| Follow @lancinimarco

Reading time ~1 minute

Needle V0.1.1 Released

It was long due, but Needle v0.1.1 finally introduces an integration for Cydia Substrate & Theos. You can now use the hooking/theos/theos_tweak module to create/edit/install/disinstall Tweaks, and the hooking/theos/list_tweaks to list all your active Tweaks.

And you don’t have to install Theos manually, since it’s been added to the list of dependencies that are going to be automatically installed on your device when the global option SETUP_DEVICE is set to True.

In addition to the Theos integration, this version brings:

  • improvements to Needle’s core that makes it even more modular
  • a module to print the app’s view hierarchy with Frida (hooking/frida/script_dump-ui)
  • a module to automatically install your Burp Proxy CA Certificate (comms/certs/install_ca_burp)
  • an improved version of storage/data/files_cachedb and storage/data/files_cachedb, that now will automatically print the row counts for standard tables
  • a module to print the details of the certificate of the specified server (comms/certs/view_cert)
  • an improved binary/pull_ipa, that now can directly pull the binary as well as the .ipa file

You can grab the new version from Github, and remember to also follow @mwrneedle on Twitter!

Changelog [0.1.1] - 2016-11-25


  • [CORE] Support for plist files into print_cmd_output
  • [CORE] move function for Remote operations
  • [CORE] Automatically install Theos
  • [CORE] Automatically install SSL Kill Switch
  • [CORE] Add validate_editor (core/framework/module)
  • [CORE] Parametrize module_run (core/framework/module)
  • [CORE] Centralized utility for user interaction
  • [MODULE] Theos integration (hooking/theos/theos_tweak)
  • [MODULE] List installed Tweaks (hooking/theos/list_tweaks)
  • [MODULE] Frida Script: print view hierarchy (hooking/frida/script_dump-ui)
  • [MODULE] Install Burp Proxy CA Certificate (comms/certs/install_ca_burp)
  • [MODULE] Allow using nano to edit hosts file (various/hosts) [from @tghosth]
  • [MODULE] Automatically print row counts for standard tables in Cache.db files (storage/data/files_cachedb) [from @tghosth]
  • [MODULE] Automatically print row counts for standard tables in SQL files (storage/data/files_sql) [from @tghosth]
  • [MODULE] View Server Certificate (comms/certs/view_cert) [from @tghosth]
  • [MODULE] Pull IPA: pull the binary as well as the .ipa file (binary/pull_ipa) [from @tghosth]


  • [CORE] Sanitization of parsed plist files
  • [CORE] App metadata: show all URI handlers
  • [CORE] Invalid characters when parsing plist files
  • [CORE] Minor on Remote Operations’ wrapper: list_dir and cat_file
  • [MODULE] Dump entire keychain [idea from @tghosth]
  • [MODULE] storage/caching/screenshot: OS X support for rendering preview images
  • [MODULE] Error saving files in storage/data/files_* modules [from @tghosth]
  • [MODULE] Run proxy regular even without selecting a target app
  • [MODULE] File monitoring: automatically detect folder to monitor (regression)

Marco Lancini

Marco Lancini
Hi, I'm Marco Lancini. I'm a Security Engineer, mainly interested in cloud native technologies, devops, and network security...  

Currently Working On

Currently, my areas of focus are two: cloud native tech and red teaming. Here is a short list of what I’m currently working on in my spare time.

  1. Cloud Native Tech
    • Cloud Security (AWS, Azure, GCP)
    • Container Security (docker, kubernetes)
      1. So I Heard You Want to Learn Kubernetes -- An attempt to demystify the perception by which Kubernetes is believed to be too hard to even get started, by walking through the journey I undertook to get the basics first, and later to focus on the security aspects.
      2. My Arsenal of Cloud Native (Security) Tools -- A curated list of (security) tools that can help assessing the security of AWS, Docker, Kubernetes, and even Git repositories.
    • Infrastructure-as-Code (Consul, Vault, Packer, Terraform, Ansible)
      1. Docker + Consul + Vault: A Practical Guide -- How to use docker-compose to spin up a Vault instance backed by Consul.
      2. Offensive Infrastructure with Modern Technologies -- An N-part blog post series, to record my journey and the lessons learned while building a secure, disposable, and completely automated infrastructure to be used in offensive operations.
  2. Red Teaming
    • Techniques
      1. Red Teaming Mind Map from The Hacker Playbook 3 -- A high-level mind map to summarize all the techniques/tools covered by Peter Kim’s book.
    • Tooling
      1. Offensive ELK -- Custom Elasticsearch setup, aiming to show how traditional defensive tools can be effectively used for offensive security data analysis, helping your team collaborate and triage scan results.
      2. GoScan -- An interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap.
      3. Robtex-Go -- A library that provides a little wrapper over such APIs, and can be quickly integrated in any other Go codebase.
Continue reading