/awesome-ios-security

A curated list of awesome iOS application security resources.

Creative Commons Zero v1.0 UniversalCC0-1.0

Awesome iOS Security Awesome

iOS 15

A curated list of awesome iOS application security resources.

A collection of awesome tools, books, courses, blog posts, and cool stuff about iOS Application Security and Penetration Testing.


Contents

Tools

Reverse Engineering Tools

  • Hopper - A reverse engineering tool that will assist you in your static analysis of executable files.
  • Ghidra - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
  • Radare2 - UNIX-like reverse engineering framework and command-line toolset.
  • Cutter - Free and Open Source Reverse Engineering Platform powered by rizin.
  • frida-ios-dump - A tool to pull a decrypted IPA from a jailbroken device.
  • bagbak - Yet another frida based App decryptor. Requires jailbroken iOS device and frida.re.
  • flexdecrypt - An iOS App & Mach-O binary decryptor.
  • bfdecrypt - Utility to decrypt App Store apps on jailbroken iOS 11.x.
  • bfinject - Easy dylib injection for jailbroken 64-bit iOS 11.0 - 11.1.2. Compatible with Electra and LiberiOS jailbreaks.
  • r2flutch - Yet another tool to decrypt iOS apps using r2frida.
  • Clutch - A high-speed iOS decryption tool.
  • dsdump - An improved nm + objc/swift class-dump tool.
  • class-dump - A command-line utility for examining the Objective-C segment of Mach-O files.
  • SwiftDump - A command-line tool for retriving the Swift Object info from Mach-O file.
  • jtool - An app inspector, disassembler, and signing utility for the macOS, iOS.
  • Sideloadly - An app to sideload your favorite games and apps to Jailbroken & Non-Jailbroken iOS devices.
  • Cydia Impactor - A GUI tool for sideloading iOS application.
  • AltStore - Allows to sideload other apps (.ipa files) onto iOS device.
  • iOS App Signer - An app for macOS that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.

Static Analysis Tools

  • iLEAPP - An iOS Logs, Events, And Plist Parser.
  • Keychain Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.
  • BinaryCookieReader - A tool to read the binarycookie format of Cookies on iOS applications.
  • PList Viewer - Gtk application to view property list files.
  • XMachOViewer - A Mach-O viewer for Windows, Linux and macOS.
  • MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.
  • iFunbox - A general file management software for iPhone and other Apple products.
  • 3uTools - An All-in-One management software for iOS devices.
  • iTools - An All-in-One solution for iOS devices management.

Dynamic Analysis Tools

  • Corellium - The only platform offering ARM-based mobile device virtualization using a custom-built hypervisor for real-world accuracy and high performance.
  • Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
  • frida-gum - Cross-platform instrumentation and introspection library written in C.
  • Fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
  • r2frida - Radare2 and Frida better together.
  • r2ghidra - An integration of the Ghidra decompiler for radare2.
  • iproxy - A utility allows binding local TCP ports so that a connection to one (or more) of the local ports will be forwarded to the specified port (or ports) on a usbmux device.
  • itunnel - Use to forward SSH via USB.
  • objection - A runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
  • Grapefruit - Runtime Application Instruments for iOS.
  • Passionfruit - Simple iOS app blackbox assessment tool, powered by frida 12.x and vuejs.
  • Runtime Mobile Security (RMS) - Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
  • membuddy - Dynamic memory analysis & visualisation tool for security researchers.
  • unidbg - Allows you to emulate an Android ARM32 and/or ARM64 native library, and an experimental iOS emulation.
  • Qiling - An advanced binary emulation framework.
  • fishhook - A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
  • Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida.
  • FridaHookSwiftAlamofire - A frida tool that capture GET/POST HTTP requests of iOS Swift library 'Alamofire' and disable SSL Pinning.
  • ios-deploy - Install and debug iOS apps from the command line. Designed to work on un-jailbroken devices.
  • aah - Run iOS arm64 binaries on x86_64 macOS, with varying degrees of success.
  • LLDB - A next generation, high-performance debugger.
  • mitmproxy - A free and open source interactive HTTPS proxy.
  • Burp Suite - An advanced HTTPS proxy software.

Tweaks

Reverse Engineering Tweaks

  • FoulDecrypt - A lightweight and simpling iOS binary decryptor, supports iOS 13.5 and later.
  • iGameGod - Cheat Engine, Speed Manager, Auto Touch, Device Spoofer & App Decryptor.
  • CrackerXI - Tool to Decrypt iOS Apps, based on BFInject, Supports Electra as well as Unc0ver Jailbreaks.
  • flexdecrypt - Command line tool for decrypting Mach-O binaries.
  • Flex 3 Beta - Flex gives you the power to modify apps and change their behavior, with no coding experience needed.
  • Frida - Frida server for iOS.
  • OpenSSH - Secure remote access between machines.
  • Apple File Conduit "2" - Unlocks filesystem access over USB on Windows or macOS on jailbroken devices.
  • AppSync Unified - Enables the ability to install unsigned/fakesigned iOS applications.
  • NewTerm 2 - A powerful terminal app for iOS.
  • Filza File Manager - A Powerful File Manager for iOS with IPA Installer, DEB Installer, Web viewer, and Terminal.

Jailbrek Detection Bypass Tweaks

  • Shadow - A lightweight general jailbreak detection bypass tweak.
  • A-Bypass - A tool that helps block some apps from accessing unauthorized space or calling functions not authorized by Apple due to jailbreak.
  • FlyJB X - A jailbreak bypass that allows you to bypass the in-app jailbreak detection mechanism.
  • Liberty Lite (Beta) - A general purpose jailbreak detection bypass patch.
  • vnodebypass - An expermental tool to hide jailbreak files for bypass detection.
  • KernBypass (Unofficial) - A kernel level jailbreak detection bypass tweak.
  • HideJB - Bybass jailbreak detection in certain apps.
  • Hestia - A global jailbreak detection bypass tweak.
  • Choicy - An advanced tweak configurator.

SSL Pinning Bypass Tweaks

  • SSL Kill Switch 2 - A blackbox tool to disable SSL/TLS certificate validation - including certificate pinning - within iOS and macOS applications.
  • SSLBypass - An iOS SSL Pinning Bypass Tweak (iOS 8 - 14).

Frida Scripts

Courses

Books

Sessions & Workshops

Articles & Tutorials

Penetration Testing Articles

Reverse Engineering Articles

Jailbrek Detection Bypass Articles

SSL Pinning Bypass Articles

Checklists & Cheatsheets

Labs

CTF

Writeups

Misc

  • iOS Jailbreak Downloads - Download Jailbreak Tools for All iOS Versions.
  • MOBEXLER - A customised virtual machine, designed to help in penetration testing of Android & iOS applications.
  • frida Workbench - Unofficial frida workbench for VSCode.
  • Apple Configurator - Apple Configurator features a flexible, device-centric design that enables you to configure one or dozens of devices quickly and easily.
  • Apple Platform Security - Explore Apple Platform Security.
  • IPSW Downloads - Download current and previous versions of Apple's iOS, iPadOS, macOS, watchOS, tvOS and audioOS firmware and receive notifications when new firmwares are released.
  • theos - A cross-platform suite of tools for building and deploying software for iOS and other platforms.

Contributing

Your contributions are always welcome! Please read the contribution guidelines first.