iOS Security Testing Framework: needle

Where Technology Come

iOS Security Testing Framework: needle



iOS Security Testing Framework

    Needle is an open source, modular framework to streamline the process of conducting security assessments of iOS apps.

Assessing the security of an iOS application typically requires a plethora of tools, each developed for a specific need and all with different modes of operation and syntax. The Android ecosystem has tools like “drozer” that have solved this problem and aim to be a ‘one stop shop’ for the majority of use cases, however iOS does not have an equivalent.

Needle is an open source modular framework which aims to streamline the entire process of conducting security assessments of iOS applications, and acts as a central point from which to do so. Given its modular approach, Needle is easily extensible and new modules can be added in the form of python scripts. Needle is intended to be useful not only for security professionals, but also for developers looking to secure their code. A few examples of testing areas covered by Needle include: data storage, inter-process communication, network communications, static code analysis, hooking and binary protections. The only requirement in order to run Needle effectively is a jailbroken device.

Needle is open source software, maintained by MWR InfoSecurity.





Basic Features

Although the power of Needle is comprised in its modules, the core itself offers some basic features that allow it to interact with the device.


Execute local command (<cmd>)

Needle’s CLI is basically a shell itself, so it is possible to run commands on the local workstation just by typing them.

[needle] > cat /etc/hostname

[*] Executing Local Command: cat /etc/hostname


[needle] > ifconfig lo

[*] Executing Local Command: ifconfig lo

lo Link encap:Local Loopback 

 inet addr: Mask:

 inet6 addr: ::1/128 Scope:Host


 RX packets:48454 errors:0 dropped:0 overruns:0 frame:0

 TX packets:48454 errors:0 dropped:0 overruns:0 carrier:0

 collisions:0 txqueuelen:0 

 RX bytes:33149117 (31.6 MiB) TX bytes:33149117 (31.6 MiB)


Shell (shell)

Type “shell” to drop a shell on the remote device.

[needle] > shell

[*] Spawning a shell…

[*] Checking connection with device…

[V] Connection not present, creating a new instance

[V] [AGENT] Connecting to agent (…

[+] [AGENT] Successfully connected to agent (…

[V] [SSH] Connecting (…

[+] [SSH] Connected (

Warning: Permanently added ‘[]:2222’ (ECDSA) to the list of known hosts.

MWR-iPhone:~ root# id

uid=0(root) gid=0(wheel) groups=0(wheel),…


Execute command on device (exec_command <cmd>)

To execute a single command on the remote device.

[needle] > exec_command id

[*] Checking connection with device…

[+] Already connected to:

[*] Executing: id

 uid=0(root) gid=0(wheel) groups=0(wheel)…


Push/pull files (<push/pull> “<src>” “<dst>”)

It is also possible to retrieve or upload files from/on the device. Note that both the source and destination paths must be enclosed in quotes.

[needle] > pull “/etc/hosts” “/tmp/iphone_hosts”

[*] Checking connection with device…

[+] Already connected to:

[*] Pulling: /etc/hosts -> /tmp/iphone_hosts

[needle] > cat /tmp/iphone_hosts

[*] Executing Local Command: cat /tmp/iphone_hosts


# Host Database


# localhost is used to configure the loopback interface

# when the system is booting. Do not change this entry.

## localhost broadcasthost

::1 localhost


Software Download – Click Here


Follow us & participate



Twitter: https://twitter.com/techieworldinfo




Leave a Reply

Your email address will not be published. Required fields are marked *