| Follow @lancinimarco

Reading time ~1 minute

Needle V0.0.4 Released

In preparation for OWASP AppSec USA 2016, today we are releasing Needle V0.0.4, with new compatibility support, new modules, and lots of bug fixes! You can grab the new version from Github.

We would also like to say thanks to our Github contributors:

  • @tghosth
  • @ch1kpee
  • @hduarte
  • @zakm123
  • @alexplaskett
  • @istais
  • @hduarte
  • @n1xf1

To stay updated, remember to also follow @mwrneedle on Twitter!

Changelog [0.0.4] - 2016-10-04


  • [CORE] OS X Support
  • [CORE] iOS 9 compatibility support [from @ch1kpee]
  • [CORE] Global output path
  • [CORE] Support for SSH public key auth [from @hduarte]
  • [MODULE] Dump contents of keyboard autocomplete cache (storage/caching/keyboard-autocomplete) [from @zakm123]
  • [MODULE] Apple Transport Security (ATS) metadata support (binary/metadata) [from @alexplaskett]
  • [MODULE] Circumvent Touch ID when implemented using LocalAuthentication framework (hooking/cycript/cycript_touchid) [from @istais]
  • [MODULE] storage/data/files_*: now is possible to dump all files [idea from @tghosth]
  • [MODULE] Support for App Extension Bundles metadata (binary/metadata) [from @alexplaskett]
  • [MODULE] Display an applications universal links (binary/universal_links) [from @alexplaskett]
  • [MODULE] Show the content of the device’s /etc/hosts file, and offer the chance to edit it (various/hosts)
  • [SUPPORT] Contribution guide and module templates
  • [SUPPORT] Logo and Twitter handle


  • [CORE] TCPrelay execute mode permissions
  • [CORE] Install coreutils beforehand
  • [CORE] Replaced frida.spawn with uiopen
  • [CORE] Error on exit and get_ip for OS X
  • [CORE] Fixed 2 bugs related to TCP relay and refresh of the connection parameters [from @hduarte]
  • [CORE] iOS 9.3.3 search pid support inside containers [from @n1xf1]
  • [CORE] Issues with paths containing spaces
  • [MODULE] Dump keychain even when no apps are installed
  • [MODULE] Minor edits on module descriptions [from @tghosth]
  • [MODULE] DTPlatformVersion exception [from @alexplaskett]
  • [MODULE] Keychain Dump: reverted back to keychaineditor
  • [MODULE] Syslog watch (dynamic/watch/syslog) and monitor (dynamic/monitor/syslog) not working when using SSH over wi-Fi: switched to ondeviceconsole


  • [CORE] Dependencies check
  • [CORE] Dependency to libimobiledevice
  • [MODULE] Unstable modules (fuzz_ipc, lldb_shell)

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I'm a Security Engineer, mainly interested in cloud native technologies, devops, and network security...  

Currently Working On

Currently, my areas of focus are two: cloud native tech and red teaming. Here is a short list of what I’m currently working on in my spare time.

  1. Cloud Native Tech
    • Cloud Security (AWS, Azure, GCP)
    • Container Security (docker, kubernetes)
      1. So I Heard You Want to Learn Kubernetes -- An attempt to demystify the perception by which Kubernetes is believed to be too hard to even get started, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects.
      2. My Arsenal of Cloud Native (Security) Tools -- A curated list of (security) tools that can help assessing the security of AWS, Docker, Kubernetes, and even Git repositories.
    • Infrastructure-as-Code (Consul, Vault, Packer, Terraform, Ansible)
      1. Docker + Consul + Vault: A Practical Guide -- How to use docker-compose to spin up a Vault instance backed by Consul.
      2. Offensive Infrastructure with Modern Technologies -- An N-part blog post series, to record my journey and the lessons learned while building a secure, disposable, and completely automated infrastructure to be used in offensive operations.
  2. Red Teaming
    • Techniques
      1. Red Teaming Mind Map from The Hacker Playbook 3 -- A high-level mind map to summarize all the techniques/tools covered by Peter Kim’s book.
    • Tooling
      1. Offensive ELK -- Custom Elasticsearch setup, aiming to show how traditional defensive tools can be effectively used for offensive security data analysis, helping your team collaborate and triage scan results.
      2. GoScan -- An interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.
      3. Robtex-Go -- A library that provides a little wrapper over such APIs, and can be quickly integrated in any other Go codebase.
Continue reading