本项目是记录自己在学习iOS安全过程中遇到的优秀内容,包括优秀的项目代码或研究成果等。打破iOS的安全壁垒,直至封神!向伟大的乔布斯致敬!作者:0e0w
本项目创建于2021年7月17日,最近的一次更新时间为2023年10月11日。
一、iOS安全书籍
- 《iOS安全测试与安全研究》@0e0w
- 《iOS应用安全攻防实战》@肖梓航译
- 《iOS应用逆向工程》@沙梓社
- 《最强iOS和macOS安全宝典》@蒸米译
- 《iOS应用逆向与安全之道》@罗巍
- 《iOS黑客攻防秘籍》@陈德
- 《九阴真经 iOS黑客攻防秘籍》@陈德
- 《iOS应用安全攻防》@扎德尔斯基
- 《iOS应用安全权威指南》@程伟译
- 《黑客攻防技术宝典-iOS实战篇》
- 《iOS测试指南》@芈峮
- 《大话移动APP测试:Android与 iOS应用测试指南》@陈晔
- 《iOS冰与火之歌系列》@蒸米
- 《iOS安全与防护》@crifan
- 《安全技术大系:iOS取证分析》
- 《iOS取证实战》
- 《Hacking and Securing iOS Applications》
- 《Mac OS X and iOS Internals:To the Apple’s Core》
- 《OS X and iOS Kernel Programming》
- 《OS X ABI Mach-O File Format》
- 《The Mac Hacker’s Handbook》
- 《Mac OS X Interals:A Systems Approach》
二、iOS视频课程
三、iOS培训演讲
四、iOS专利文献
五、iOS国家标准
六、iOS论坛版块
七、iOS其他资源
- https://github.com/silence0201/iOS-Reverse
- https://github.com/silence0201/iOS-Category
- https://github.com/0xmachos/iOS-Security-Guides
- https://github.com/pandazheng/IosHackStudy
- https://github.com/AloneMonkey/iOSREBook
- https://github.com/pandazheng/IOSCodes
- https://github.com/wufawei/iossecurity
- https://github.com/satan1a/awesome-ios-security-cn
- https://github.com/r0ysue/OSG-TranslationTeam
- https://github.com/tianjifou/iOS-security-attack-and-prevent
- https://github.com/LZRight123/GuardApp
- https://github.com/SmileZXLee/ZXHookDetection
- https://github.com/kingly09/KYSecurityDefense
- https://github.com/iskf/IOSSecurity
- https://github.com/JxbSir/WeChatHistory
- https://github.com/krystal1110/iOS-Security
- https://github.com/liukaiyi54/iOS-Security-Translate
- https://github.com/dreamchen/EUExMISP
- https://github.com/qimiKond/OSX_iOS_HackResourceList
- https://github.com/securing/IOSSecuritySuite
- https://github.com/aquynh/iVM
- https://github.com/blinksh/blink
- https://github.com/ChiChou/grapefruit
- https://github.com/chaitin/passionfruit
- https://github.com/Siguza/ios-resources
- https://tttang.com/archive/1381
- https://github.com/XLsn0w/Cydia
- https://github.com/psychsecurity/iOS-Pentesting
- https://github.com/Snifer/Pentesting-Mobile
- https://github.com/allyomalley/pentest_scripts
- https://github.com/xebia/mobilehacktools
- https://github.com/cnmsec/MpaasPentestTool
- https://github.com/dmayer/idb
- https://github.com/RickeyBoy/Rickey-iOS-Notes
- https://github.com/MobSF/Mobile-Security-Framework-MobSF
- https://github.com/vaib25vicky/awesome-mobile-security
- https://github.com/Cy-clon3/awesome-ios-security
- https://github.com/Naville/WTFJH
- https://github.com/MTJailed/iOS-Security-Papers
- https://github.com/Swordfish-Security/awesome-ios-security
- https://github.com/ender01/iOS-application-security
- https://github.com/vadim-a-yegorov/iOS-Internals-and-Security-Testing
- https://github.com/harleo/iOSPriSec
- https://github.com/sahad-mk/Fireprint
- https://github.com/chrizel/iOS-Security-and-Privacy-Guide
- https://github.com/NotSoEthical/iOS-Security-Research
- https://github.com/DamianMarkowski/ios-security
- https://github.com/yevh/iOS-Security-Scanners
- https://github.com/paulveillard/cybersecurity-macOS-iOS-security
- https://github.com/cyhe/iOSSecurity-Attack
- https://github.com/LZRight123/GuardApp
- https://github.com/wrlu/SecMobile
- https://github.com/sqlsec/MobileSecurity
- https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet
- https://github.com/geeksniper/mobile-app-penetration-testing
- https://github.com/secmobi/wiki.secmobi.com
- https://github.com/project-imas
- https://github.com/iSECPartners
- IOS APP渗透测试漏洞汇总-工具环境和漏洞列表
- https://tttang.com/sort/ios
- https://github.com/ac0d3r/ios
- https://github.com/togettoyou/ipashare
- https://github.com/luoxuhai/Alock
一、测试项目汇总
二、公司测试文档
- 绿盟iOS安全测试指南
- 奇安信iOS安全测试指南
- 知道创宇iOS安全测试指南
- 平安科技iOS应用漏洞Wiki
- https://github.com/OWASP/owasp-mastg
三、测试文档资源
- https://github.com/Dioq/ReverseOC
- https://github.com/yahibo/iOSReverse
iOS安全第一步,越狱研究!
一、越狱研究
- checkra1n
- Fugu
- h3lix
- Taurine
- Fugu15
- https://github.com/palera1n/palera1n
二、安全机制
三、代码混淆
- https://github.com/netyouli/WHC_ConfuseSoftware
- https://github.com/2621532542/iOS_NQConfuseTool
四、逆向分析
- https://github.com/ivRodriguezCA/RE-iOS-Apps
- https://github.com/TinToSer/ios-RCE-Vulnerability
- https://github.com/MTJailed/FWLR
五、其他工具
- https://github.com/frida/frida
- https://github.com/S3Jensen/iRET
- https://github.com/ansjdnakjdnajkd/iOS
- https://github.com/WithSecureLabs/needle
- https://github.com/sensepost/objection
- https://github.com/noobpk/frida-ios-hook
- https://github.com/Lojii/Knot | 一款iOS端基于MITM的抓包工具 | 1.3k
- https://github.com/gofmt/iOSSniffer
- https://github.com/Urinx/iOSAppHook
- https://github.com/gofmt/itool
- https://github.com/majd/ipatool | ipa下载工具 | 2.9k
- https://github.com/Hacktivation/iOS-Hacktivation-Toolkit
- https://github.com/hughkli/Lookin
- https://appsec-labs.com/inalyzer
- https://github.com/ashishb/osx-and-ios-security-awesome
- https://github.com/Dado1513/awesome-iOS-security-tools
- https://github.com/iSECPartners/Introspy-iOS
- https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
- https://github.com/kai5263499/osx-security-awesome
- https://github.com/alibaba/iOSSecAudit
- https://github.com/Soulghost/iblessing
- https://github.com/aktsk/ipautil
- https://github.com/aktsk/ipa-medit
- https://github.com/Alsan/ipapk-server
- https://github.com/guanchaoguo/AppDistribution
- https://github.com/bzon/gota
- https://github.com/toshi0383/ipanema
- https://github.com/aadog/fd
- https://github.com/ChiChou/bagbak
- https://github.com/enmity-mod/patcher
- https://github.com/bl-core-vitals/appdiff
- https://github.com/hcninja/ipanema
- https://github.com/OuterCloud/HelloIPA
- https://github.com/gotokatsuya/ipare
- https://github.com/follyxing/appfile-info
- https://github.com/CrackerCat/iOSBox
- https://github.com/SonicCloudOrg/sonic-ios-bridge
- https://github.com/blacktop/ipsw
- https://github.com/bitrise-io/codesigndoc
- https://github.com/c0618/iOSSniffer | iOS抓包工具 | 3
- https://github.com/SignTools/SignTools
- https://github.com/iineva/ipa-server
- https://github.com/fengjixuchui/iOSTracer
- https://github.com/steeve/itool
- https://github.com/m0bilesecurity/RMS-Runtime-Mobile-Security
- https://github.com/nettitude/scrounger
- https://www.i-funbox.com/zh-cn/index.html
- https://github.com/Soulghost/iblessing
- https://github.com/dmayer/idb
- https://github.com/seemoo-lab/toothpicker
- https://github.com/BishopFox/bfinject
- https://github.com/KJCracks/Clutch
- https://github.com/nygard/class-dump
- https://github.com/AloneMonkey/frida-ios-dump
- https://github.com/BishopFox/iSpy
- https://github.com/atomicbird/momdec
- https://github.com/autopear/ipainstaller
- https://github.com/dengbin9009/DecryptApp
- https://github.com/re-signing/resign
- https://project-imas.github.io
- https://github.com/felixgr/secure-ios-app-dev
- https://github.com/insidersec/insider
- https://github.com/realm/SwiftLint
一、漏洞程序
- https://github.com/prateek147/DVIA
- https://github.com/prateek147/DVIA-v2
- https://github.com/GeoSn0w/Myriam
- https://github.com/GeoSn0w/iSecureOS
- https://github.com/OWASP/igoat
- https://github.com/WaTF-Team/WaTF-Bank
- https://github.com/IdanBanani/iOS-Vulnerability-Research
- https://github.com/oversecured/OversecuredVulnerableiOSApp
二、演示项目
- https://www.v2ex.com/t/488679
- https://www.ijiami.cn/iosProtect
- https://sec.xiaodun.com/product/ios
- https://www.kiwisec.com/product/ios-encrypt.html
- https://www.dingxiang-inc.com/business/ios
- https://360.net/product-center/360-mobile-security/ios
- https://docs.aiot.virbox.com/how-to-use/iosprotection
- https://www.nagain.com/#/produCtenter/securityReinforce/ios
- https://www.secidea.com/mars.html
- https://www.bangcle.com/pages/cat_id/94.html
此处排名不分先后,向自己在学习iOS安全过程中遇到的每一位优秀老师致敬。感谢感谢!
