{"id":13538442,"url":"https://github.com/ansjdnakjdnajkd/ios","last_synced_at":"2025-04-02T05:31:17.268Z","repository":{"id":38903935,"uuid":"112600629","full_name":"ansjdnakjdnajkd/iOS","owner":"ansjdnakjdnajkd","description":"Most usable tools for iOS penetration testing","archived":false,"fork":false,"pushed_at":"2023-11-06T14:01:12.000Z","size":165,"stargazers_count":1039,"open_issues_count":0,"forks_count":171,"subscribers_count":56,"default_branch":"master","last_synced_at":"2024-11-19T10:47:20.791Z","etag":null,"topics":["apple","cheatsheet","frida","ghidra","information-security","information-security-research","infosec","ios","jailbreak","keychain","macos","objection","objective-c","pentest","research","security","security-tools","slides","swift","tools"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ansjdnakjdnajkd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-11-30T10:55:27.000Z","updated_at":"2024-11-17T22:52:05.000Z","dependencies_parsed_at":"2024-01-20T19:07:17.276Z","dependency_job_id":"f292d924-ca01-49a5-b181-9123afd645c9","html_url":"https://github.com/ansjdnakjdnajkd/iOS","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansjdnakjdnajkd%2FiOS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansjdnakjdnajkd%2FiOS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansjdnakjdnajkd%2FiOS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ansjdnakjdnajkd%2FiOS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ansjdnakjdnajkd","download_url":"https://codeload.github.com/ansjdnakjdnajkd/iOS/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246763805,"owners_count":20829795,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["apple","cheatsheet","frida","ghidra","information-security","information-security-research","infosec","ios","jailbreak","keychain","macos","objection","objective-c","pentest","research","security","security-tools","slides","swift","tools"],"created_at":"2024-08-01T09:01:12.097Z","updated_at":"2025-04-02T05:31:16.980Z","avatar_url":"https://github.com/ansjdnakjdnajkd.png","language":null,"funding_links":[],"categories":["\u003ca id=\"5dd93fbc2f2ebc8d98672b2d95782af3\"\u003e\u003c/a\u003e工具","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","\u003ca id=\"1233584261c0cd5224b6e90a98cc9a94\"\u003e\u003c/a\u003e渗透\u0026\u0026offensive\u0026\u0026渗透框架\u0026\u0026后渗透框架","\u003ca id=\"58cd9084afafd3cd293564c1d615dd7f\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"2e40f2f1df5d7f93a7de47bf49c24a0e\"\u003e\u003c/a\u003e未分类-Pentest","\u003ca id=\"d0108e91e6863289f89084ff09df39d0\"\u003e\u003c/a\u003e新添加的"],"readme":"# iOS/macOS penetration testing cheatsheet\n\n| Action | macOS | Linux | Win | iOS w/JB |\n| --- | --- | --- | --- | --- |\n| `MobSF` | [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | [MobSF](https://github.com/MobSF/Mobile-Security-Framework-MobSF) | --- |\n| `Plist view` | **plutil** or **Xcode** | `apt-get install libplist-utils` | [Plist Viewer](https://github.com/TingPing/plist-viewer) | **plutil** |\n| `Ghidra` | [Ghidra](https://ghidra-sre.org) | [Ghidra](https://ghidra-sre.org) | [Ghidra](https://ghidra-sre.org) | --- |\n| `Frida` | [Frida](https://www.frida.re/docs/installation/) | [Frida](https://www.frida.re/docs/installation/) | [Frida](https://www.frida.re/docs/installation/) | --- |\n| `Awesome Frida` | [Awesome Frida](https://github.com/dweinstein/awesome-frida) | --- | --- | [Awesome Frida](https://github.com/dweinstein/awesome-frida) |\n| `Objection` | [Objection](https://github.com/sensepost/objection) | [Objection](https://github.com/sensepost/objection) | [Objection](https://github.com/sensepost/objection) | [Objection](https://github.com/sensepost/objection) |\n| `Needle` | [Needle](https://github.com/mwrlabs/needle) | [Needle](https://github.com/mwrlabs/needle) | --- | --- |\n| `Keychain dumper` | [Keychain dumper](https://github.com/ptoomey3/Keychain-Dumper) | --- | --- | [Keychain dumper](https://github.com/ptoomey3/Keychain-Dumper) |\n| `iOS URL Schemes` | [iOS URL Schemes](https://github.com/phynet/iOS-URL-Schemes) | --- | --- | [iOS URL Schemes](https://github.com/phynet/iOS-URL-Schemes) |\n| `Debug Hacks` | [Debug Hacks](https://github.com/aozhimin/iOS-Debug-Hacks) | --- | --- | --- |\n| `SandBox Dumper` | [SandBox Dumper](https://github.com/dineshshetty/iOS-SandBox-Dumper) | --- | --- | --- |\n| `PassionFruit` | [PassionFruit](https://github.com/chaitin/passionfruit) | [PassionFruit](https://github.com/chaitin/passionfruit) | --- | --- |\n| `iPhoneTunnel` | [iPhoneTunnel](https://code.google.com/archive/p/iphonetunnel-mac/downloads) | --- | [iPhoneTunnel](https://code.google.com/archive/p/iphonetunnel-usbmuxconnectbyport/downloads) | --- |\n| `iRET` | [iRET](https://github.com/S3Jensen/iRET) | --- | --- | --- |\n| `idb` | [idb](https://github.com/dmayer/idb) | [idb](https://github.com/dmayer/idb) | --- | --- |\n| `XSecurity` | [XSecurity](https://github.com/dmayer/idb) | --- | --- | --- |\n\n## macOS Quick Look plugin for iOS \u0026 OSX developers\nhttps://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for `.ipa` `.app` `.appex` `.mobileprovision` `.provisionprofile`\n\n## iOS / macOS obfuscation\nhttps://github.com/obfuscator-llvm/obfuscator/wiki – ollvm\n\n## Static analyze \n| Project/App | Swift | Objective-c |\n| --- | --- | --- |\n| [Swift Lint](https://github.com/realm/SwiftLint) | + | - |\n\n## Jailbreak\n\n| Jailbreak check |\n| --- |\n| [Jailbreak Chart](https://www.reddit.com/r/jailbreak/wiki/escapeplan/guides/jailbreakcharts) |\n| [Can I Jailbreak?](https://canijailbreak.com/) |\n| [Jailbreak list](http://www.iosemulatorspot.com/jailbreak-ipa/) |\n\n| Repos |\n| --- |\n| [http://cydia.iphonecake.com](http://cydia.iphonecake.com) |\n| [http://apt.saurik.com/](http://apt.saurik.com/) |\n| [http://repo.nesolabs.de/](http://repo.nesolabs.de/) |\n| [https://build.frida.re/](https://build.frida.re/) |\n| [http://appsec-labs.com/cydia/](http://appsec-labs.com/cydia/) |\n| [http://cydia.zodttd.com/repo/cydia/](http://cydia.zodttd.com/repo/cydia/) |\n| [http://mobiletools.mwrinfosecurity.com/cydia/](http://mobiletools.mwrinfosecurity.com/cydia/) |\n| [http://repo666.ultrasn0w.com/](http://repo666.ultrasn0w.com/) |\n| [http://apt.thebigboss.org/repofiles/cydia/](http://apt.thebigboss.org/repofiles/cydia/) |\n| [http://cydia.radare.org/](http://cydia.radare.org/) |\n| [http://apt.modmyi.com/](http://apt.modmyi.com/) |\n| [http://coolstar.org/publicrepo/](http://coolstar.org/publicrepo/) |\n| [http://getdelta.co/](http://getdelta.co/) \u003c Flex3 working |\n| [http://julioverne.github.io/](http://julioverne.github.io/) |\n| [http://brunonfl.github.io/](http://brunonfl.github.io/) |\n| [http://apt.bingner.com/](http://apt.bingner.com/) |\n| [http://repo.dynastic.co/](http://repo.dynastic.co/) |\n| [http://mcapollo.github.io/Public/](http://mcapollo.github.io/Public/) |\n| [http://apt.hackcn.net/](http://apt.hackcn.net/) |\n| [http://repo.chariz.io/](http://repo.chariz.io/) |\n| [http://cydia.ichitaso.com/](http://cydia.ichitaso.com/) |\n| [https://level3tjg.github.io](https://level3tjg.github.io) \u003c bfdecrypt (ios11/ios12)|\n| [http://ryleyangus.com/repo](http://ryleyangus.com/repo) \u003c Liberty Lite (beta) for JB bypas|\n\n\n## Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)\n- Configure burp proxy on iOS device\n– Visit [your_proxy_adress]:[proxy_port]/mobileassistant.deb \n– Download file and install\n  - Via iFile\n  - Via ssh like `dpkg -i path/to/mobileassistant.deb\n- Respring\n- Launch Mobile Assistant\n- Add app in bottom panel\n- Turn-on switcher next to app\n- Launch your app\n- Congrats\n\nMore info [here](https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/)\nNB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)\n\n\n## AppSign / Rebuild / Resign / Inject / Useful tools\n\n![Schema](https://github.com/ansjdnakjdnajkd/iOS/blob/master/Misc/schema.png)\n\n### Download and decrypt\n\n| Tool | Description | Link |\n| --- | --- | --- |\n| `iFunBox` | App | [iFunBox](http://www.i-funbox.com/) |\n| `Appdb` | Download\u0026resign .ipa | [Appdb](appdb.store) |\n| `iphonecake` | Download\u0026resign .ipa | [iphonecake](https://www.iphonecake.com/) |\n| `4pda` | Download\u0026resign .ipa | [4pda](https://4pda.ru/) |\n| `iTunes w/app tab` | iTunes 12.6.3.6 | [Apple Support](https://support.apple.com/en-us/HT208079) |\n| `Download old version .ipa` | Manual how-to | [Lifehacker](https://lifehacker.com/download-old-versions-of-ios-apps-with-a-clever-workaro-1749950092) |\n\n### Extract data\n\n| Tool | Description | Link |\n| --- | --- | --- |\n| `Rasticrac` | Jailbreak(+) | [Rasticrac](https://github.com/easonoutlook/Rasticrac) |\n| `Clutch` | Jailbreak(+) | [Clutch](https://github.com/KJCracks/Clutch) |\n| `bfinject` | Jailbreak(+), iOS 11-12 | [bfinject](https://github.com/BishopFox/bfinject) |\n\n### All in one (Inject \u003e Repack \u003e Resign \u003e Upload)\n\n| Tool | Description | Link |\n| --- | --- | --- |\n| `IPA Patch` | Xcode Project | [IPA Patch](https://github.com/Naituw/IPAPatch) |\n| `Resign` | Xcode Project | [Regisn](https://github.com/vtky/resign) |\n\n\n### Inject framework\n\n| Tool | Description | Link |\n| --- | --- | --- |\n| `CydiaSubstrate` | Framework | [Site](http://www.cydiasubstrate.com/) \u0026 [.deb file](http://apt.saurik.com/debs/mobilesubstrate_0.9.6301_iphoneos-arm.deb) |\n| `Reveal app` | Project | [Reveal app](http://revealapp.com/) |\n| `JSPatch` | Framework | [JSPatch](https://github.com/bang590/JSPatch) |\n| `FRAPL` | Framework | [FRAPL](https://github.com/FriedAppleTeam/FRAPL) |\n| `Frida Gadget` | Framework | [Frida Gadget](https://www.frida.re/docs/ios/) |\n| `Cycript` | Framework | [Frida+Cycript](https://github.com/nowsecure/frida-cycript) \u0026 [Site](http://www.cycript.org/) |\n\n### Repack and resign binary\n\n| Tool | Description | Link |\n| --- | --- | --- |\n| `Node Resign` | Xcode Project | [Node Resign](https://github.com/nowsecure/node-applesign) |\n| `iOS App Signer` | Xcode Project | [iOS App Signer](https://github.com/DanTheMan827/ios-app-signer) |\n| `AppAddict` | App | [AppAddict](https://www.appaddict.org/tools.php) |\n\n### Upload and run on device\n\n| Tool | Description | Link |\n| --- | --- | --- |\n| `iFunBox` | App | [iFunBox](http://www.i-funbox.com/) |\n| `Impactor` | App | [Cydia Impactor](http://www.cydiaimpactor.com/) |\n| `IPA installer` | Xcode Project | [IPA installer](http://github.com/autopear/ipainstaller) |\n\n\n## Useful tools\n\n| Tool | Description | Link |\n| --- | --- | --- |\n| `Runtime Headers` | Xcode Project | [Runtime Headers](https://github.com/nst/iOS-Runtime-Headers) |\n| `SSL Killswitch 2` | Jailbreak(+) | [SSL Killswitch 2](https://github.com/nabla-c0d3/ssl-kill-switch2) |\n| `Theos` | Project | [Theos](https://github.com/theos/theos) |\n| `Dumpdecrypted` | Project | [Dumpdecrypted](https://github.com/stefanesser/dumpdecrypted) |\n| `BundleID` | Jailbreak(+) | [BundleID](https://www.reddit.com/r/iOSthemes/comments/34v57e/how_to_find_an_apps_bundle_id/) |\n| `IPSW` | Download Firmware | [IPSW](https://ipsw.me/) |\n\n\n## Slides and articles and links\n\n| Name | Link |\n| --- | --- |\n| `Malware wellbeing on iOS devices` | [Slides](https://dsec.ru/upload/medialibrary/29f/29f57cef406125e9169da733e1aaf83f.pdf) |\n| `DVIA` | [Homepage](http://damnvulnerableiosapp.com/) |\n| `iGoat-Swift` | [Homepage](https://github.com/OWASP/iGoat-Swift) |\n| `iOS-CTF` | [Homepage](https://github.com/avltree9798/iOS-CTF) |\n| `Dynamic analysis of iOS apps w/o Jailbreak` | [Article En](https://medium.com/@ansjdnakjdnajkd/dynamic-analysis-of-ios-apps-wo-jailbreak-1481ab3020d8) [Article RU](https://habrahabr.ru/company/dsec/blog/339952/) \u0026 [Slides](https://dsec.ru/upload/volgactf_dyn_ios_analysis_wo_jb.pdf) |\n| `Ro(o)tten Apples Vulnerability Heaven in the iOS Sandbox` | [Slides](http://gsec.hitb.org/materials/sg2017/D2%20-%20Adam%20Donenfeld%20-%20Ro(o)tten%20Apples%20-%20Vulnerability%20Heaven%20in%20the%20iOS%20Sandbox.pdf) |\n| `Light and Dark side of Code Instrumentation` | [Slides](http://www.data.proidea.org.pl/confidence/10edycja/materialy/prezentacje/DmitriyEvdokimov.pdf) |\n| `Комбайны безопасности для iOS и Android` | [Slides](https://dsec.ru/upload/medialibrary/e76/e76656cd8b92aa5021cb1a0662d9859f.pdf) |\n\n\n\nAuthor: [@ansjdnakjdnajkd](https://twitter.com/ansjdnakjdnajkd)\n\nDo you want to add or fix? - Write to me or pull request!\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansjdnakjdnajkd%2Fios","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fansjdnakjdnajkd%2Fios","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fansjdnakjdnajkd%2Fios/lists"}