Needle 是一个开源、模块化的框架,用来测试和评估 iOS 应用的安全性。Needle 需要在 iPhone 手机上安装一个代理程序,该程序要求必须是越狱的 iOS 系统。
启动:
$ python needle.py __ _ _______ _______ ______ ______ | \ | |______ |______ | \ | |______ | \_| |______ |______ |_____/ |_____ |______ Needle v1.0 [mwr.to/needle] [MWR InfoSecurity (@MWRLabs) - Marco Lancini (@LanciniMarco)] [needle] > help Commands (type [help|?] <topic>): --------------------------------- back exit info kill pull reload search shell show use exec_command help jobs load push resource set shell_local unset [needle] > show options Name Current Value Required Description ------------ ------------- -------- ----------- AGENT_PORT 4444 yes Port on which the Needle Agent is listening APP no Bundle ID of the target application (e.g., com.example.app). Leave empty to launch wizard DEBUG False yes Enable debugging output IP 127.0.0.1 yes IP address of the testing device (set to localhost to use USB) OUTPUT_FOLDER /root/.needle/output yes Full path of the output folder, where to store the output of the modules PASSWORD ****** yes SSH Password of the testing device PORT 2222 yes Port of the SSH agent on the testing device (needs to be != 22 to use USB) PUB_KEY_AUTH True yes Use public key auth to authenticate to the device. Key must be present in the ssh-agent if a SAVE_HISTORY True yes Persists command history across sessions SETUP_DEVICE False yes Set to true to enable auto-configuration of the device (installation of all the tools needed) USERNAME root yes SSH Username of the testing device VERBOSE True yes Enable verbose output [needle] >