Inspect is a certificate inspector for iPhone and iPad. This repository is the modern rewrite of the app, built with Swift 6, SwiftUI, Swift Package Manager, and XcodeGen.
The current codebase replaces the older UIKit/OpenSSL-style stack with a package-first architecture that uses Apple's platform trust engine, URLSession, and native Security APIs to inspect live HTTPS connections.
- Inspect a host name or HTTPS URL directly in the app.
- Open Inspect from the share sheet on a page in Safari.
- Capture the presented trust chain from a live TLS handshake.
- Decode X.509 certificate fields including SANs, EKUs, key usage, AIA, SKI/AKI, policies, fingerprints, and public key details.
- Surface security findings for trust failures, hostname mismatch, expired certificates, weak crypto, suspicious CA usage, and common interception products.
- Export DER certificates from the chain.
The project is split into a small iOS shell and a local Swift package:
App/: the main iOS application target.Extension/: the action/share extension entry point.Packages/InspectCore/Sources/Core/: TLS capture, URL normalization, certificate parsing, data models, and security analysis.Packages/InspectCore/Sources/Feature/: SwiftUI views, state, and theming shared by the app and extension.Packages/InspectCore/Tests/CoreTests/: parser and security analysis tests built with Swift Testing.project.yml: XcodeGen source of truth for the Xcode project.
This repository reflects a full rewrite around current Apple platform APIs and modern Swift conventions:
- SwiftUI for the app UI and extension UI.
- Swift Package Manager for the shared app logic.
- Swift 6 language mode.
- Swift Testing for package tests.
swift-certificates,swift-asn1, andswift-cryptofor X.509 parsing and test fixtures.- Native
SecurityandURLSessionintegration for trust evaluation and chain capture.
- Xcode 16 or newer
- iOS 18 SDK
- XcodeGen
- xcbeautify
Generate the Xcode project:
xcodegen generateInspect.xcodeproj is generated from project.yml and is not intended to be committed.
Open the project:
open Inspect.xcodeprojRun the package tests:
cd Packages/InspectCore
swift testBuild the app from the command line:
xcodebuild -scheme Inspect -project Inspect.xcodeproj -destination 'generic/platform=iOS Simulator' buildFor readable xcodebuild output in this repo, prefer piping through xcbeautify.
This repo includes a just testflight flow that archives the app, exports an IPA, and uploads it with asc.
One-time setup:
cp Configs/LocalOverrides.xcconfig.example Configs/LocalOverrides.xcconfig
cp .env.example .env
asc auth login \
--name "Inspect" \
--key-id "ABC123XYZ" \
--issuer-id "00000000-0000-0000-0000-000000000000" \
--private-key /path/to/AuthKey_ABC123XYZ.p8Then update .env. ASC_APP_ID, APP_STORE_CONNECT_KEY_ID, APP_STORE_CONNECT_ISSUER_ID, and APP_STORE_CONNECT_KEY_PATH are required. If you also set TESTFLIGHT_GROUP, the command will distribute the processed build to that group after upload.
Run the full flow:
just testflightUseful variants:
just testflight-build
just testflight-dry-run
just app-store-screenshotsNotes:
just testflightregeneratesInspect.xcodeprojwith XcodeGen before archiving.- The archive/export flow uses automatic signing and
-allowProvisioningUpdatesby default. SetTESTFLIGHT_ALLOW_PROVISIONING_UPDATES=falsein.envif you do not want that behavior. - Set
TESTFLIGHT_BUILD_NUMBERin.envwhen you need to overrideCURRENT_PROJECT_VERSIONfor an upload. just testflight-buildstops after producing an IPA inbuild/testflight/export/.
This repo includes scripts/app_store_screenshots.sh to capture current App Store screenshots from Simulator using a launch-only screenshot mode built into the app.
Capture fresh screenshots locally:
just app-store-screenshotsThat writes iPhone and iPad assets under build/app-store-screenshots/output/.
To upload them to an App Store version localization:
./scripts/app_store_screenshots.sh upload <VERSION_LOCALIZATION_ID>Or capture and upload in one pass:
./scripts/app_store_screenshots.sh capture-upload <VERSION_LOCALIZATION_ID>Inspect is actively maintained in its rewritten SwiftUI/SPM form. If you are looking at older screenshots, implementation notes, or legacy code references, they likely predate this rewrite.