List of all interesting iOS tools for security purpose

• itms-services Getting the IPA File from an OTA Distribution Link

npm install -g itms-services
itms-services -u "itms-services://?action=download-manifest&url=https://s3-ap-southeast-1.amazonaws.com/test-uat/manifest.plist" -o - > out.ipa

• ipainstaller. The IPA can also be directly installed on the iOS device via the command line with ipainstaller

• Keychain-Dumper

• frida-ios-dump Pull a decrypted IPA from a jailbroken device

• checkra1n

• unc0ver.dev

• idb

• idb-facebook. Tool for replacing WebDriverAgent.

• WebDriverAgent. Archive.

• imobax. The iOS Mobile Backup Xtractor.

• Clutch. Clutch is a high-speed iOS decryption tool. Clutch supports the iPhone, iPod Touch, and iPad as well as all iOS version, architecture types, and most binaries. Clutch is meant only for educational purposes and security research.

• ish. A project to get a Linux shell running on iOS, using usermode x86 emulation and syscall translation.

• plistutil

apt install libplist-utils
plistutil -i Info.plist -o Info_xml.plist

libimobiledevice

Requirements

sudo apt-get install \
 build-essential \
 checkinstall \
 git \
 autoconf \
 automake \
 libtool-bin \
    libzip-dev \
    libxml2-dev \
 libcurl4-openssl-dev \
    zlib1g-dev \
    libfuse-dev \
 libreadline-dev \
 libusb-1.0-0-dev \

sudo apt-get install \
 doxygen \
 cython

All modules are installed with the following commands (in the following order)

./autogen.sh
make
sudo make install
sudo ldconfig 

• usbmuxd A socket daemon to multiplex connections from and to iOS devices.

• libplist A small portable C library to handle Apple Property List files in binary or XML format.

• libusbmuxd A client library for applications to handle usbmux protocol connections with iOS devices.

• libimobiledevice A library to communicate with services on iOS devices using native protocols.

• ideviceinstaller A command-line application to manage apps and app archives on iOS devices.

• libideviceactivation A library to manage the activation process of Apple iOS devices.

• ifuse A fuse filesystem implementation to access the contents of iOS devices.

• libirecovery The libirecovery library allows communication with iBoot/iBSS of iOS devices via USB.

• idevicerestore A command-line application to restore firmware files to iOS devices.

• ios-app-signer This is an app for OS X that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.

nowsecure

• r2frida Radare2 and Frida better together.

• node-applesing NodeJS module and commandline utility for re-signing iOS applications (IPA files).

  npm install

• ipa-extract-info Extract the Info.plist from an IPA, in node.js and the browser!

ioscontrol

• ios-deploy Install and debug iOS apps from the command line. Designed to work on un-jailbroken devices (Requirement - MacOs)

• Ghidra
  • Ghidra-script
• Cutter
• Radare2

• Fastbot_iOS Fastbot is a model-based testing tool for modeling GUI transitions to discover app stability problems. It combines machine learning and reinforcement learning techniques to assist discovery in a more intelligent way.

• introspy-iOS Blackbox tool to help understand what an iOS application is doing at runtime and assist in the identification of potential security issues.

• iOS-Debug-Hacks

• objection objection is a runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.

• Grapefruit Grapefruit: Runtime Application Instruments for iOS.

• Frida-Mobile-Scripts Collection of useful FRIDA Mobile Scripts

• frida-ios-hook. A script that helps you trace classes, functions, and modify the return values of methods on iOS platform.

• iOS-Tagent. iOS-Tagent is a project based on facebook WebDriverAgent and intend to fit Airtest Project.

nowsecure

• fsmon FileSystem Monitor utility that runs on Linux, Android, iOS and OSX.

• frida-trace Trace APIs declaratively through Frida.

• frida-cycript This is a fork of [Cycript] 1 in which we replaced its runtime with a brand new runtime called [Mjølner] 3 powered by [Frida] 4. This enables frida-cycript to run on all the platforms and architectures maintained by [frida-core] 8.

• frida-screenshot Grab screenshots using Frida.

• RMS-Runtime-Mobile-Security

• MobSf

• AppSync. AppSync is a tweak that patches installd, allowing the installation of fake-signed IPA packages

• Cydia Impactor. This tool was originally created to jailbreak iPhones, but has been rewritten to sign and install IPA packages to iOS devices via sideloading.

• ios-frida-objection-cheat-sheet
• ios-Swift Anti-Jailbreak Bypass with Frida
• RE-iOS-Apps
• iOS-Bypass-Jailbreak
• Post-on-iOS-RE

• NCC-CON-2018
• awesome-mobile-ctf
• ios-ctf
• Walkthrough of an iOS CTF
• H1702 CTF
• frida-ios-jailbreak-bypass
• bypass-jailbreak-detection-ios