~/hackyfeed
> cat /dev/github | grep security-tools
discovered 30 Mar 2026

iOS

★ 1197 via github-topic
→ View on GitHub

AI Summary: The iOS/macOS penetration testing cheatsheet provides a curated list of tools and resources for conducting security assessments on iOS and macOS applications, including utilities for static analysis, obfuscation, and jailbreak checks. Notable features include links to tools such as MobSF, Frida, and Objection, facilitating the testing of application vulnerabilities across platforms. This repository serves as a comprehensive guide for security professionals looking to enhance their penetration testing workflows on Apple devices.

README

iOS/macOS penetration testing cheatsheet

ActionmacOSLinuxWiniOS w/JB
MobSFMobSFMobSFMobSF
Plist viewplutil or Xcodeapt-get install libplist-utilsPlist Viewerplutil
GhidraGhidraGhidraGhidra
FridaFridaFridaFrida
Awesome FridaAwesome FridaAwesome Frida
ObjectionObjectionObjectionObjectionObjection
NeedleNeedleNeedle
Keychain dumperKeychain dumperKeychain dumper
iOS URL SchemesiOS URL SchemesiOS URL Schemes
Debug HacksDebug Hacks
SandBox DumperSandBox Dumper
PassionFruitPassionFruitPassionFruit
iPhoneTunneliPhoneTunneliPhoneTunnel
iRETiRET
idbidbidb
XSecurityXSecurity

macOS Quick Look plugin for iOS & OSX developers

https://github.com/ealeksandrov/ProvisionQL – Generate amazing preview for .ipa .app .appex .mobileprovision .provisionprofile

iOS / macOS obfuscation

https://github.com/obfuscator-llvm/obfuscator/wiki – ollvm

Static analyze

Project/AppSwiftObjective-c
Swift Lint+-

Jailbreak

Jailbreak check
Jailbreak Chart
Can I Jailbreak?
Jailbreak list
Repos
http://cydia.iphonecake.com
http://apt.saurik.com/
http://repo.nesolabs.de/
https://build.frida.re/
http://appsec-labs.com/cydia/
http://cydia.zodttd.com/repo/cydia/
http://mobiletools.mwrinfosecurity.com/cydia/
http://repo666.ultrasn0w.com/
http://apt.thebigboss.org/repofiles/cydia/
http://cydia.radare.org/
http://apt.modmyi.com/
http://coolstar.org/publicrepo/
http://getdelta.co/ < Flex3 working
http://julioverne.github.io/
http://brunonfl.github.io/
http://apt.bingner.com/
http://repo.dynastic.co/
http://mcapollo.github.io/Public/
http://apt.hackcn.net/
http://repo.chariz.io/
http://cydia.ichitaso.com/
https://level3tjg.github.io < bfdecrypt (ios11/ios12)
http://ryleyangus.com/repo < Liberty Lite (beta) for JB bypas

Little h4ck for sslpinning bypass (help in some cases when sslkillswitch useless)

  • Configure burp proxy on iOS device – Visit [your_proxy_adress]:[proxy_port]/mobileassistant.deb – Download file and install
    • Via iFile
    • Via ssh like `dpkg -i path/to/mobileassistant.deb
  • Respring
  • Launch Mobile Assistant
  • Add app in bottom panel
  • Turn-on switcher next to app
  • Launch your app
  • Congrats

More info here NB! in some cases you may face with lack of libraries, do not replace anything manually in iOS, it may lead to infinity loop)

AppSign / Rebuild / Resign / Inject / Useful tools

Schema

Download and decrypt

ToolDescriptionLink
iFunBoxAppiFunBox
AppdbDownload&resign .ipaAppdb
iphonecakeDownload&resign .ipaiphonecake
4pdaDownload&resign .ipa4pda
iTunes w/app tabiTunes 12.6.3.6Apple Support
Download old version .ipaManual how-toLifehacker

Extract data

ToolDescriptionLink
RasticracJailbreak(+)Rasticrac
ClutchJailbreak(+)Clutch
bfinjectJailbreak(+), iOS 11-12bfinject

All in one (Inject > Repack > Resign > Upload)

ToolDescriptionLink
IPA PatchXcode ProjectIPA Patch
ResignXcode ProjectRegisn

Inject framework

ToolDescriptionLink
CydiaSubstrateFrameworkSite & .deb file
Reveal appProjectReveal app
JSPatchFrameworkJSPatch
FRAPLFrameworkFRAPL
Frida GadgetFrameworkFrida Gadget
CycriptFrameworkFrida+Cycript & Site

Repack and resign binary

ToolDescriptionLink
Node ResignXcode ProjectNode Resign
iOS App SignerXcode ProjectiOS App Signer
AppAddictAppAppAddict

Upload and run on device

ToolDescriptionLink
iFunBoxAppiFunBox
ImpactorAppCydia Impactor
IPA installerXcode ProjectIPA installer

Useful tools

ToolDescriptionLink
Runtime HeadersXcode ProjectRuntime Headers
SSL Killswitch 2Jailbreak(+)SSL Killswitch 2
TheosProjectTheos
DumpdecryptedProjectDumpdecrypted
BundleIDJailbreak(+)BundleID
IPSWDownload FirmwareIPSW
NameLink
Malware wellbeing on iOS devicesSlides
DVIAHomepage
iGoat-SwiftHomepage
iOS-CTFHomepage
Dynamic analysis of iOS apps w/o JailbreakArticle En Article RU & Slides
Ro(o)tten Apples Vulnerability Heaven in the iOS SandboxSlides
Light and Dark side of Code InstrumentationSlides
Комбайны безопасности для iOS и AndroidSlides

Author: @ansjdnakjdnajkd

Do you want to add or fix? - Write to me or pull request!

pentesting malware