[New Tool] iAppliScan v0.02 Beta Released
iAppliScan lets you automate the review of the iOS application with passing few parameters. It gives pointers to possible vulnerabilities or weakness of the application.
Amongst the mobile attack vectors and security weakness, Local storage and its misuse is being considered as the key security concern from security and privacy standpoint. Unlike android, iOS does not provide any API to monitor file system directly. One needs to dig in to files/directories to find information stored in local storage across applications. Looking at the each file in the directory is a tedious and painful job while doing penetration testing of the target application. We need to have a simple utility to penetrate and analyze local storage in iOS platform. iAppliScan allows you to automate iOS application review. Current version of iAppliScan needs a jailbroken device with SSH access to interface. Device and iAppliScan needs to be in same network with access.
Some of the interesting features of iAppliScan which one can leverage during the testing of the application.
- Look for sensitive information in files/directories
- Find whether particular file exist or not
- Download file for further analysis
- Run external command
New features in version 0.02 (Beta) of iAppliScan
- Poor cryptography detection – Detects Encoding (Base64, Hex, URL, HTML, GZip) and Hashing (MD5, SHA256, SHA384, SHA512)
- Load/Save configuration for future use
Download iAppliScan v0.02 Beta