Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-ios-security
A curated list of awesome iOS application security resources.
https://github.com/Cy-clon3/awesome-ios-security
Last synced: 4 days ago
JSON representation
-
Tools
-
Static Analysis Tools
- iFunbox - A general file management software for iPhone and other Apple products.
- 3uTools - An All-in-One management software for iOS devices.
- iTools - An All-in-One solution for iOS devices management.
- iLEAPP - An iOS Logs, Events, And Plist Parser.
- Keychain Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.
- BinaryCookieReader - A tool to read the binarycookie format of Cookies on iOS applications.
- PList Viewer - Gtk application to view property list files.
- XMachOViewer - A Mach-O viewer for Windows, Linux and macOS.
- MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.
-
Dynamic Analysis Tools
- Corellium - The only platform offering ARM-based mobile device virtualization using a custom-built hypervisor for real-world accuracy and high performance.
- itunnel - Use to forward SSH via USB.
- membuddy - Dynamic memory analysis & visualisation tool for security researchers.
- LLDB - A next generation, high-performance debugger.
- mitmproxy - A free and open source interactive HTTPS proxy.
- Burp Suite - An advanced HTTPS proxy software.
- Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
- frida-gum - Cross-platform instrumentation and introspection library written in C.
- Fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
- r2frida - Radare2 and Frida better together.
- r2ghidra - An integration of the Ghidra decompiler for radare2.
- iproxy - A utility allows binding local TCP ports so that a connection to one (or more) of the local ports will be forwarded to the specified port (or ports) on a usbmux device.
- objection - A runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
- Grapefruit - Runtime Application Instruments for iOS.
- Passionfruit - Simple iOS app blackbox assessment tool, powered by frida 12.x and vuejs.
- Runtime Mobile Security (RMS) - Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
- unidbg - Allows you to emulate an Android ARM32 and/or ARM64 native library, and an experimental iOS emulation.
- Qiling - An advanced binary emulation framework.
- fishhook - A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
- Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida.
- FridaHookSwiftAlamofire - A frida tool that capture GET/POST HTTP requests of iOS Swift library 'Alamofire' and disable SSL Pinning.
- ios-deploy - Install and debug iOS apps from the command line. Designed to work on un-jailbroken devices.
- aah - Run iOS arm64 binaries on x86_64 macOS, with varying degrees of success.
-
Reverse Engineering Tools
- Hopper - A reverse engineering tool that will assist you in your static analysis of executable files.
- jtool - An app inspector, disassembler, and signing utility for the macOS, iOS.
- Sideloadly - An app to sideload your favorite games and apps to Jailbroken & Non-Jailbroken iOS devices.
- Cydia Impactor - A GUI tool for sideloading iOS application.
- AltStore - Allows to sideload other apps (.ipa files) onto iOS device.
- Ghidra - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
- Radare2 - UNIX-like reverse engineering framework and command-line toolset.
- Cutter - Free and Open Source Reverse Engineering Platform powered by rizin.
- frida-ios-dump - A tool to pull a decrypted IPA from a jailbroken device.
- bagbak - Yet another frida based App decryptor. Requires jailbroken iOS device and frida.re.
- flexdecrypt - An iOS App & Mach-O binary decryptor.
- bfdecrypt - Utility to decrypt App Store apps on jailbroken iOS 11.x.
- bfinject - Easy dylib injection for jailbroken 64-bit iOS 11.0 - 11.1.2. Compatible with Electra and LiberiOS jailbreaks.
- r2flutch - Yet another tool to decrypt iOS apps using r2frida.
- Clutch - A high-speed iOS decryption tool.
- dsdump - An improved nm + objc/swift class-dump tool.
- class-dump - A command-line utility for examining the Objective-C segment of Mach-O files.
- SwiftDump - A command-line tool for retriving the Swift Object info from Mach-O file.
- iOS App Signer - An app for macOS that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
- SwiftDump - A command-line tool for retriving the Swift Object info from Mach-O file.
-
-
Courses
-
SSL Pinning Bypass Tweaks
- iOS Application Pentesting Series - By Sateesh Verma.
- Pentesting iOS Applications - By PentesterAcademy.
- iOS Pentesting - By Mantis.
- IOS: Penetration Testing - By Noisy Hacker.
-
-
Tweaks
-
Reverse Engineering Tweaks
- iGameGod - Cheat Engine, Speed Manager, Auto Touch, Device Spoofer & App Decryptor.
- CrackerXI - Tool to Decrypt iOS Apps, based on BFInject, Supports Electra as well as Unc0ver Jailbreaks.
- Flex 3 Beta - Flex gives you the power to modify apps and change their behavior, with no coding experience needed.
- Frida - Frida server for iOS.
- OpenSSH - Secure remote access between machines.
- Apple File Conduit "2" - Unlocks filesystem access over USB on Windows or macOS on jailbroken devices.
- AppSync Unified - Enables the ability to install unsigned/fakesigned iOS applications.
- NewTerm 2 - A powerful terminal app for iOS.
- Filza File Manager - A Powerful File Manager for iOS with IPA Installer, DEB Installer, Web viewer, and Terminal.
- AppSync Unified - Enables the ability to install unsigned/fakesigned iOS applications.
- FoulDecrypt - A lightweight and simpling iOS binary decryptor, supports iOS 13.5 and later.
-
Jailbrek Detection Bypass Tweaks
- Shadow - A lightweight general jailbreak detection bypass tweak.
- A-Bypass - A tool that helps block some apps from accessing unauthorized space or calling functions not authorized by Apple due to jailbreak.
- FlyJB X - A jailbreak bypass that allows you to bypass the in-app jailbreak detection mechanism.
- Liberty Lite (Beta) - A general purpose jailbreak detection bypass patch.
- vnodebypass - An expermental tool to hide jailbreak files for bypass detection.
- KernBypass (Unofficial) - A kernel level jailbreak detection bypass tweak.
- HideJB - Bybass jailbreak detection in certain apps.
- Choicy - An advanced tweak configurator.
- Hestia - A global jailbreak detection bypass tweak.
-
SSL Pinning Bypass Tweaks
- SSL Kill Switch 2 - A blackbox tool to disable SSL/TLS certificate validation - including certificate pinning - within iOS and macOS applications.
- SSLBypass - An iOS SSL Pinning Bypass Tweak (iOS 8 - 14).
-
-
Frida Scripts
-
SSL Pinning Bypass Tweaks
- iOS 13 SSL Bypass - SSL Pinning Bypass for iOS 13.
- iOS 12 SSL Bypass - SSL Pinning Bypass for iOS 12.
- iOS Jailbreak Detection Bypass - A Frida script used for bypass iOS jailbreak detection by hooking some methods and functions.
- iOS App Static Analysis - Script for iOS app's static analysis.
- Touch ID Bypass - A Frida script for iOS Touch/Face ID Bypass.
- FridaSwiftDump - A Frida script for retriving the Swift Object info from an running app.
-
-
Books
-
SSL Pinning Bypass Tweaks
- iOS Hacking Guide - By Security Innovation.
- iOS Application Security: The Definitive Guide for Hackers and Developers - By David Thiel.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- Learning iOS Penetration Testing - By Swaroop Yermalkar.
- Hacking and Securing iOS Applications - By Jonathan Zdziarski.
- iOS Hacker's Handbook - By Charlie Miller.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
-
-
Sessions & Workshops
-
SSL Pinning Bypass Tweaks
- iOS + Frida Tutorial - A 3-parts workshop contains an introduction to Frida and iOS, low-level iOS interfaces (GCD, XPC, IOKit, Mach), and Objective-C instrumentation by @naehrdine.
- Exploiting Common iOS Apps' Vulnerabilities - A session by @ivRodriguezCA that walks through some of the most common vulnerabilities on iOS apps and shows how to exploit them.
- iOS Reverse Engineering With Frida - How to get started in iOS RE with any PC/Mac, an iPhone, and Frida by @x71n3.
- iOS Application Vulnerabilities and how to find them - How to get started with hacking iOS apps, environment requirement, play ground etc. by @0ctac0der.
-
-
Articles & Tutorials
-
Penetration Testing Articles
-
Reverse Engineering Articles
-
Jailbrek Detection Bypass Articles
-
SSL Pinning Bypass Articles
- SSL Pinning bypass in iOS application
- Bypass Facebook SSL Certificate Pinning for iOS
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
- Bypass SSL Pinning with LLDB on AppStore iOS apps
-
-
Checklists & Cheatsheets
-
Labs
-
SSL Pinning Bypass Articles
-
-
CTF
-
Writeups
-
Misc
-
SSL Pinning Bypass Articles
- iOS Jailbreak Downloads - Download Jailbreak Tools for All iOS Versions.
- MOBEXLER - A customised virtual machine, designed to help in penetration testing of Android & iOS applications.
- frida Workbench - Unofficial frida workbench for VSCode.
- Apple Configurator - Apple Configurator features a flexible, device-centric design that enables you to configure one or dozens of devices quickly and easily.
- Apple Platform Security - Explore Apple Platform Security.
- IPSW Downloads - Download current and previous versions of Apple's iOS, iPadOS, macOS, watchOS, tvOS and audioOS firmware and receive notifications when new firmwares are released.
- theos - A cross-platform suite of tools for building and deploying software for iOS and other platforms.
-
Programming Languages
Categories
Sub Categories
SSL Pinning Bypass Articles
68
SSL Pinning Bypass Tweaks
56
Dynamic Analysis Tools
23
Reverse Engineering Tools
20
Reverse Engineering Tweaks
11
Jailbrek Detection Bypass Tweaks
9
Static Analysis Tools
9
Reverse Engineering Articles
4
Jailbrek Detection Bypass Articles
4
Penetration Testing Articles
4
Keywords
ios
13
reverse-engineering
11
frida
8
security
6
android
5
radare2
3
unicorn-emulator
3
mobile
3
instrumentation
3
macos
2
windows
2
linux
2
emulator
2
mobile-security
2
framework
2
ios-security
2
android-security
2
machoview
2
machoexplorer
2
macho
2
ipa
2
debugger
2
c
2
disassembler
2
objective-c
1
swift
1
symbols
1
hacktoberfest2023
1
verification
1
macho-loader
1
macho-parser
1
macho64
1
standard
1
security-standards
1
osx-application
1
mach-o
1
security-audit
1
vala
1
ahead-of-time
1
penetration-tests
1
aot
1
arguments
1
functions
1
intercept
1
jit
1
just-in-time
1
modify
1
mono
1
variables
1
theos
1