/iOS-Penetration-Test-Tools

iOS Penetration Test Tools

Tool Link Description
Mallory proxy https://bitbucket.org/IntrepidusGroup/mallory Proxy for Binary protocols
Charles/Burp proxy http://www.charlesproxy.com/  ;

http://www.portswigger.net/burp/

Proxy for HTTP and HTTPS
OpenSSH http://www.openssh.com/ Connect to the iPhone remotely over SSH
Sqlite3 http://www.sqlite.org/ Sqlite database client
GNU Debugger http://www.gnu.org/software/gdb/ For run time analysis & reverse engineering
Syslogd https://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man8/syslogd.8.html View iPhone logs
Tcpdump http://www.tcpdump.org/ Capture network traffic on phone
Otool http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/man1/otool.1.html Odcctools: otool – object file displaying tool
Cycript http://www.cycript.org/ A language designed to interact with Objective-C classes
SSL Kill switch https://github.com/iSECPartners/ios-ssl-kill-switch Blackbox tool to disable SSL certificate validation - including certificate pinning in NSURL
Plutil http://scw.us/iPhone/plutil/ To view Plist files
nm https://linux.die.net/man/1/nm Analysis tool to display the symbol table, which includes names of functions and methods, as well as their load addresses.
sysctl https://developer.apple.com/documentation/installerjs/system/1812308-sysctl A utility to read and change kernel state variables
dump_keychain https://github.com/emonti/iOS_app_re_tools A utility to dump the keychain
Filemon http://www.newosxbook.com/files/filemon.iOS Monitor realtime iOS file system
FileDP http://www.securitylearn.net/2012/10/18/extracting-data-protection-class-from-files-on-ios/ Audits data protection of files
BinaryCookieReader http://securitylearn.net/wp-content/uploads/tools/iOS/BinaryCookieReader.py Read cookies.binarycookies files
lsof ARM Binary https://github.com/u35tpus/iosrep/tree/master/lsof list of all open files and the processes that opened them
lsock ARM Binary http://www.newosxbook.com/index.php?page=downloads monitor socket connections
PonyDebugger Injected https://github.com/dtrukr/PonyDebuggerInjected Injected via Cycript to enable remote debugging
Weak Class Dump https://raw.github.com/limneos/weak_classdump/master/weak_classdump.cy Injected via Cycript to do class-dump (for when you cant un-encrypt the binary)
TrustME https://github.com/intrepidusgroup/trustme Lower level tool to disable SSL certificate validation - including certificate pinning (for everything else but NSURL)
Mac Robber http://www.sleuthkit.org/mac-robber/download.php C code, forensic tool for imaging filesystems and producing a timeline
USBMux Proxy https://github.com/st3fan/usbmux-proxy command line tool to connect local TCP port sto ports on an iPhone or iPod Touch device over USB.
iFunBox http://www.i-funbox.com/ Filesystem access (no jailbreak needed), USBMux Tunneler, .ipa installer
iNalyzer https://appsec-labs.com/iNalyzer/ iOS Penetration testing framework
removePIE https://github.com/peterfillmore/removePIE Disables ASLR of an application
snoop-it https://code.google.com/p/snoop-it/ A tool to assist security assessments and dynamic analysis of iOS Apps, includes runtime views of obj-c classes and methods, and options to modify those values
idb https://github.com/dmayer/idb A GUI (and cmdline) tool to simplify some common tasks for iOS pentesting and research.
Damn Vulnerable iOS Application http://damnvulnerableiosapp.com/ A purposefully vulnerable iOS application for learning iOS application assessment skills.
introspy https://github.com/iSECPartners/Introspy-iOS A security profiling tool revolved around hooking security based iOS APIs and logging their output for security analysis
MEMSCAN https://github.com/hexploitable/memscan A tool which allows you to easily dump iOS process memory to disk as well as searching memory for specified byte signatures
Frida toolkit https://www.frida.re/docs/installation/ dynamic code instrumentation toolkit