iDevice Jailbroken = Your New PenTesting Tool.
What if someone asks you to do a Nmap scan but you left your pc at home?
What if a golden opportunity shows during a pentest but you were walking around the building, taking a break?
But leaving your phone at home or in the office when you go out is absurd, I mean, everyone brings his phone with him nowadays.
Wouldn't it be awesome if you could do a pentesting session with your mobile phone?
Today you can. It doesn't mind if you have an Android or an iPhone (or the respective Tablets).
Today I'm going to talk about iDevices.
Sadly, you need to first jailbreak your devices in order to install Nmap, Metasploit, SET, Aircrack, Ettercap... (almost all of them, I even saw Beef, but haven't tried it yet).
Note: images are taken by an italian version of Cydia and I had an icon pack.
Update: be careful, I didn't try this on iOS 8, so before you follow this process, make sure every main packet has been updated or someone else confirmed that this works.
This can be done in different ways according to the iOS version. At the time I'm writing every framework version until 7.1.2 (correct me if I'm wrong) is jailbreakable (7.1.x with Pangu Jailbreak).
UPDATE: IOS 8 is jailbreakable thanks to Pangu.
This is not the focus point of the article, so I'll move on.
Cydia (by Saurik) is the main repository of jailbroken apps.
Most of the time the jailbreak process includes the installation of Cydia as default.
Icon pack M'Flat Winterboard
The porting of the above mentioned pentesting tools was achieved thanks to members of the iNinjas website, credits go to them.
To add the iNinjas repository in Cydia, open the app and go to the "Sources" tab, click "Edit" and then "Add".
http: // ininjas.com/repo/
Hyperlink to the official page:http://ininjas.com/pro/index.php
More: Nmap is not available here, but you can get a GUI with the repo:
http: // apt.modmyi.com/
http: // modmyi.com/
So that when the process will end you'll have to click on the repository to show a list of all the packets available, where you can find the above mentioned tools.
Naturally, like on our dear Kali Linux, most of those packets are Terminal packets. This means that in order to run them you have to either SSH into your iDevice or run an application that is able to gain root privileges (like Mobile Terminal).
Disclaimer: Cydia will tell you that this repo it's an unofficial repo, and because of this, it is not secure. And that's true. Even if when I did this everything went good and all the tools did only what they had to do, it doesn't mean that, for example, a XSS attack could have compromised it. Do it at YOUR OWN risk.
EDIT:In case it's not clear, to install Metasploit and else you'll have to go in Cydia->Sources->iNinjasource-> and find Metasploit in the list of packets. Or you can search it Cydia->Search and type Metasploit. Once you found the packet, click on it, then click "install" and "confirm".
To accomplish the aforementioned step you'll need to download form Cydia a tweak (Cydia app) called "Mobile Terminal". You can simply find it by going in the "Search" tab and typing "Mobile Terminal".
This icon is part of an icon pack, but looks the same
Download the one from the BigBoss Repository.
Here's a list of some useful tools and how to run them.
Most of them need root access. This means that when you open Mobile Terminal you have to first write
alpine (default password)
then you can run commands with root access.
Metasploit: when metasploit is installed, you can run it by typing:
cd /var/root/pentest/exploits/framework (eventually "framework 3")
(the loading takes some time)
Social Engineering Toolkit:
(accept everything it requires to be installed)
Nmap has a GUI, so download it and run the app, then type the ip address and the arguments , the output will be shown in the panel below.
If getting your tools with apt-get looks easier, then you can do it.
Searh in Cydia for "APT 0.7 Strict" (that should be installed as default).
Last, a list of some common tools that are also available in the iNinja repo, or Cydia in general: Aircrack-ng, Beef (I didn't test it), Dsniff Suite (a "collection of tools for network auditing"), Ettercap (but I couldn't make it work), Evil Grade, iPwN (a collection of tools for Arping and Dns Spoofing which you should definitely chek out), John the Ripper, Medusa, Metasploit, mysql, network-cmds (for ifconfig utility), Prini and Derv (automated scripts for MITM packet sniffing), python, ruby, SET, SSLstrip (I couldn't make it work), and THC Hydra.
I hope this post was helpful and if this will get positive feedback, I'll talk about Android devices too.
NOTE: if talking about jailbreak here is somehow illegal, then remove this post as soon as possible. I read the rules, but I can't say if this is part of piracy or not.
As I always say: my english is not perfect and I don't pretend it. If I repeat some grammar or concept errors or something is not clear, please tell me in the comments.
Also feel free to correct me if I'm wrong somewhere in the post.
Thanks for reading.
For troubleshooting, read the comments or comment yourself.