needle – An iOS Security Testing Framework

  • 141
  •  
  •  
  •  
  •  
  • 1
  •  
  •  
    142
    Shares

needle, is an open source, modular framework to streamline the process of conducting security assessments of iOS applications  and acts as a central point from which to do so.

The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

Needle is easily extensible and new modules can be added in the form of python scripts.

Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code.

Examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections.

The only requirement in order to run Needle effectively is a jailbroken device.  Needle is open source software, maintained by MWR InfoSecurity .

 

Installation:

Download needle:

git clone https://github.com/mwrlabs/needle.git

 

Install dependencies

For Kali Linux:

# Unix packages
sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 lib32ncurses5-dev
# Python packages
sudo pip install readline
sudo pip install paramiko
sudo pip install sshtunnel
sudo pip install frida
sudo pip install mitmproxy

 

For OS X

# Core dependencies
brew install python
brew install libxml2
xcode-select --install
# Python packages
sudo -H pip install --upgrade --user readline
sudo -H pip install --upgrade --user paramiko
sudo -H pip install --upgrade --user sshtunnel
sudo -H pip install --upgrade --user frida
# sshpass
brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb
# mitmproxy
wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz
tar -xvzf mitmproxy-0.17.1-osx.tar.gz
sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/
# libimobiledevice4
brew install -v --fresh automake autoconf libtool wget libimobiledevice
brew install -v --HEAD --fresh --build-from-source ideviceinstaller

 

Supported Platforms:

  • Workstation: Works on both Kali and OSX
  • Device: iOS 8 & iOS 9 are supported

How to use:

Usage instructions can be found in the project Wiki .
A complete walk through on how to quickly get up to speed with Needle can be found on the MWR Labs website:https://labs.mwrinfosecurity.com/blog/needle-how-to/

 

Download now: needle

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply