Warning: fopen(/home/seclistu/public_html/wp-content/iosec_admin/banlisttemp): failed to open stream: Permission denied in /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php on line 273

Warning: fopen(/home/seclistu/public_html/wp-content/iosec_admin/banlist): failed to open stream: Permission denied in /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php on line 277

Warning: fopen(/home/seclistu/public_html/wp-content/iosec_admin/ips): failed to open stream: Permission denied in /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php on line 281

Warning: Cannot modify header information - headers already sent by (output started at /home/seclistu/public_html/wp-content/plugins/iosec-anti-flood-security-gateway-module/iosec.php:273) in /home/seclistu/public_html/wp-includes/feed-rss2.php on line 8
iOS – Security List Network™ http://seclist.us Wed, 25 Apr 2018 22:10:46 +0000 en-US hourly 1 roxysploit is a community-supported, open-source and penetration testing suite. http://seclist.us/roxysploit-is-a-community-supported-open-source-and-penetration-testing-suite.html Mon, 22 Jan 2018 16:24:39 +0000 http://seclist.us/?p=16344 Legal Disclamer:
The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law.

roxysploit is a community-supported, open-source and penetration testing suite that supports attacks for numerous scenarios. conducting attacks in the field.

roxysploit

Plugins in roxysploit:
+ Scan is a automated Information gathering plugin it gives the user the ability to have a rest while the best Information gathering plugin can be executed.
+ Jailpwn is a useful plugin for any iphone device that has been jailbroken it will attempt to login to the ssh using its default password giving you a full shell.
+ Eternalblue is a recent plugin we added it Exploits a vulnerability on SMBv1/SMBv2 protocols these were collected from the nsa cyberweapons.
+ Internalroute Exploits multiple vulnerabilities in routers this can become very useful such as hotel wifi’s.
+ Aurora this is a old plugin that can become very useful for pen-testers it exploits Internet Explorer 6 URL vulnerability.
+ Doublepulsar is giving you the ability to Remotely inject a malicious dll backdoor into a windows computer.
+ Kodi is a fantastic movie streaming platform but however it runs on linux we have Created a malicious addon(backdoor) via kodi.tv
+ Bleed uses a mass vulnerability check on finding any SSL Vulnerabilities.
+ Tresspass is a way of managing your php backdoor and gaining shell or even doing single commands it requires password authentication stopping any lurker.
+ Handler is commonly used to create a listener on a port.
+ Poppy is a mitm plugin allowing you to Arp spoof and sniff unencrypted passwords on all protocals such as ftp and http.
+ Redcarpet is a nice plugin keeping you safe from malicious hackers this will Encrypt a user directory.
+ Picklock is a local bruteforce plugin that you can Picklock/bruteforce Mulitple devices Pincodes such as android usb debugging.
+ Passby can load a usb to steal all credentials from a windows computer in seconds.
+ Dnsspoof is common for man in the middle attacks, it can redirect any http requests to your dns.
+ Smartremote this is more of a funny remote exploit you can Take over a smart tv’s remote control without authentication.
+ Blueborne is a recent Bluetooth memory leak all devices even cars.
+ Credswipe you have to have a card reader to clone them.
+ Rfpwn suitable device to bruteforce a special AM OOK or raw binary signal.
+ Ftpbrute Brute-force attack an ftp(file transfer protocol) server Wifijammer you can Deauth wifi networks around your area, meaning disconnecting all users connected to the network.

What operating systems support roxysploit?
– All Linux distros are currently supported

Usage:

git clone https://github.com/Eitenne/roxysploit && cd roxysploit
chmod +x install
sudo ./install
sudo rscf

Source: https://github.com/Eitenne

]]>
idb v2.10.0 – iOS App Security Assessment Tool and research. http://seclist.us/idb-v2-10-0-ios-app-security-assessment-tool-and-research.html Sat, 02 Sep 2017 15:42:50 +0000 http://seclist.us/?p=15345 Changelog idb v2.10.0:
+ iOS 10 support

idb is a tool to simplify some common tasks for iOS app security assessments and research. idb had the ability to dump the keychain of a jailbroken iDevice. So far, idb has been using the keychain_dump utility which is part of the iphone-dataprotection forensics tools to accomplish this. However, this tool has some major limitations in that it does not support the new data protection classes introduced in recent iOS versions, lacks support for Keychain ACLs, and is a pure ‘dump’ utility without editing capabilities.

idb

idb Running On Ubuntu 14.0.4 Produce Machine

Features:
* Assessment Setup
++ SSH port forwarding
++ Installation of helper utilities

* App Information
++ Bundle information
++ Registered URL Schemes
++ Platform and SDK Versions
++ Data folder location
++ Entitlements

* Data Storage
++ List plist files and data protection class
++ List sqlite files and data protection class
++ List Cache.db files and data protection class
++ Full app file system browser
+-+ Browse files
+-+ Download/view files
+-+ Check data protection
+-+ Rsync folders and keep git revisions
++ Dump iOS keychain

* Binary Analysis
++ Check for encryption
++ Check for protections (ASLR/PIE, DEP, ARC)
++ List shared libraries
++ Extract strings in app binary
++ Dump class and method signatures

* IPC
++ List URL handlers
++ Invoke and fuzz URL handlers

* Other Tools
++ Check for iOS backgrounding screenshot
++ Install certificates
++ Edit /etc/hosts file

Usage and Download:

First Install dependencies:
For OSX:
brew install qt cmake usbmuxd libimobiledevice
 
For Debian/Ubuntu & Kali:
sudo apt-get install cmake libqt4-dev git-core libimobiledevice-utils libplist-utils usbmuxd libxml2-dev libsqlite3-dev -y
 
idb requires a valid ruby 2.4.1 installation and it is recommended to install the used ruby using https://rvm.io/
rvm install 2.4.1 --enable-shared
git clone https://github.com/dmayer/idb && cd idb
bundle install
 
For production Machine:
gem install idb
idb
 
To update to the newest version:
gem update idb

Source: https://github.com/dmayer | Our Post Before

]]>
nfi is an open source application for analysis of mobile device artifact. http://seclist.us/nfi-is-an-open-source-application-for-analysis-of-mobile-device-artifact.html Fri, 18 Aug 2017 14:25:58 +0000 http://seclist.us/?p=15215 Nyuki Forensics Investigator(NFI) is an open source application, that aims to provide a user friendly interface for the analysis of mobile device artefacts, that exist on Smartphone devices running the Android and iOS Operating System. It can be used to extract specific and aggregated information from individual applications and system files using a simple modular architecture, which is capable of accommodating any changes to individual artefacts.

Nyuki Forensics Investigator can be used by forensic analysts or mobile application penetration testers to analyze the contents of individual applications or global databases for information that can reveal user actions or internal application structures.

nfi(Nyuki Forensics Investigator)

Nyuki Forensics Investigator was initially developed during an Android application penetration test in our spare time. It later grew into platform that students could use during the Mobile Forensic Bee™ course offered by Silensec (read more). Finally, it was decided that the application could become something more than a training assistant and thus we began developing what would later be called the Nyuki Forensics Investigator.

Dependencies:
+ Python 2.7.x
+ cherrypy, python-magic, biplist, mako python module.

Use:

git clone https://github.com/georgenicolaou/nfi && cd nfi
pip install cherrypy python-magic biplist mako

./nfi.py -h

Source: https://github.com/georgenicolaou

]]>
objection is a runtime mobile exploration toolkit. http://seclist.us/objection-is-a-runtime-mobile-exploration-toolkit.html Fri, 21 Jul 2017 23:57:33 +0000 http://seclist.us/?p=14994 objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.

The project’s name quite literally explains the approach as well, whereby runtime specific objects are injected into a running process and executed using Frida.
Note This is not some form of jailbreak / root bypass. By using objection, you are still limited by all of the restrictions imposed by the applicable sandbox you are facing.

objection v0.1.1

Features
For iOS, objection allows you to:
+ Interact with the iOS filesystem, listing entries as well as upload & download files where permitted.
+ Perform various memory related tasks, such as listing loaded modules and their respective exports.
+ Dump the iOS keychain, and export it to a file.
+ Attempt to bypass and simulate Jailbreak detections.
+ Perform common SSL pinning bypasses.
+ Dump data from NSUserDefaults and the shared NSHTTPCookieStorage.
+ Dynamically dump arguments from methods called as you use the target application.
+ Dump various formats of information in human readable forms.
+ Bypass certain forms of TouchID restrictions.
+ Execute custom Frida scripts.

Usage and Install:

git clone https://github.com/sensepost/objection && cd objection
sudo pip3 install -r requirements.txt
sudo python3 setup.py install
objection --help

or install using pypi
pip3 install objection

Source: https://github.com/sensepost

]]>
needle v1.1.0 – The iOS Security Testing Framework. http://seclist.us/needle-v1-1-0-the-ios-security-testing-framework.html Fri, 05 May 2017 21:25:31 +0000 http://seclist.us/?p=14193 Changelog needle v1.1.0 – 2017-05-05:
* Added
– [CORE] Issue Auto-Detection: modules will now automatically detect and keep track of issues in the target app. All the issues are going to be stored in the issues.db SQLite database, contained in the chosen output directory. Every issue will hold the following attributes: app, module, name, content, confidence level (‘HIGH’, ‘MEDIUM’, ‘INVESTIGATE’, ‘INFORMATIONAL’), outfile
– [CORE] New commands: issues (list all the issues identified), add_issue (manually add an issue to the collection)
– [CORE] Frida Attach or Spawn: added option in Frida modules to either attach to or spawn a process
– [CORE] New global option: skip_output_folder_check. It allows to skip the check that ensures the output folder does not already contain other files
– [MODULE] Created the device category
– [MODULE] Dependency Installer (device/dependency_installer)
– [MODULE] MDM Effective User Settings (mdm/effective_user_settings) [from @osimonnet]

* Fixed
– [CORE] Moved installation of dependencies to its own module (device/dependency_installer)
– [CORE] Frida support for 32bit devices
– [CORE] Automatic reconnection if SSH/Agent connection drops (Retry decorator)
– [CORE] Re-introduce support for ipainstaller (iOS<10)
– [MODULE] Compatibility of modules requiring app decryption (iOS 10)

* Removed
– [CORE] SETUP_DEVICE global option, in favour of device/dependency_installer

needle v1.1.0

needle v1.0.0

needle v0.0.4

needle v0.0.4

Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.

needle

Needle v0.0.3

Needle has been successfully tested on both Kali and OSX.

Usage & Download from git:

git clone https://github.com/mwrlabs/needle.git && cd needle
cd needle

Kali 2.0 and Rolling:
# Unix packages
sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 libimobiledevice4 libimobiledevice-utils lib32ncurses5-dev

# Python packages
sudo pip install readline
sudo pip install paramiko
sudo pip install sshtunnel
sudo pip install frida
sudo pip install mitmproxy
sudo pip install biplist

Macintosh/OSX:
# Core dependencies
brew install python
brew install libxml2
xcode-select --install

# Python packages
sudo -H pip install --upgrade --user readline
sudo -H pip install --upgrade --user paramiko
sudo -H pip install --upgrade --user sshtunnel
sudo -H pip install --upgrade --user frida
sudo -H pip install --upgrade --user biplist

# sshpass
brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

# mitmproxy
wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz
tar -xvzf mitmproxy-0.17.1-osx.tar.gz
sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/

# libimobiledevice4
brew install -v --fresh automake autoconf libtool wget libimobiledevice
brew install -v --HEAD --fresh --build-from-source ideviceinstaller

Upgrade:
git pull origin master

Download: v1.1.0.zip  | v1.1.0.tar.gz
Source: https://github.com/mwrlabs | Our Post Before

]]>
needle v1.0.0 – The iOS Security Testing Framework. http://seclist.us/needle-v1-0-0-the-ios-security-testing-framework.html Fri, 10 Mar 2017 23:21:58 +0000 http://seclist.us/?p=13746 Changelog needle v1.0.0:
* Added
– [AGENT] Released Needle Agent
– [CORE] iOS 10 Support
– [CORE] Overhaul of the Core
– [CORE] Possibility to disable modules if running incompatible version of iOS
– [MODULE] Simple CLI Client (various/agent_client)
– [MODULE] Frida Jailbreak Detection Bypass (dynamic/detection/script_jailbreak-detection-bypass.py) [from @HenryHoggard]
– [MODULE] Frida Touch Id Bypass (hooking/frida/script_touch-id-bypass) [from @HenryHoggard]
– [SUPPORT] Updated documentation

* Fixed
+ [MODULE] Fix storage/data/keychain_dump_frida ACL Parsing [from @bernard-wagner]
+ [MODULE] Frida modules spawn app with Frida instead of UIOpen [from @HenryHoggard]
+ [MODULE] Frida enumerate methods performance enhancement [from @HenryHoggard]

* Removed
– [CORE] Dependencies superseded by the Needle Agent

needle v1.0.0

needle v0.0.4

needle v0.0.4

Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.

needle

Needle v0.0.3

Needle has been successfully tested on both Kali and OSX.

Usage & Download from git:

git clone https://github.com/mwrlabs/needle.git && cd needle
cd needle

Kali 2.0 and Rolling:
# Unix packages
sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 libimobiledevice4 libimobiledevice-utils lib32ncurses5-dev

# Python packages
sudo pip install readline
sudo pip install paramiko
sudo pip install sshtunnel
sudo pip install frida
sudo pip install mitmproxy
sudo pip install biplist

Macintosh/OSX:
# Core dependencies
brew install python
brew install libxml2
xcode-select --install

# Python packages
sudo -H pip install --upgrade --user readline
sudo -H pip install --upgrade --user paramiko
sudo -H pip install --upgrade --user sshtunnel
sudo -H pip install --upgrade --user frida
sudo -H pip install --upgrade --user biplist

# sshpass
brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

# mitmproxy
wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz
tar -xvzf mitmproxy-0.17.1-osx.tar.gz
sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/

# libimobiledevice4
brew install -v --fresh automake autoconf libtool wget libimobiledevice
brew install -v --HEAD --fresh --build-from-source ideviceinstaller

Upgrade:
git pull origin master

Download: v1.0.0.zip  | v1.0.0.tar.gz
Source: https://github.com/mwrlabs | Our Post Before

]]>
Mobile Security Framework – MobSF v0.9.4.1 Beta. http://seclist.us/mobile-security-framework-mobsf-v0-9-4-1-beta.html Sat, 25 Feb 2017 12:22:44 +0000 http://seclist.us/?p=13578 Changelog Mobile Security Framework MobSF v0.9.4 to v0.9.4.1 Beta:
+ Features or Enhancements
– Restructured iOS Code

+ Bug Fixes
– USE_HOME Bug Fix (Major)

Changelog v0.9.4 Beta :
+ Features or Enhancements
– Android Binary/ELF Analysis and Resource Analysis
– Android App Static Analysis: Tapjacking Detection
– Android App Static Analysis: Better Exported Component Analysis
– iOS App Static Analysis: Listing App Permissions
– iOS App Static Analysis: ATS Check
– Better and Faster PDF Generation
– Updated Dependencies
– Optimised DB Interactions
– Unit Tests for Static Analyzer, PDF Report Generation

Mobile Security Framework v0.9.4 Beta gui

+ Bug Fixes
– Windows App Static Analyzer Bug Fix
– Fixed all PDF Related Bugs
– Windows App Static Analyzer: BinScope Bug Fix
– iOS App Static Analysis: Plist Bug Fix

mobsf webgui

mobsf webgui

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile Applications and supports both binaries (APK, IPA & APPX ) and zipped source code. MobSF can also perform Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.

mobsf runserver

mobsf runserver

Download and build from source:

git clone https://github.com/ajinabraham/Mobile-Security-Framework-MobSF && cd Mobile-Security-Framework-MobSF
pip install -r requirements.txt
python manage.py runserver
Open browser http://127.0.0.0 8000

Upgrade:
git pull

Downloads : Source code(zip)  | Source code(tar.gz) | Our Post Before
Source: http://opensecurity.in/ | https://github.com/ajinabraham

]]>
ios-triage ~ incident response tool for iOS devices. http://seclist.us/ios-triage-incident-response-tool-for-ios-devices.html Tue, 14 Feb 2017 02:07:30 +0000 http://seclist.us/?p=13474 ios-triage is a Node.js cli for iOS incident response. Program will extract, process and report (including diffs) on iOS device and app telemetry.
When you run ios-triage, there are three primary steps:
+ extract
ios-triage will automatically create a directory with the device UDID and then a timestamp (epoch in ms) for each extraction. This allows you to collect telemetry over time and perform diffs. A good example would be if an individual is travelling overseas and might be a targeted. You could image the device prior to the trip and after to then compare the available device telemetry.

Node.js cli for iOS incident response.

+ process
To process the device extraction, you have to point ios-triage at the top-level extraction directory structure is /. An example would be:

node index.js process dc9363415e5fbf18ea8277986f3b693cf01827aa/1486829681725/

+ report
To produce an analyst report, you simple direct ios-triage at the top-level extraction directory:

node index.js report dc9363415e5fbf18ea8277986f3b693cf01827aa/1486829681725/

Dependencies:
+ Node JS v7.x
+ Linux and MAC OSX Operating System.

Usage:

git clone https://github.com/ahoog42/ios-triage && cd ios-triage
npm install
npm link (for create symlink, need privilege access/root user)
node index.js --help

Source: https://github.com/ahoog42

]]>
EggShell – iOS and OS X Surveillance Tool. http://seclist.us/eggshell-ios-and-os-x-surveillance-tool.html Thu, 09 Feb 2017 21:27:15 +0000 http://seclist.us/?p=13425 EggShell (formerly known as NeonEggShell) is an iOS and OS X surveillance tool written in python. This tool creates an command line session with extra functionality like downloading files, taking pictures, location tracking, and gathering data on a target. Communication between server and target is encrypted with a random 128 bit AES key. EggShell also has the functionality to switch between and handle multiple targets. This is a proof of concept project, intended for use on machines you own.

iOS Commands:
+ ls : list contents of directory
+ cd : change directories
+ rm : delete file
+ pwd : get current directory
+ download : download file
+ frontcam : take picture through front camera
+ backcam : take picture through back camera
+ getpid : get process id
+ vibrate : make device vibrate
+ alert : make alert show up on device
+ say : make device speak
+ locate : get device location
+ respring : respring device
+ setvol : set mediaplayer volume
+ getvol : view mediaplayer volume
+ isplaying : view mediaplayer info
+ openurl : open url on device
+ dial : dial number on device
+ listapps : list bundle identifiers
+ open : open app
+ persistence : installs LaunchDaemon – tries to connect every 30 seconds
+ rmpersistence : uninstalls LaunchDaemon
+ open : open app

OS X Commands:
+ ls : list contents of directory
+ cd : change directories
+ rm : delete file
+ pwd : get current directory
+ download : download file
+ picture : take picture through iSight camera
+ getpid : get process id
+ openurl : open url through the default browser
+ idletime : get the amount of time since the keyboard/cursor were touched
+ getpaste : get pasteboard contents
+ mic : record microphone
+ brightness : adjust screen brightness
+ getfacebook : retrieve facebook cookies from safari
+ exec : execute command
+ encrypt : encrypt file
+ decrypt : decrypt file
+ persistence : attempts to connect back every 60 seconds
+ rmpersistence : removes persistence

Latest Change v2.0.5 9/2/2017:
+ fixed espro dylib path, fixed home, doublehome, getpasscode, and unlock commands for iOS 10

Usage and install from source:

git clone https://github.com/neoneggplant/EggShell && cd EggShell
easy_install pycrypto
cd EggShell
python eggshell.py

Update:
git pull

Source: https://github.com/neoneggplant

]]>
iOS Security Audit Toolkit and Reverse Engineering – iOSSecAudit v2.0. http://seclist.us/ios-security-audit-toolkit-and-reverse-engineering-iossecaudit-v2-0.html Mon, 12 Dec 2016 10:25:10 +0000 http://seclist.us/?p=12814 iOSSecAudit is python script for iOS App security auditing tools and iOS reverse engineering.

With Function:
+ abr: application binary cookie reader.
+ ab: analyze binary and print result.
+ aca: import cert to device.
+ br: binary cookie reader.
+ cipa: crack ipas in path and save decrypted ipa in path.
+ clche: clear local cache files.
+ clzdp: class dump an application.
+ cycript: run a cycript file in an application.
+ fus: fuzz url schema.
+ gdb: grep pattern in a db file.
+ ssh: connect to device with ssh.
+ usb: ssh device over usb(Max OS X support only).
+ sd: show application detail.
+ etc…

iOSSecAudit

Requirement:
+ Mac OS X, Debian 8, Ubuntu 14.04.5

Dependencies:
+ python2.7.x
+ Paramiko, Prettytable, Numpy Python Module.

device env prepare
– jailbreak iOS device
– install cycript in Cydia
Usage and download from source:

sudo easy_install pip
sudo pip install paramiko
easy_install prettytable or easy_install -U prettytable
xcode-select --install, select install, then "agre..."
"brew install libimobiledevice", if don't have homebrew ,install it first: "ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" < /dev/null 2> /dev/null"
git clone https://github.com/alibaba/iOSSecAudit.git && cd iOSSecAudit
cd /path/to/iOSSecAudit, "python main.py"

Source: https://github.com/alibaba

]]>
idb v2.9.1 – iOS App Security Assessment Tool and research. http://seclist.us/idb-v2-9-1-ios-app-security-assessment-tool-and-research.html Thu, 24 Nov 2016 09:52:36 +0000 http://seclist.us/?p=12612 Roadmap and Changelog idb v2.9.1:
+ adding pry-byebug as build dep
+ liv; version bump
idb v2.9.0:
+ excluding ABC cop for lib/gui directory

idb start console

idb start console

idb is a tool to simplify some common tasks for iOS app security assessments and research. idb had the ability to dump the keychain of a jailbroken iDevice. So far, idb has been using the keychain_dump utility which is part of the iphone-dataprotection forensics tools to accomplish this. However, this tool has some major limitations in that it does not support the new data protection classes introduced in recent iOS versions, lacks support for Keychain ACLs, and is a pure ‘dump’ utility without editing capabilities.
keep it up For Learn right?
Idb has been tested on Kali 2.0, Rolling 2016.1, Ubuntu 14.04 & Mac OSX

idb

idb Running On Ubuntu 14.04 Production Machine

Features:
* Assessment Setup
++ SSH port forwarding
++ Installation of helper utilities

* App Information
++ Bundle information
++ Registered URL Schemes
++ Platform and SDK Versions
++ Data folder location
++ Entitlements

* Data Storage
++ List plist files and data protection class
++ List sqlite files and data protection class
++ List Cache.db files and data protection class
++ Full app file system browser
+-+ Browse files
+-+ Download/view files
+-+ Check data protection
+-+ Rsync folders and keep git revisions
++ Dump iOS keychain

* Binary Analysis
++ Check for encryption
++ Check for protections (ASLR/PIE, DEP, ARC)
++ List shared libraries
++ Extract strings in app binary
++ Dump class and method signatures

* IPC
++ List URL handlers
++ Invoke and fuzz URL handlers

* Other Tools
++ Check for iOS backgrounding screenshot
++ Install certificates
++ Edit /etc/hosts file

console log

console log

Usage & Download:

First Install dependencies:
For OSX:
brew install qt cmake usbmuxd libimobiledevice

For Debian/Ubuntu & Kali:
sudo apt-get install cmake libqt4-dev git-core libimobiledevice-utils libplist-utils usbmuxd libxml2-dev libsqlite3-dev -y

idb requires a valid ruby 1.9.3 or 2.1 installation and it is recommended to install the used ruby using https://rvm.io/
rvm install 2.1 --enable-shared
git clone https://github.com/dmayer/idb && cd idb
bundle install

For production Machine:
gem install idb
idb

To update to the newest version:
gem update idb

Source: http://www.idbtool.com/ | https://github.com/dmayer | Download: v2.9.1.zip | v2.9.1.tar.gz | Before

]]>
Mobile Security Framework – MobSF v0.9.3 Beta. http://seclist.us/mobile-security-framework-mobsf-v0-9-3-beta.html Wed, 23 Nov 2016 09:38:29 +0000 http://seclist.us/?p=12594 Changelog MobSF v0.9.3-Beta:
* Features or Enhancements
++ Added Docker File
++ Clipboard Monitor for Android Dynamic Analysis
++ Windows APPX Static Analysis Support
++ Added Support for Kali Linux
++ Code Quality and Lintering
++ Partial PEP8 Formating, Code Refactoring and Restructuring
++ Imporved Static Analyzer Regex
++ Disabling Syntax Highlighter Edit mode
++ More MIME Type additions
++ Update File Upload Size to 100 MB
++ MobSFfy script to support commandline args
++ New strings.py tool for string extraction in iOS Apps.
++ Updated iOS Static Analysis ruleset.
++ Django Upgrade to 1.10
++ MobSF VM 0.3 Released

* Bug Fixes
++ Fixed Code Analyis Regex Error
++ Fixed iOS Binary Analyis and File Analysus PDF Generation bug
++ API Fuzzer Bug Fixes
++ SQLite3 Bug Fix
++ Fixed Bug when no code signing cert is present
++ Fixed Bug in xhtml2pdf
++ Dynamic Analysis Bug Fixes
++ Unicode Bug Fixes
++ Fixed MobSFy upload error
++ Fixed Variable redefining bug

* Security Fixes
++ Fixed Local File Inclusion casued due to incorrect regex

mobsf webgui

mobsf webgui

Mobile Security Framework (MobSF) is an intelligent, all-in-one open source mobile application (Android/iOS/Windows) automated pen-testing framework capable of performing static and dynamic analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile Applications and supports both binaries (APK, IPA & APPX ) and zipped source code. MobSF can also perform Web API Security testing with it’s API Fuzzer that can do Information Gathering, analyze Security Headers, identify Mobile API specific vulnerabilities like XXE, SSRF, Path Traversal, IDOR, and other logical issues related to Session and API Rate Limiting.

mobsf runserver

mobsf runserver

Download and build from source:

git clone https://github.com/ajinabraham/Mobile-Security-Framework-MobSF && cd Mobile-Security-Framework-MobSF
pip install -r requirements.txt
python manage.py runserver
Open browser http://127.0.0.0 8000

Upgrade:
git pull

Downloads : Source code(zip)  | Source code(tar.gz)
Source: http://opensecurity.in/ | https://github.com/ajinabraham

]]>