Reverse engineering and penetration testing on iOS apps: my own list of tools
After a post focused on Android, another list of tools useful for penetration testing and reverse engineering of iOS applications.
Also all this tools are OSS and freely available.
Let’s you connect your laptop to the iPhone to surf the web.
iProxy does not give you tethering – it just gives you the next best thing. A http and a socks proxy on your iPhone. Similar to the famous netshare app did before it got pulled from the App Store.https://github.com/tcurdt/iProxy
Use to forward SSH via USB.
The File and App Management Tool for iPhone, iPad & iPod Touch.
The otool command displays specified parts of object files or libraries.
Clutch is a high-speed iOS decryption tool. Clutch supports the iPhone, iPod Touch, and iPad as well as all iOS version, architecture types, and most binaries.
Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk. This tool is necessary for security researchers to be able to look under the hood of encryption.
A command-line utility for examining the Objective-C runtime information stored in Mach-O files.
A Cycript script that generates a header file for the class passed to the function. Most useful when you cannot classdump or dumpdecrypted , when binaries are encrypted etc.
An automated wrapper script for patching iOS applications (IPA files) and work on non-jailbroken device.
bfinject loads arbitrary dylibs into running App Store apps. It has built-in support for decrypting App Store apps, and comes bundled with iSpy and Cycript.
Hopper is a reverse engineering tool for OS X and Linux, that lets you disassemble, decompile and debug your 32/64bits Intel Mac, Linux, Windows and iOS executables.
Hopperscripts can be used to demangle the Swift function name in HopperApp.
Radare2 is a unix-like reverse engineering framework and commandline tools.
The iOS Reverse Engineering Toolkit is a toolkit designed to automate many of the common tasks associated with iOS penetration testing.
AppSec Labs iNalyzer is a framework for manipulating iOS applications, tampering with parameters and method.
Simple iOS app blackbox assessment tool with Fully web based GUI. Powered by frida.re and vuejs.
Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues.
A utility which can be used to view live system log on iDevice.
A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.
Burp Suite is an integrated platform for performing security testing of applications.
OWASP Zed Attack Proxy Project is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professional penetration testers.
HTTP proxy / HTTP monitor / Reverse Proxy that enables a developer to view all of the HTTP and SSL / HTTPS traffic between their machine and the Internet.
Blackbox tool to disable SSL certificate validation – including certificate pinning – within iOS and OS X Apps.
Disable certificate trust checks on iOS devices.
The tool is patterned on ios-ssl-kill-switch: it uses a similar technique, but targets a C function that is lower in the call chain of most SSL certificate validation code, which allows it to disable more SSL validation code.
A tool for bypassing Jailbreak detection.
Another tool for bypassing Jailbreak detection.
The Frida CodeShare project is comprised of developers from around the world working together with one goal – push Frida to its limits in new and innovative ways.
iMAS is a collaborative research project from the MITRE Corporation focused on open source iOS security controls.