Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.
Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one-stop-shop’ for the majority of use cases, however, iOS does not have an equivalent.
Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals but also for developers looking to secure their code. A few examples of testing areas covered by Needle include data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.
Needle is open source software, maintained by MWR InfoSecurity.
- Jailbroken device
- Apt 0.7 Strict
- Needle Agent
Add the following repository to the Cydia Sources: http://mobiletools.mwrinfosecurity.com/cydia/
Search for NeedleAgent and install the package
# Unix packages
sudo apt-get install python2.7 python2.7-dev sshpass sqlite3 lib32ncurses5-dev
# Python packages
sudo pip install readline paramiko sshtunnel frida mitmproxy biplist
# Core dependencies
brew install python
brew install libxml2
# Python packages
sudo -H pip install --upgrade --user readline
sudo -H pip install --upgrade --user paramiko
sudo -H pip install --upgrade --user sshtunnel
sudo -H pip install --upgrade --user frida
sudo -H pip install --upgrade --user biplist
brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb
tar -xvzf mitmproxy-0.17.1-osx.tar.gz
sudo cp mitmproxy-0.17.1-osx/mitm* /usr/local/bin/
git clone https://github.com/mwrlabs/needle.git
- Open the
NeedleAgent app on your device.
- Then, tap on
Listen in the top left corner and it will start listening on port
4444 by default. This can be changed using the field in the top right.
$ python needle.py
__ _ _______ _______ ______ ______
| \ | |______ |______ | \ | |______
| \_| |______ |______ |_____/ |_____ |______
Needle v1.0 [mwr.to/needle]
[MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)]
[needle] > help
Commands (type [help|?] <topic>):
back exit info kill pull reload search shell show use
exec_command help jobs load push resource set shell_local unset
[needle] > show options
Name Current Value Required Description
------------------------ ------------- -------- -----------
AGENT_PORT 4444 yes Port on which the Needle Agent is listening
APP no Bundle ID of the target application (e.g., com.example.app). Leave empty to launch wizard
DEBUG False yes Enable debugging output
HIDE_SYSTEM_APPS False yes If set to True, only 3rd party apps will be shown
IP 127.0.0.1 yes IP address of the testing device (set to localhost to use USB)
OUTPUT_FOLDER /root/.needle/output yes Full path of the output folder, where to store the output of the modules
PASSWORD ******** yes SSH Password of the testing device
PORT 2222 yes Port of the SSH agent on the testing device (needs to be != 22 to use USB)
PUB_KEY_AUTH True yes Use public key auth to authenticate to the device. Key must be present in the ssh-agent if a passphrase is used
SAVE_HISTORY True yes Persists command history across sessions
SKIP_OUTPUT_FOLDER_CHECK False no Skip the check that ensures the output folder does not already contain other files. It will automatically overwrite any file
USERNAME root yes SSH Username of the testing device
VERBOSE True yes Enable verbose output
Copyright (c) 2017, MWR InfoSecurity All rights reserved.