1675088100
iOS: Most Usable tools for iOS Penetration Testing
iOS/macOS penetration testing cheatsheet
| Action | macOS | Linux | Win | iOS w/JB |
|---|---|---|---|---|
MobSF | MobSF | MobSF | MobSF | --- |
Plist view | plutil or Xcode | apt-get install libplist-utils | Plist Viewer | plutil |
Ghidra | Ghidra | Ghidra | Ghidra | --- |
Frida | Frida | Frida | Frida | --- |
Awesome Frida | Awesome Frida | --- | --- | Awesome Frida |
Objection | Objection | Objection | Objection | Objection |
Needle | Needle | Needle | --- | --- |
Keychain dumper | Keychain dumper | --- | --- | Keychain dumper |
iOS URL Schemes | iOS URL Schemes | --- | --- | iOS URL Schemes |
Debug Hacks | Debug Hacks | --- | --- | --- |
SandBox Dumper | SandBox Dumper | --- | --- | --- |
PassionFruit | PassionFruit | PassionFruit | --- | --- |
iPhoneTunnel | iPhoneTunnel | --- | iPhoneTunnel | --- |
iRET | iRET | --- | --- | --- |
idb | idb | idb | --- | --- |
XSecurity | XSecurity | --- | --- | --- |
macOS Quick Look plugin for iOS & OSX developers
https://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for .ipa .app .appex .mobileprovision .provisionprofile
iOS / macOS obfuscation
https://github.com/obfuscator-llvm/obfuscator/wiki – ollvm
Static analyze
| Project/App | Swift | Objective-c |
|---|---|---|
| Swift Lint | + | - |
Jailbreak
| Jailbreak check |
|---|
| Jailbreak Chart |
| Can I Jailbreak? |
| Jailbreak list |
Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)
- Configure burp proxy on iOS device – Visit [your_proxy_adress]:[proxy_port]/mobileassistant.deb – Download file and install
- Via iFile
- Via ssh like `dpkg -i path/to/mobileassistant.deb
- Respring
- Launch Mobile Assistant
- Add app in bottom panel
- Turn-on switcher next to app
- Launch your app
- Congrats
More info here NB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)
AppSign / Rebuild / Resign / Inject / Useful tools
Download and decrypt
| Tool | Description | Link |
|---|---|---|
iFunBox | App | iFunBox |
Appdb | Download&resign .ipa | Appdb |
iphonecake | Download&resign .ipa | iphonecake |
4pda | Download&resign .ipa | 4pda |
iTunes w/app tab | iTunes 12.6.3.6 | Apple Support |
Download old version .ipa | Manual how-to | Lifehacker |
Extract data
| Tool | Description | Link |
|---|---|---|
Rasticrac | Jailbreak(+) | Rasticrac |
Clutch | Jailbreak(+) | Clutch |
bfinject | Jailbreak(+), iOS 11-12 | bfinject |
All in one (Inject > Repack > Resign > Upload)
Inject framework
| Tool | Description | Link |
|---|---|---|
CydiaSubstrate | Framework | Site & .deb file |
Reveal app | Project | Reveal app |
JSPatch | Framework | JSPatch |
FRAPL | Framework | FRAPL |
Frida Gadget | Framework | Frida Gadget |
Cycript | Framework | Frida+Cycript & Site |
Repack and resign binary
| Tool | Description | Link |
|---|---|---|
Node Resign | Xcode Project | Node Resign |
iOS App Signer | Xcode Project | iOS App Signer |
AppAddict | App | AppAddict |
Upload and run on device
| Tool | Description | Link |
|---|---|---|
iFunBox | App | iFunBox |
Impactor | App | Cydia Impactor |
IPA installer | Xcode Project | IPA installer |
Useful tools
| Tool | Description | Link |
|---|---|---|
Runtime Headers | Xcode Project | Runtime Headers |
SSL Killswitch 2 | Jailbreak(+) | SSL Killswitch 2 |
Theos | Project | Theos |
Dumpdecrypted | Project | Dumpdecrypted |
BundleID | Jailbreak(+) | BundleID |
IPSW | Download Firmware | IPSW |
Slides and articles and links
| Name | Link |
|---|---|
Malware wellbeing on iOS devices | Slides |
DVIA | Homepage |
Dynamic analysis of iOS apps w/o Jailbreak | Article En Article RU & Slides |
Ro(o)tten Apples Vulnerability Heaven in the iOS Sandbox | Slides |
Light and Dark side of Code Instrumentation | Slides |
Комбайны безопасности для iOS и Android | Slides |
Download Details:
Author: ansjdnakjdnajkd
Source Code: https://github.com/ansjdnakjdnajkd/iOS
License: Apache-2.0 license
#macos #swift #security #ios #apple
What is GEEK
Buddha Community
1598916060
Top 10 Automation Testing Tools: 2020 Edition
The demand for delivering quality software faster — or “Quality at Speed” — requires organizations to search for solutions in Agile, continuous integration (CI), and DevOps methodologies. Test automation is an essential part of these aspects. The latest World Quality Report 2018–2019 suggests that test automation is the biggest bottleneck to deliver “Quality at Speed,” as it is an enabler of successful Agile and DevOps adoption.
Test automation cannot be realized without good tools; as they determine how automation is performed and whether the benefits of automation can be delivered. Test automation tools is a crucial component in the DevOps toolchain. The current test automation trends have increased in applying artificial intelligence and machine learning (AI/ML) to offer advanced capabilities for test optimization, intelligent test generation, execution, and reporting. It will be worthwhile to understand which tools are best poised to take advantage of these trends.****
#automation-testing #automation-testing-tools #testing #testing-tools #selenium #open-source #test-automation #automated-testing
1623941220
Advance Web Penetration Testing Tool For Python
Features 🎭
Admin Panel Finder
Admin Scanner
Dork Generator
Advance Dork Finder
Extract Links
No Redirect
Hash Crack (Online-Database)
Hash Crack (Wordlist)
Whois Lookup
Tcp Port Scan
Geo IP Lookup
Reserve Analysts Search
Csrf Vernavility Checker
Dns-Lookup,Zone-Transfer,Reserve-IP-Lookup,Http-Headers,Subnet-Lookup
WordPress Username Finder
#testing #advance web penetration testing tool for python #python #advance web penetration #testing tool for python #web
1597564800
Top Security Penetration Testing Companies
Cybercrime is one of the world’s fastest-growing threats, with malicious actors constantly elaborating their methods of undetectable intrusion. According to Verizon’s Business 2020 Data Breach Investigations report, there has been a 100% increase in web app breaches, and stolen credentials were used in more than 80% of these cases. These statistics are worrying for many businesses that actively move their processes to the cloud and deal heavily with customers’ personal data.
Under these circumstances, companies need to run regular automated and manual tests to determine weak spots in their infrastructure, software, network and physical perimeter security. One of the most efficient testing methods is security penetration testing, or pentesting.
Pentesting is a benign hacking attempt, manual or automated, to break into the system and uncover its vulnerabilities before actual cyber criminals do it. This method is directed at testing the system security controls for their real-world effectiveness. It involves such stages as data collection, threat modeling, vulnerability scans, penetration tests, and so on.
To get proactive with their cyber security protection, many businesses cooperate with professional security testing companies that are able to comprehensively check the system, identify risks, fix vulnerabilities, and stay one step ahead of potential hackers.
The ranking criteria for security testing companies
When asking a professional software testing company to check your system’s security, in most cases you need to grant them access to sensitive information. For this reason, it’s important to choose a reliable company with an exceptional reputation, which will become your trusted partner.
Unsurprisingly, the market of security penetration testing companies is overwhelmingly crowded. To narrow down your search, we have analyzed hundreds of testing companies and compiled the list of top testing professionals. We have applied the following criteria:
- Pentesting expertise
- Portfolio
- Software QA experience
- Market penetration
- Online reviews
As a result, we’ve picked 30 skilled security testing companies and rated them accordingly.
1. a1qa
a1qa is a software testing company from Lakewood, CO, that has delivered over 1,500 successful projects and established 10 Centers of Excellence during their 17 years of operation. It has partnered with more than 500 companies, from smaller businesses to Fortune 500 giants. The company’s prominent customers include adidas, Kaspersky Lab, SAP, Yandex, Forex Club, and more.
a1qa specializes in delivering full-cycle QA and testing services, including comprehensive security penetration testing. Its expertise covers testing of web apps such as portals, ecommerce, media and e-learning platforms, games and online casinos, and line-of-business testing, such as CRM, collaboration, document management, and financial systems. The company also runs a specialized security testing lab.
2. QA Mentor
Founded in New York in 2010, QA Mentor has managed to establish a strong global presence with 12 testing centers around the world. Its team consists of 300 certified QA professionals that have successfully completed over 870 projects, including the ones for Amazon, eBay, Bosch, HTC, and more. The company offers more than 30 testing services, with cyber security penetration testing among them.
QA Mentor is recognized as a top software testing company by Clutch, GoodFirms, and Gartner.
3. UnderDefense
UnderDefense is a certified computer and network security company that was established in New York in 2016. It provides a wide range of testing services, with a special focus on security penetration testing. The company’s certified security testing team has performed hundreds of penetration tests, including compliance-specific tests, app and wireless network penetration testing, and social engineering security testing. UnderDefense has been repeatedly awarded by Clutch.
#testing #software-testing #security-testing #penetration-testing #top-software-testing-companies #software-testing-companies #good-company #code-quality
1621931381
Top 10 Mobile Performance Testing Tools
Challenge for brands: how to offer a seamless, fast, and user-friendly mobile experience?
App users have a low tolerance for slowness, with a reported 43% of users unhappy if they have to wait longer than three seconds for an app to load. ([App Samurai])
It’s not enough to ensure that your mobile app functions properly, but also to test how it behaves on different devices, under heavy user load, different network connections, etcetera. It’s equally important to test different metrics on both the client-side as well as the server-side. This is where finding the right tool or set of tools for mobile performance testing is essential.
After extensively researching, I’ve put together a list of top-rated mobile performance testing tools and provided an overview of each below.
#testing #load testing tool #testing tools #performance #mobile testing tools
1620183744
In-house Tool for Performance Testing
In the software development cycle, testing is one of the important criteria. There are many tools available in this space for testing such as Junit, Jmeter, manual, automation, and many performance testing tools. Some of these tools are third-party tools and have a cost-heavy license for the company to manage. For small start-up companies, these license costs can be unbearable. We analyze a tool to make the process easier and more cost effective.
About the Tool
The tool can have two parts. One part can be making a main interface web page where developers/testers can fill in the details and start testing. The other part can be the onboarding template page, where the team can onboard new applications, templates, and stacks so that it appears on the main interface page.
#performance testing #testing tool #performance test tools #testing