I want to start learning about VA on Apple iOS devices. Besides documentation, is there any good tool - in terms of automated vulnerability scanners, or scripts - to start?
Asked
Active
Viewed 9,142 times
1 Answers
0
SPF (Smartphone Pentest Framework) is one of the only ones I know of that are open source. Core Impact has some mobile testing modules but Core Impact is very expensive. There is Zimperium's Anti which gobbled up dSploit that performs security audits, and reading-wise, Tripwire has a decent article about pentesting mobile devices.
In the end though, Mobile devices much like other computers and servers, either have services, and network connections, that work in similar fashion. Client server, wireless/bluetooth connections... So it is trivial to use common tools such as nmap to get an idea of what services are running on a mobile device connected on your network.
There is OWASP's Mobile Security Project but they state they are focused on the application layer, and not much is written about what they do, what they've done, etc. If I were tasked with determining methods to pentest mobile devices, I would approach it from a forensics standpoint. Remember, the forensics guys/gals have likely seen more devices than you could test. The theory would be that in understanding what was found, it would make it simpler to understand how it was exploited. For something like that, I would check out the Malware Genome Project
EDITED
I also forgot to add the excellent work from Andrew Hoog and NowSecure (formerly ViaForensics). I definitely recommend getting his book to understand how iPhones/iPads, etc. work (store, connect, operate, etc)
munkeyoto
- 8,682
- 16
- 31
-
SPF is for android. Isn't for iOS. The OP asks about iOS. – Shritam Bhowmick Jun 24 '16 at 08:33