | Xcode Project | IPA Patch |
Resign | Xcode Project | Regisn |
Inject framework
| Tool | Description | Link |
|---|---|---|
CydiaSubstrate | Framework | Site & .deb file |
Reveal app | Project | Reveal app |
JSPatch | Framework | JSPatch |
FRAPL | Framework | FRAPL |
Frida Gadget | Framework | Frida Gadget |
Cycript | Framework | Frida+Cycript & Site |
Repack and resign binary
| Tool | Description | Link |
|---|---|---|
Node Resign | Xcode Project | Node Resign |
iOS App Signer | Xcode Project | iOS App Signer |
AppAddict | App | AppAddict |
Upload and run on device
| Tool | Description | Link |
|---|---|---|
iFunBox | App | iFunBox |
Impactor | App | Cydia Impactor |
IPA installer | Xcode Project | IPA installer |
Useful tools
| Tool | Description | Link |
|---|---|---|
Runtime Headers | Xcode Project | Runtime Headers |
SSL Killswitch 2 | Jailbreak(+) | SSL Killswitch 2 |
Theos | Project | Theos |
Dumpdecrypted | Project | Dumpdecrypted |
BundleID | Jailbreak(+) | BundleID |
IPSW | Download Firmware | IPSW |
Slides and articles and links
| Name | Link |
|---|---|
Malware wellbeing on iOS devices | Slides |
DVIA | Homepage |
iGoat-Swift | Homepage |
iOS-CTF | Homepage |
Dynamic analysis of iOS apps w/o Jailbreak | Article En Article RU & Slides |
Ro(o)tten Apples Vulnerability Heaven in the iOS Sandbox | Slides |
Light and Dark side of Code Instrumentation | Slides |
Комбайны безопасности для iOS и Android | Slides |
Author: @ansjdnakjdnajkd
Do you want to add or fix? - Write to me or pull request!