Needle是一个开源、模块化的框架,用来测试和评估iOS应用的安全性。Needle需要在iPhone手机上安装一个代理程序,该程序要求必须是越狱的iOS系统。
启动:
$ python needle.py __ _ _______ _______ ______ ______ | \ | |______ |______ | \ | |______ | \_| |______ |______ |_____/ |_____ |______ Needle v1.0 [mwr.to/needle] [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)][needle] > helpCommands (type [help|?] <topic>):---------------------------------back exit info kill pull reload search shell show useexec_command help jobs load push resource set shell_local unset[needle] > show optionsName Current Value Required Description------------ ------------- -------- -----------AGENT_PORT 4444 yes Port on which the Needle Agent is listeningAPP no Bundle ID of the target application (e.g., com.example.app). Leave empty to launch wizardDEBUG False yes Enable debugging outputIP 127.0.0.1 yes IP address of the testing device (set to localhost to use USB)OUTPUT_FOLDER /root/.needle/output yes Full path of the output folder, where to store the output of the modulesPASSWORD ****** yes SSH Password of the testing devicePORT 2222 yes Port of the SSH agent on the testing device (needs to be != 22 to use USB)PUB_KEY_AUTH True yes Use public key auth to authenticate to the device. Key must be present in the ssh-agent if a SAVE_HISTORY True yes Persists command history across sessionsSETUP_DEVICE False yes Set to true to enable auto-configuration of the device (installation of all the tools needed)USERNAME root yes SSH Username of the testing deviceVERBOSE True yes Enable verbose output[needle] >
评论