Ipanema is a tool for iOS ipa application security assessment.
The easiest way is to download a precompiled binary for your architecture and operating system from the releases tab.
If you want to build it by yourself follow this steps:
go get github.com/hcninja/ipanemago install github.com/hcninja/ipanema
If this doesn't work, go to the project folder and do a go get -u before go install.
The usage is easy, ipanema -ipa my.ipa, the analysis will output some useful info to stdout, and after the analysis finishes you will find all the analysis data in the temporal path created by ipanema under the folder analysisResult. This folder will contain multiple txt files with the data specified in the filename, useful to grep for info, aside of this, the whole analysis will be dumped in an analysis.json file, try to use jq to filter and search through the info.
- Basic analysis engine
- CLI interface
- Analysis output
- Analysis project json dump
- Search for valuable information available in the ipa bundle
- Detect correctly if the provided ipa is encrypted
- Automated analysis with recommendations
- Banned function analysis with an "exploitability" index
- API
- Web GUI
- Sandbox to do a dynamic analysis
- Function, methods and API fuzzing