needle: iOS Security Testing Framework
Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.
Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one-stop-shop’ for the majority of use cases, however, iOS does not have an equivalent.
Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals but also for developers looking to secure their code. A few examples of testing areas covered by Needle include data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.
Needle is open source software, maintained by MWR InfoSecurity.
- Jailbroken device
- Apt 0.7 Strict
- Needle Agent
Add the following repository to the Cydia Sources: http://mobiletools.mwrinfosecurity.com/cydia/
Search for NeedleAgent and install the package
- Open the
NeedleAgentapp on your device.
- Then, tap on
Listenin the top left corner and it will start listening on port
4444by default. This can be changed using the field in the top right.
Copyright (c) 2017, MWR InfoSecurity All rights reserved.