ansjdnakjdnajkd / Ios
Licence: apache-2.0
Most usable tools for iOS penetration testing
Stars: ✭ 563
Programming Languages
swift
15916 projects
Labels
Projects that are alternatives of or similar to Ios
Hacker Container
Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-81.35%)
Mutual labels: security-tools, pentest, infosec, tools
Vxscan
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+120.96%)
Mutual labels: security-tools, pentest, tools
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+37.66%)
Mutual labels: security-tools, pentest, infosec
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+1122.38%)
Mutual labels: infosec, pentest, security-tools
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+101.78%)
Mutual labels: security-tools, pentest, infosec
Netpwn
Tool made to automate tasks of pentesting.
Stars: ✭ 152 (-73%)
Mutual labels: security-tools, infosec, information-security
Wireshark Cheatsheet
Wireshark Cheat Sheet
Stars: ✭ 131 (-76.73%)
Mutual labels: cheatsheet, infosec, information-security
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+246.18%)
Mutual labels: cheatsheet, pentest, infosec
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+417.05%)
Mutual labels: security-tools, pentest, tools
Recsech
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (-69.27%)
Mutual labels: research, security-tools, tools
Hackthebox
Notes Taken for HTB Machines & InfoSec Community.
Stars: ✭ 167 (-70.34%)
Mutual labels: cheatsheet, infosec, tools
Cheatsheet God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+525.4%)
Mutual labels: cheatsheet, security-tools, information-security
Webshell Sniper
🔨 Manage your website via terminal
Stars: ✭ 359 (-36.23%)
Mutual labels: security-tools, pentest
Objection
📱 objection - runtime mobile exploration
Stars: ✭ 4,404 (+682.24%)
Mutual labels: frida, pentest
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+5745.29%)
Mutual labels: cheatsheet, pentest
Infosec reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+639.25%)
Mutual labels: infosec, information-security
Csinva.github.io
Slides, paper notes, class notes, blog posts, and research on ML 📉, statistics 📊, and AI 🤖.
Stars: ✭ 342 (-39.25%)
Mutual labels: slides, research
W5
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (-34.81%)
Mutual labels: security-tools, tools
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-32.15%)
Mutual labels: security-tools, tools
iOS/macOS penetration testing cheatsheet
Action | macOS | Linux | Win | iOS w/JB |
---|---|---|---|---|
MobSF |
MobSF | MobSF | MobSF | --- |
Plist view |
plutil or Xcode | apt-get install libplist-utils |
Plist Viewer | plutil |
Ghidra |
Ghidra | Ghidra | Ghidra | --- |
Frida |
Frida | Frida | Frida | --- |
Awesome Frida |
Awesome Frida | --- | --- | Awesome Frida |
Objection |
Objection | Objection | Objection | Objection |
Needle |
Needle | Needle | --- | --- |
Keychain dumper |
Keychain dumper | --- | --- | Keychain dumper |
iOS URL Schemes |
iOS URL Schemes | --- | --- | iOS URL Schemes |
Debug Hacks |
Debug Hacks | --- | --- | --- |
SandBox Dumper |
SandBox Dumper | --- | --- | --- |
PassionFruit |
PassionFruit | PassionFruit | --- | --- |
iPhoneTunnel |
iPhoneTunnel | --- | iPhoneTunnel | --- |
iRET |
iRET | --- | --- | --- |
idb |
idb | idb | --- | --- |
XSecurity |
XSecurity | --- | --- | --- |
macOS Quick Look plugin for iOS & OSX developers
https://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for .ipa
.app
.appex
.mobileprovision
.provisionprofile
iOS / macOS obfuscation
https://github.com/obfuscator-llvm/obfuscator/wiki – ollvm
Static analyze
Project/App | Swift | Objective-c |
---|---|---|
Swift Lint | + | - |
Jailbreak
Jailbreak check |
---|
Jailbreak Chart |
Can I Jailbreak? |
Jailbreak list |
Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)
- Configure burp proxy on iOS device
– Visit [your_proxy_adress]:[proxy_port]/mobileassistant.deb
– Download file and install
- Via iFile
- Via ssh like `dpkg -i path/to/mobileassistant.deb
- Respring
- Launch Mobile Assistant
- Add app in bottom panel
- Turn-on switcher next to app
- Launch your app
- Congrats
More info here NB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)
AppSign / Rebuild / Resign / Inject / Useful tools
Download and decrypt
Tool | Description | Link |
---|---|---|
iFunBox |
App | iFunBox |
Appdb |
Download&resign .ipa | Appdb |
iphonecake |
Download&resign .ipa | iphonecake |
4pda |
Download&resign .ipa | 4pda |
iTunes w/app tab |
iTunes 12.6.3.6 | Apple Support |
Download old version .ipa |
Manual how-to | Lifehacker |
Extract data
Tool | Description | Link |
---|---|---|
Rasticrac |
Jailbreak(+) | Rasticrac |
Clutch |
Jailbreak(+) | Clutch |
bfinject |
Jailbreak(+), iOS 11-12 | bfinject |
All in one (Inject > Repack > Resign > Upload)
Tool | Description | Link |
---|---|---|
IPA Patch |
Xcode Project | IPA Patch |
Resign |
Xcode Project | Regisn |
Inject framework
Tool | Description | Link |
---|---|---|
CydiaSubstrate |
Framework | Site & .deb file |
Reveal app |
Project | Reveal app |
JSPatch |
Framework | JSPatch |
FRAPL |
Framework | FRAPL |
Frida Gadget |
Framework | Frida Gadget |
Cycript |
Framework | Frida+Cycript & Site |
Repack and resign binary
Tool | Description | Link |
---|---|---|
Node Resign |
Xcode Project | Node Resign |
iOS App Signer |
Xcode Project | iOS App Signer |
AppAddict |
App | AppAddict |
Upload and run on device
Tool | Description | Link |
---|---|---|
iFunBox |
App | iFunBox |
Impactor |
App | Cydia Impactor |
IPA installer |
Xcode Project | IPA installer |
Useful tools
Tool | Description | Link |
---|---|---|
Runtime Headers |
Xcode Project | Runtime Headers |
SSL Killswitch 2 |
Jailbreak(+) | SSL Killswitch 2 |
Theos |
Project | Theos |
Dumpdecrypted |
Project | Dumpdecrypted |
BundleID |
Jailbreak(+) | BundleID |
IPSW |
Download Firmware | IPSW |
Slides and articles and links
Name | Link |
---|---|
Malware wellbeing on iOS devices |
Slides |
DVIA |
Homepage |
Dynamic analysis of iOS apps w/o Jailbreak |
Article En Article RU & Slides |
Ro(o)tten Apples Vulnerability Heaven in the iOS Sandbox |
Slides |
Light and Dark side of Code Instrumentation |
Slides |
Комбайны безопасности для iOS и Android |
Slides |
Author: @ansjdnakjdnajkd
Do you want to add or fix? - Write to me or pull request!
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].