-
Notifications
You must be signed in to change notification settings - Fork 284
Issue Management
Needle now provides automatic issue detection: modules will automatically detect and keep track of issues in the target app. Just use the various modules implemented in needle and they will automatically populate the list of issues. For a full list of modules supporting this feature, please refer to the module list.
Every issue will hold the following attributes:
-
app
: the app in which the issue has been identified -
module
: the module who identified the issue -
content
: the actual issue -
confidence level
: one among ‘HIGH’, ‘MEDIUM’, ‘INVESTIGATE’, or ‘INFORMATIONAL’ -
outfile
: for verbose output, path of the file containing the full issue
All the issues are going to be stored in the issues.db
SQLite database, contained in the chosen output directory.
New commands have also been added to the core of needle to allow you to interact with this new feature:
Type issues
to have a list of all the issues identified printed to screen.
[needle] > issues
[+] The following issues have been identified:
[!] ISSUE #0
[!] App: mwr.ios.dvia
[!] Module: modules/binary/info/metadata.py
[!] Name: ATS Disabled
[!] Content: NSAllowsArbitraryLoads: True
[!] Confidence: HIGH
[!] Outfile: None
[!] ISSUE #1
[!] App: mwr.ios.dvia
[!] Module: modules/storage/data/keychain_dump_frida.py
[!] Name: Keychain items detected (1)
[!] Content: See the content of the linked file
[!] Confidence: INVESTIGATE
[!] Outfile: /root/.needle/output/frida_script_dump_keychain.txt
In case you'll want to manually add an issue to the collection, you can invoke the add_issue
command to start a wizard that will guide you through the process.
[needle] > add_issue
[>][QUESTION] Please insert app: mwr.ios.dvia
[>][QUESTION] Please insert module: manual
[>][QUESTION] Please insert name: A new issue!
[>][QUESTION] Please insert content: This issue has been added manually
[>][QUESTION] Please insert confidence: HIGH
[>][QUESTION] Please insert outfile:
[needle] > issues
[+] The following issues have been identified:
[!] ISSUE #0
[!] App: mwr.ios.dvia
[!] Module: modules/binary/info/metadata.py
[!] Name: ATS Disabled
[!] Content: NSAllowsArbitraryLoads: True
[!] Confidence: HIGH
[!] Outfile: None
[!] ISSUE #1
[!] App: mwr.ios.dvia
[!] Module: modules/storage/data/keychain_dump_frida.py
[!] Name: Keychain items detected (1)
[!] Content: See the content of the linked file
[!] Confidence: INVESTIGATE
[!] Outfile: /root/.needle/output/frida_script_dump_keychain.txt
[!] ISSUE #2
[!] App: mwr.ios.dvia
[!] Module: manual
[!] Name: A new issue!
[!] Content: This issue has been added manually
[!] Confidence: HIGH
[!] Outfile: