needle, is an open source, modular framework to streamline the process of conducting security assessments of iOS applications and acts as a central point from which to do so.
The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.
Needle is easily extensible and new modules can be added in the form of python scripts.
Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code.
Examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections.
The only requirement in order to run Needle effectively is a jailbroken device. Needle is open source software, maintained by MWR InfoSecurity .
git clone https://github.com/mwrlabs/needle.git
For Kali Linux:
# Unix packages sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 lib32ncurses5-dev # Python packages sudo pip install readline sudo pip install paramiko sudo pip install sshtunnel sudo pip install frida sudo pip install mitmproxy
For OS X
# Core dependencies brew install python brew install libxml2 xcode-select --install # Python packages sudo -H pip install --upgrade --user readline sudo -H pip install --upgrade --user paramiko sudo -H pip install --upgrade --user sshtunnel sudo -H pip install --upgrade --user frida # sshpass brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb # mitmproxy wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz tar -xvzf mitmproxy-0.17.1-osx.tar.gz sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/ # libimobiledevice4 brew install -v --fresh automake autoconf libtool wget libimobiledevice brew install -v --HEAD --fresh --build-from-source ideviceinstaller
- Workstation: Works on both Kali and OSX
- Device: iOS 8 & iOS 9 are supported
How to use:
Usage instructions can be found in the project Wiki .
A complete walk through on how to quickly get up to speed with Needle can be found on the MWR Labs website:https://labs.mwrinfosecurity.com/blog/needle-how-to/