Ipanema is a tool for iOS ipa application security assessment.

Jaume Martin b7d1286312 Fixing merge 11 months ago
.gitignore 08da8d207e First project commit 1 year ago
LICENSE 08da8d207e First project commit 1 year ago
README.md c25792d4eb Fixed a issue where the tmp path is not created properly 11 months ago
analysis.go 32154231c1 Moved all the egghunter regexes into a map. Updated README.md 11 months ago
aux.go 18e1e51b46 Added suport for finding a correct AppContainer 11 months ago
ipanema.go b7d1286312 Fixing merge 11 months ago

README.md

ipanema

Ipanema is a tool for iOS ipa application security assessment.

Installation

The easiest way is to download a precompiled binary for your architecture and operating system from the releases tab.

If you want to build it by yourself follow this steps:

  • go get dev.hackercat.ninja/hcninja/ipanema
  • go install dev.hackercat.ninja/hcninja/ipanema

If this doesn't work, go to the project folder and do a go get -u before go install.

Usage

The usage is easy, ipanema -ipa my.ipa, the analysis will output some useful info to stdout, and after the analysis finishes you will find all the analysis data in the temporal path created by ipanema under the folder analysisResult. This folder will contain multiple txt files with the data specified in the filename, useful to grep for info, aside of this, the whole analysis will be dumped in an analysis.json file, try to use jq to filter and search through the info.

TODO

  • Basic analysis engine
  • CLI interface
  • Analysis output
  • Analysis project json dump
  • Search for valuable information available in the ipa bundle
  • Automated analysis with recommendations
  • Banned function analysis with an "exploitability" index
  • API
  • Web GUI
  • Sandbox to do a dynamic analysis
  • Function, methods and API fuzzing