needle v1.1.0 - The iOS Security Testing Framework.

needle v1.1.0 – The iOS Security Testing Framework.

Changelog needle v1.1.0 – 2017-05-05:
* Added
– [CORE] Issue Auto-Detection: modules will now automatically detect and keep track of issues in the target app. All the issues are going to be stored in the issues.db SQLite database, contained in the chosen output directory. Every issue will hold the following attributes: app, module, name, content, confidence level (‘HIGH’, ‘MEDIUM’, ‘INVESTIGATE’, ‘INFORMATIONAL’), outfile
– [CORE] New commands: issues (list all the issues identified), add_issue (manually add an issue to the collection)
– [CORE] Frida Attach or Spawn: added option in Frida modules to either attach to or spawn a process
– [CORE] New global option: skip_output_folder_check. It allows to skip the check that ensures the output folder does not already contain other files
– [MODULE] Created the device category
– [MODULE] Dependency Installer (device/dependency_installer)
– [MODULE] MDM Effective User Settings (mdm/effective_user_settings) [from @osimonnet]

* Fixed
– [CORE] Moved installation of dependencies to its own module (device/dependency_installer)
– [CORE] Frida support for 32bit devices
– [CORE] Automatic reconnection if SSH/Agent connection drops (Retry decorator)
– [CORE] Re-introduce support for ipainstaller (iOS<10)
– [MODULE] Compatibility of modules requiring app decryption (iOS 10)

* Removed
– [CORE] SETUP_DEVICE global option, in favour of device/dependency_installer

needle v1.1.0

needle v1.0.0

needle v0.0.4

needle v0.0.4

Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.

needle

Needle v0.0.3

Needle has been successfully tested on both Kali and OSX.

Usage & Download from git:

Download: v1.1.0.zip  | v1.1.0.tar.gz
Source: https://github.com/mwrlabs | Our Post Before