/awesome-apple-security

Curated list of tools, techniques and resources related to Apple Security (macOS, iOS, iPadOS, tvOS, watchOS) aimed to help people with an interest in Apple related security topics to get a hold in this field, and for professionals to discover / explore other resources.

Creative Commons Zero v1.0 UniversalCC0-1.0

Awesome Apple Security List Awesome

Curated list of tools, techniques and resources related to Apple Security (macOS, iOS, iPadOS, tvOS, watchOS) aimed to help people with an interest in Apple related cyber security topics to gain a foothold in this field.

Contents


Acquisition and Evidence Collection

  • Cellebrite Digital Collector (Former Macquisition) - Commercial Tooling for Acquisition of macOS Forensic Images.
  • mac_apt - Plugin based forensics framework for quick mac triage that works on live machines, disk images or individual artifact files.
  • Auditor - Deprecated macOS DFIR tool for older systems.
  • Collector - macOS offshoot for live response.
  • The ESF Playground - A tool to view the events in Apple Endpoint Security Framework (ESF) in real time.

Apple Guidance

Attack Vectors and Adversary Techniques

Blogs

Articles

Books and Magazines

People

  • Cedric Owens - X - macOS Security Researcher and Purple Teamer.
  • Csaba Fitzl - X - Hungarian Researcher specialized on macOS Security.
  • Patrick Wardle - X - Founder of Objective-see, and Security Researcher.
  • Sarah Edwards - X - Security Researcher and Trainer of SANS 518 Course.
  • Cody Thomas - GitHub - Developer of Mythic C2.

Hardware Information

Log Analysis

Malware

Processes

Persistence

Tools

Process Viewer

File System

Offensive Tools

  • Mythic C2 - Mythic C2 Framework Documentation.
  • VOODOO - Browser Attack Framework for macOS.
  • SwiftSpy - macOS Keyloger written in Swift.

Reverse Engineering Tools

  • Hopper - A reverse engineering tool that will assist you in your static analysis of executable files.
  • Ghidra - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
  • Radare2 - UNIX-like reverse engineering framework and command-line toolset.
  • Cutter - Free and Open Source Reverse Engineering Platform powered by rizin.
  • frida-ios-dump - A tool to pull a decrypted IPA from a jailbroken device.
  • bagbak - Yet another frida based App decryptor. Requires jailbroken iOS device and frida.re.
  • flexdecrypt - An iOS App & Mach-O binary decryptor.
  • bfdecrypt - Utility to decrypt App Store apps on jailbroken iOS 11.x.
  • bfinject - Easy dylib injection for jailbroken 64-bit iOS 11.0 - 11.1.2. Compatible with Electra and LiberiOS jailbreaks.
  • r2flutch - Yet another tool to decrypt iOS apps using r2frida.
  • Clutch - A high-speed iOS decryption tool.
  • dsdump - An improved nm + objc/swift class-dump tool.
  • class-dump - A command-line utility for examining the Objective-C segment of Mach-O files.
  • SwiftDump - A command-line tool for retriving the Swift Object info from Mach-O file.
  • jtool - An app inspector, disassembler, and signing utility for the macOS, iOS.
  • Sideloadly - An app to sideload your favorite games and apps to Jailbroken & Non-Jailbroken iOS devices.
  • Cydia Impactor - A GUI tool for sideloading iOS application.
  • AltStore - Allows to sideload other apps (.ipa files) onto iOS device.
  • iOS App Signer - An app for macOS that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.

Dynamic Analysis Tools

  • Corellium - The only platform offering ARM-based mobile device virtualization using a custom-built hypervisor for real-world accuracy and high performance.
  • Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
  • frida-gum - Cross-platform instrumentation and introspection library written in C.
  • Fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
  • r2frida - Radare2 and Frida better together.
  • r2ghidra - An integration of the Ghidra decompiler for radare2.
  • iproxy - A utility allows binding local TCP ports so that a connection to one (or more) of the local ports will be forwarded to the specified port (or ports) on a usbmux device.
  • itunnel - Use to forward SSH via USB.
  • objection - A runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
  • Grapefruit - Runtime Application Instruments for iOS.
  • Passionfruit - Simple iOS app blackbox assessment tool, powered by frida 12.x and vuejs.
  • Runtime Mobile Security (RMS) - Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
  • membuddy - Dynamic memory analysis & visualisation tool for security researchers.
  • unidbg - Allows you to emulate an Android ARM32 and/or ARM64 native library, and an experimental iOS emulation.
  • Qiling - An advanced binary emulation framework.
  • fishhook - A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
  • Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida.
  • FridaHookSwiftAlamofire - A frida tool that capture GET/POST HTTP requests of iOS Swift library 'Alamofire' and disable SSL Pinning.
  • ios-deploy - Install and debug iOS apps from the command line. Designed to work on un-jailbroken devices.
  • aah - Run iOS arm64 binaries on x86_64 macOS, with varying degrees of success.
  • LLDB - A next generation, high-performance debugger.
  • mitmproxy - A free and open source interactive HTTPS proxy.
  • Burp Suite - An advanced HTTPS proxy software.

Static Analysis Tools

  • iLEAPP - An iOS Logs, Events, And Plist Parser.
  • Keychain Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.
  • BinaryCookieReader - A tool to read the binarycookie format of Cookies on iOS applications.
  • PList Viewer - Gtk application to view property list files.
  • XMachOViewer - A Mach-O viewer for Windows, Linux and macOS.
  • MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.
  • iFunbox - A general file management software for iPhone and other Apple products.
  • 3uTools - An All-in-One management software for iOS devices.
  • iTools - An All-in-One solution for iOS devices management.

Frida

Conferences

Trainings

Videos

Contributing

Your contributions are always welcome! Please read the contribution guidelines first.