Skip to content
The iOS Security Testing Framework
Python
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.github Merge pull request #170 from mwrlabs/develop May 22, 2017
needle Revert "External sshpass command now supports complex passwords" Jul 26, 2018
.gitignore Update .gitignore Jul 12, 2017
CHANGELOG.md [V1.3.2] Update version and changelog Jul 13, 2017
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md Jun 15, 2017
LICENSE.md Create LICENSE.md Jun 15, 2017
README.md Update README.md Dec 26, 2017

README.md

Needle

Black Hat Arsenal Black Hat Arsenal

Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.

Description

Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like "drozer" that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

Needle is the MWR's iOS Security Testing Framework, released at Black Hat USA in August 2016. It is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.

The release of version 1.0.0 provided a major overhaul of its core and the introduction of a new native agent, written entirely in Objective-C. The new NeedleAgent is an open source iOS app complementary to Needle, that allows to programmatically perform tasks natively on the device, eliminating the need for third party tools. 

Needle has been presented at and used by workshops in various international conferences like Black Hat USA/EU, OWASP AppSec and DEEPSEC. It was also included by ToolsWatch in the shortlist for the Top Security Tools of 2016, and it is featured in the OWASP Mobile Testing Guide.

Needle is open source software, maintained by MWR InfoSecurity.

Installation

See the Installation Guide in the project Wiki for details.

Supported Platforms

  • Workstation: Needle has been successfully tested on both Kali and macOS
  • Device: iOS 8, 9, and 10 are currently supported

Usage

Usage instructions (for both standard users and contributors) can be found in the project Wiki.

License

Needle is released under a 3-clause BSD License. See the LICENSE file for full details.

Contact

For news and updates, follow @mwrneedle on Twitter and the MWR Mobile Tools blog.

Feel free to submit issues or ping us on Twitter - @mwrneedle, @lancinimarco

You can’t perform that action at this time.