A comprehensive attack surface enumeration tool for iOS and macOS applications.
This tool parses the binary or XML Info.plist file found in Apple applications (IPA/APP) to extract critical security configurations, identify potential vulnerabilities, and generate instant hooking snippets for Frida and Objection.
- π Target Profiling: Extracts Bundle IDs, SDK versions, and Minimum OS requirements.
- π Attack Surface Discovery: Enumerates custom URL Schemes (Deep Links) prone to XSS or logic flaws.
- π Network Security Audit: Analyzes App Transport Security (ATS) exceptions (
NSAllowsArbitraryLoads, Exception Domains). - ποΈ Surveillance & Privacy: Audits sensitive permissions (Camera, Mic, Location) with risk severity ratings.
- π Data Leakage Checks: Detects file sharing capabilities (
UIFileSharingEnabled) and document access. - π Reversing Aid: Identifies Entry Points (App/Scene Delegates) and generates ready-to-use Frida & Objection commands.
- π¨ Cyberpunk UI: Features a stylized, color-coded terminal output for rapid visual parsing.
Zero Dependencies. This tool uses Python's standard library. No pip install required.
-
Clone the repository (or download the script):
git clone https://github.com/0xbinder/plist_recon.git cd plist-analyzer -
Make executable:
chmod +x plist_recon.py
Simply provide the path to the Info.plist file extracted from an IPA or macOS .app bundle.
python3 plist_parser.py path/to/Info.plist