iGold - finding Gold in iOS app's

A work-in-progress collection of scripts used to workflow/automate the download and discovery of bounty leads in iOS apps, en masse.

Use case 1: During the day, if I see a new bounty program, I can download the iOS app onto my phone which automatically triggers a process at home to download, decompile the app, test database connections, etc. all while I'm out during the day.

Use case 2: Download hundreds of apps from various bounty platform's. As they are downloaded, they are automatically decompiled and tested, en masse.

Obviously don't use these scripts on assets which you are not authorised to test.

There is a number of pre-requisite tools that needs to be installed first, here.

1. Bulk download of iOS app's

• Script: download iOS apps in bulk This script is designed to:

  • run on Mac OS.
  • run as a crontab so that all you need to do is install an app on your iPhone and the rest is taken care off.

  Pre-req's; a jailbroken iPhone which connects to your Mac via proxied ssh.

2. Extraction and decompiling app data

• Bulk conversion of iOS apps to greppable formats (ie. class dumping, plist conversion) - decompile/extract iOS app data

3. Get URL secrets

• Oftern urls within app binaries can unwittlingly contain tokens or secrets. This script with grep urls from extracted app files, and highlight URLS worth investgiating further. discover and download more greppable data
• list ATS domain exceptions for further analysis (see ATS exceptions in the OWASP MSTG for more info) - list-ATS-domain-exceptions

5. Automatic testing

These scripts, grep for specific API keys, and then connects to those services when a key is found to look for data

• Firebase databases
• Youtube & Google Maps

6. Other helpful hacks

• Search list and display all plist files.
• List of API key regex which can be used to search through mobile app data