search

OWASP / owasp-mastg

The Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes the technical processes for verifying the controls listed in the OWASP Mobile Application Security Verification Standard (MASVS).
https://mas.owasp.org/
Creative Commons Attribution Share Alike 4.0 International
11.32k stars 2.24k forks source link

[Tool] ios-app-signer #2602

Closed sk3l10x1ng closed 1 week ago

sk3l10x1ng commented 1 month ago

Add ios-app-signer to the list of iOS tools.

This is an app for OS X that can resign apps and bundle them into ipa files that are ready to be installed on an iOS device. link : https://github.com/DanTheMan827/ios-app-signer

sk3l10x1ng commented 1 month ago

i will work on it .

cpholguera commented 1 month ago

It's yours. Thanks @sk3l10x1ng!

cpholguera commented 1 month ago

Before you add it, could you please clarify the benefits of using that tool instead of the current approach and tools defined in

https://mas.owasp.org/MASTG/techniques/ios/MASTG-TECH-0092/#re-signing

sk3l10x1ng commented 3 weeks ago

Before you add it, could you please clarify the benefits of using that tool instead of the current approach and tools defined in

https://mas.owasp.org/MASTG/techniques/ios/MASTG-TECH-0092/#re-signing

This can be added as alternative tool , with ios-app-signer provides GUI instead of command line , and display the list provisioning profiles and signing certificates available to sign the ios app.

cpholguera commented 2 weeks ago

Thanks! I noticed that we do not have codesign as a tool. Adding it in https://github.com/OWASP/owasp-mastg/pull/2609/files

Maybe we can add a new field in the main tool that we use, in this case codesign (MASTG-TOOL-0101.md), for keeping track of this kind of alternate tools, something like 

---
...
alternatives: [MASTG-TOOL-0102]
---

assuming MASTG-TOOL-0102 is the new ID for this tool.