Changelog needle v1.0.0:
* Added
– [AGENT] Released Needle Agent
– [CORE] iOS 10 Support
– [CORE] Overhaul of the Core
– [CORE] Possibility to disable modules if running incompatible version of iOS
– [MODULE] Simple CLI Client (various/agent_client)
– [MODULE] Frida Jailbreak Detection Bypass (dynamic/detection/script_jailbreak-detection-bypass.py) [from @HenryHoggard]
– [MODULE] Frida Touch Id Bypass (hooking/frida/script_touch-id-bypass) [from @HenryHoggard]
– [SUPPORT] Updated documentation
* Fixed
+ [MODULE] Fix storage/data/keychain_dump_frida ACL Parsing [from @bernard-wagner]
+ [MODULE] Frida modules spawn app with Frida instead of UIOpen [from @HenryHoggard]
+ [MODULE] Frida enumerate methods performance enhancement [from @HenryHoggard]
* Removed
– [CORE] Dependencies superseded by the Needle Agent
needle v1.0.0
needle v0.0.4
Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.
Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.
Needle v0.0.3
Needle has been successfully tested on both Kali and OSX.
Usage & Download from git:
git clone https://github.com/mwrlabs/needle.git && cd needle cd needle Kali 2.0 and Rolling: # Unix packages sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 libimobiledevice4 libimobiledevice-utils lib32ncurses5-dev # Python packages sudo pip install readline sudo pip install paramiko sudo pip install sshtunnel sudo pip install frida sudo pip install mitmproxy sudo pip install biplist Macintosh/OSX: # Core dependencies brew install python brew install libxml2 xcode-select --install # Python packages sudo -H pip install --upgrade --user readline sudo -H pip install --upgrade --user paramiko sudo -H pip install --upgrade --user sshtunnel sudo -H pip install --upgrade --user frida sudo -H pip install --upgrade --user biplist # sshpass brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb # mitmproxy wget https://github.com/mitmproxy/mitmproxy/releases/download/v0.17.1/mitmproxy-0.17.1-osx.tar.gz tar -xvzf mitmproxy-0.17.1-osx.tar.gz sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/ # libimobiledevice4 brew install -v --fresh automake autoconf libtool wget libimobiledevice brew install -v --HEAD --fresh --build-from-source ideviceinstaller Upgrade: git pull origin master
Download: v1.0.0.zip | v1.0.0.tar.gz
Source: https://github.com/mwrlabs | Our Post Before