Last active
August 12, 2021 17:15
-
-
Save trib0r3/64422a3ff897afcc1f6917b9a4eaae35 to your computer and use it in GitHub Desktop.
Something like linpeas, but for iOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# ref: https://gist.github.com/rustymagnet3000/605c333519cd265c7eac9d556f46dc75#files | |
white="\e[0;97m" | |
bold="\e[1m" | |
reset="\e[0m" | |
function print_stage() { | |
echo; echo -e "${white}${bold}$1${reset}" | |
} | |
function check_files() { | |
payload=$1 | |
print_stage "> Looking for special files in ${payload}" | |
print_stage ">> Files big files inside unzipped IPA" | |
find "$payload" -size +2M | |
print_stage ">> Files that were mistakingly shipped inside of App Bundle" | |
find "$payload" -name '*.json' -or -name '*.txt' | |
print_stage ">> Check for ReactNative" | |
find "$payload" -name main.jsbundle | |
print_stage ">> Check for Certificates" | |
find "$payload" -name '*.crt' -or -name '*.cer' | |
print_stage ">> Property lists in Payload. Recursive search" | |
find "$payload" -name '*.plist' | |
print_stage ">> Provisioning Profiles" | |
find "$payload" -name '*.mobileprovision' | |
print_stage ">> Dynamically linked frameworks" | |
find "$payload" -name '*.framework' | |
print_stage ">> Locally linked javascript" | |
find "$payload" -name '*.js' | |
print_stage ">> Search all plist files for Device Permissions or App Transport Security" | |
find "$payload" -name '*.plist' | xargs grep -I --color=always "NS" | |
} | |
if [ $# -ne 1 ]; then | |
echo "USAGE: $0 <path/to/app/bundle>" | |
else | |
check_files "$1" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment