GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ansjdnakjdnajkd → Ios

ansjdnakjdnajkd / Ios

Licence: apache-2.0
Most usable tools for iOS penetration testing

Programming Languages

swift
15916 projects

Labels

iossecuritymacossecurity-toolstoolsapplepentestinfosecresearchcheatsheetslidesfridainformation-securityjailbreakkeychain

Projects that are alternatives of or similar to Ios

Hacker Container
Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-81.35%)
Mutual labels:  security-tools, pentest, infosec, tools
Vxscan
python3写的综合扫描工具,主要用来存活验证,敏感文件探测(目录扫描/js泄露接口/html注释泄露),WAF/CDN识别,端口扫描,指纹/服务识别,操作系统识别,POC扫描,SQL注入,绕过CDN,查询旁站等功能,主要用来甲方自测或乙方授权测试,请勿用来搞破坏。
Stars: ✭ 1,244 (+120.96%)
Mutual labels:  security-tools, pentest, tools
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+37.66%)
Mutual labels:  security-tools, pentest, infosec
Wsmanager
Webshell Manager
Stars: ✭ 99 (-82.42%)
Mutual labels:  security-tools, pentest, infosec
Spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
Stars: ✭ 6,882 (+1122.38%)
Mutual labels:  infosec, pentest, security-tools
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+101.78%)
Mutual labels:  security-tools, pentest, infosec
Netpwn
Tool made to automate tasks of pentesting.
Stars: ✭ 152 (-73%)
Mutual labels:  security-tools, infosec, information-security
Wireshark Cheatsheet
Wireshark Cheat Sheet
Stars: ✭ 131 (-76.73%)
Mutual labels:  cheatsheet, infosec, information-security
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+246.18%)
Mutual labels:  cheatsheet, pentest, infosec
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+417.05%)
Mutual labels:  security-tools, pentest, tools
Recsech
Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .
Stars: ✭ 173 (-69.27%)
Mutual labels:  research, security-tools, tools
Hackthebox
Notes Taken for HTB Machines & InfoSec Community.
Stars: ✭ 167 (-70.34%)
Mutual labels:  cheatsheet, infosec, tools
Cheatsheet God
Penetration Testing Reference Bank - OSCP / PTP & PTX Cheatsheet
Stars: ✭ 3,521 (+525.4%)
Mutual labels:  cheatsheet, security-tools, information-security
Webshell Sniper
🔨 Manage your website via terminal
Stars: ✭ 359 (-36.23%)
Mutual labels:  security-tools, pentest
Objection
📱 objection - runtime mobile exploration
Stars: ✭ 4,404 (+682.24%)
Mutual labels:  frida, pentest
Payloadsallthethings
A list of useful payloads and bypass for Web Application Security and Pentest/CTF
Stars: ✭ 32,909 (+5745.29%)
Mutual labels:  cheatsheet, pentest
Infosec reference
An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
Stars: ✭ 4,162 (+639.25%)
Mutual labels:  infosec, information-security
Csinva.github.io
Slides, paper notes, class notes, blog posts, and research on ML 📉, statistics 📊, and AI 🤖.
Stars: ✭ 342 (-39.25%)
Mutual labels:  slides, research
W5
Security Orchestration, Automation and Response (SOAR) Platform. 安全编排与自动化响应平台,无需编写代码的安全自动化,使用 SOAR 可以让团队工作更加高效
Stars: ✭ 367 (-34.81%)
Mutual labels:  security-tools, tools
A Red Teamer Diaries
RedTeam/Pentest notes and experiments tested on several infrastructures related to professional engagements.
Stars: ✭ 382 (-32.15%)
Mutual labels:  security-tools, tools
View All Similar Projects ➔

iOS/macOS penetration testing cheatsheet

Action macOS Linux Win iOS w/JB
MobSF MobSF MobSF MobSF ---
Plist view plutil or Xcode apt-get install libplist-utils Plist Viewer plutil
Ghidra Ghidra Ghidra Ghidra ---
Frida Frida Frida Frida ---
Awesome Frida Awesome Frida --- --- Awesome Frida
Objection Objection Objection Objection Objection
Needle Needle Needle --- ---
Keychain dumper Keychain dumper --- --- Keychain dumper
iOS URL Schemes iOS URL Schemes --- --- iOS URL Schemes
Debug Hacks Debug Hacks --- --- ---
SandBox Dumper SandBox Dumper --- --- ---
PassionFruit PassionFruit PassionFruit --- ---
iPhoneTunnel iPhoneTunnel --- iPhoneTunnel ---
iRET iRET --- --- ---
idb idb idb --- ---
XSecurity XSecurity --- --- ---

macOS Quick Look plugin for iOS & OSX developers

https://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for .ipa .app .appex .mobileprovision .provisionprofile

iOS / macOS obfuscation

https://github.com/obfuscator-llvm/obfuscator/wiki – ollvm

Static analyze

Project/App Swift Objective-c
Swift Lint + -

Jailbreak

Jailbreak check
Jailbreak Chart
Can I Jailbreak?
Jailbreak list
Repos
http://cydia.iphonecake.com
http://apt.saurik.com/
http://repo.nesolabs.de/
https://build.frida.re/
http://appsec-labs.com/cydia/
http://cydia.zodttd.com/repo/cydia/
http://mobiletools.mwrinfosecurity.com/cydia/
http://repo666.ultrasn0w.com/
http://apt.thebigboss.org/repofiles/cydia/
http://cydia.radare.org/
http://apt.modmyi.com/
http://coolstar.org/publicrepo/
http://getdelta.co/ < Flex3 working
http://julioverne.github.io/
http://brunonfl.github.io/
http://apt.bingner.com/
http://repo.dynastic.co/
http://mcapollo.github.io/Public/
http://apt.hackcn.net/
http://repo.chariz.io/
http://cydia.ichitaso.com/
https://level3tjg.github.io < bfdecrypt (ios11/ios12)
http://ryleyangus.com/repo < Liberty Lite (beta) for JB bypas

Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)

  • Configure burp proxy on iOS device – Visit [your_proxy_adress]:[proxy_port]/mobileassistant.deb – Download file and install
    • Via iFile
    • Via ssh like `dpkg -i path/to/mobileassistant.deb
  • Respring
  • Launch Mobile Assistant
  • Add app in bottom panel
  • Turn-on switcher next to app
  • Launch your app
  • Congrats

More info here NB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)

AppSign / Rebuild / Resign / Inject / Useful tools

Schema

Download and decrypt

Tool Description Link
iFunBox App iFunBox
Appdb Download&resign .ipa Appdb
iphonecake Download&resign .ipa iphonecake
4pda Download&resign .ipa 4pda
iTunes w/app tab iTunes 12.6.3.6 Apple Support
Download old version .ipa Manual how-to Lifehacker

Extract data

Tool Description Link
Rasticrac Jailbreak(+) Rasticrac
Clutch Jailbreak(+) Clutch
bfinject Jailbreak(+), iOS 11-12 bfinject

All in one (Inject > Repack > Resign > Upload)

Tool Description Link
IPA Patch Xcode Project IPA Patch
Resign Xcode Project Regisn

Inject framework

Tool Description Link
CydiaSubstrate Framework Site & .deb file
Reveal app Project Reveal app
JSPatch Framework JSPatch
FRAPL Framework FRAPL
Frida Gadget Framework Frida Gadget
Cycript Framework Frida+Cycript & Site

Repack and resign binary

Tool Description Link
Node Resign Xcode Project Node Resign
iOS App Signer Xcode Project iOS App Signer
AppAddict App AppAddict

Upload and run on device

Tool Description Link
iFunBox App iFunBox
Impactor App Cydia Impactor
IPA installer Xcode Project IPA installer

Useful tools

Tool Description Link
Runtime Headers Xcode Project Runtime Headers
SSL Killswitch 2 Jailbreak(+) SSL Killswitch 2
Theos Project Theos
Dumpdecrypted Project Dumpdecrypted
BundleID Jailbreak(+) BundleID
IPSW Download Firmware IPSW

Slides and articles and links

Name Link
Malware wellbeing on iOS devices Slides
DVIA Homepage
Dynamic analysis of iOS apps w/o Jailbreak Article En Article RU & Slides
Ro(o)tten Apples Vulnerability Heaven in the iOS Sandbox Slides
Light and Dark side of Code Instrumentation Slides
Комбайны безопасности для iOS и Android Slides

Author: @ansjdnakjdnajkd

Do you want to add or fix? - Write to me or pull request!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].