iOS static analysis

  1. MobSF does provide helpful features for the static analysis of iOS applications. Like Android, the decrypted iOS IPA can be dragged over to MobSF's web interface. MobSF will then rename the IPA to a ZIP, extract the contents, analyze plist files, check permissions that the app requests, and dump class information from the app, amongst other things. The following screenshot displays the landing page once the decrypted iOS IPA has been dragged over to MobSF. There are three main options that MobSF provides, including viewing the Info.plist, strings, and class dump:
Ensure you adjust your class-dump-z path in MobSF's settings ...

Get IoT Penetration Testing Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.