You can go through my article: https://sudosuraj.medium.com/ios-pentesting-101-jail-breaking-ios-16-7-x-on-iphone-8-x-e9d62c529d38
ps -A | grep -i appname
objection -g com.app.name run env
iPhone:~ root# find / -type d -iname "*app*" 2>/dev/null
/private/var/mobile/Containers/Data/Application/AA1CEA02-C111-4B66-8CB6-7154A953EB25/Library/Saved Application State/com.app.app-sample-app.savedState
/private/var/mobile/Containers/Data/Application/AA1CEA02-C111-4B66-8CB6-7154A953EB25/Library/SplashBoard/Snapshots/com.app.app-sample-app - {DEFAULT GROUP}
/private/var/mobile/Containers/Data/Application/AA1CEA02-C111-4B66-8CB6-7154A953EB25/Library/SplashBoard/Snapshots/sceneID:com.app.app-sample-app-default
/private/var/containers/Bundle/Application/42F09816-34A6-41BA-B4CD-8F6FA6300B21/app-sample-app.app
/private/var/containers/Bundle/Application/42F09816-34A6-41BA-B4CD-8F6FA6300B21/app-sample-app.app/appDefaultUI_appDefaultUI.bundle
/private/var/containers/Bundle/Application/42F09816-34A6-41BA-B4CD-8F6FA6300B21/app-sample-app.app/Frameworks/appCore.framework
📍 Path: /private/var/containers/Bundle/Application/42F09816.../app-sample-app.app
This is the actual installed app binary and its resources — similar to the Program Files directory on Windows.
Contains: App binary (app-sample-app)
Bundles and frameworks like: appDefaultUI_appDefaultUI.bundle, Frameworks/appCore.framework
This directory is read-only at runtime (unless the app is specially signed). It doesn't change even when the app runs — like a static install.
📍 Path: /private/var/mobile/Containers/Data/Application/AA1CEA02...
This is the writable sandbox where the app stores its data while running.
Contains: Documents/ – files saved by the app, Library/ – caches, preferences, app state, tmp/ – temp files.
Subfolders you found: Saved Application State → used for app resume, SplashBoard/Snapshots → screenshot caching of app UI.
This directory changes per app reinstall (different UUID), while the bundle path might stay the same if the app binary doesn't change.
| Type | Path Example | Purpose | Writable |
|---|---|---|---|
| App Binary | /var/containers/Bundle/Application/... | App code, resources, frameworks | ❌ |
| App Sandbox | /var/mobile/Containers/Data/Application/... | App's saved data, prefs, cache | ✅ |
| Tool Name | Repo URL | Purpose |
|---|---|---|
| Filza File Manager | https://tigisoftware.com/cydia/ |
Full file system access |
| iFile | https://cydia.ichitaso.com/ |
File browsing & editing |
| NewTerm 2 | https://repo.chariz.com/ |
Terminal emulator for iOS |
| MTerminal | https://cydia.ichitaso.com/ |
Basic terminal access |
| OpenSSH | https://apt.bingner.com/ |
SSH access to iDevice |
| Dropbear SSH | https://apt.bingner.com/ |
Lightweight SSH server |
| iSSH | https://cydia.saurik.com/ |
SSH client for iOS |
| CrackerXI+ | https://repo.hackyouriphone.org/ |
Dump decrypted IPA files |
| Clutch2 | https://cydia.ichitaso.com/ |
Decrypt IPA files |
| Class-dump-z | https://coolstar.org/publicrepo/ |
Extract class info from apps |
| Hopper Disassembler | https://www.hopperapp.com/ |
Analyze iOS binaries |
| Radare2 | https://apt.radare.org/ |
Reverse engineering & binary analysis |
| Keychain Dumper | https://apt.procurs.us/ |
Extract saved credentials |
| iLoot | https://github.com/SecurityMac/iLoot |
Dump iCloud credentials |
| tcpdump | http://apt.bingner.com/ |
Network packet capture |
| bettercap | https://apt.bingner.com/ |
MITM attacks |
| Wireshark (on PC) | N/A |
Packet analysis |
| Burp Suite (on PC) | N/A |
Proxy & traffic interception |
| mitmproxy | https://apt.procurs.us/ |
Lightweight MITM proxy |
| SSL Kill Switch 2 | https://github.com/nabla-c0d3/ssl-kill-switch2 |
Bypass SSL certificate pinning |
| Frida | https://build.frida.re |
Runtime instrumentation |
| frida-server | https://build.frida.re |
Frida backend for iOS |
| Frida-ios-dump | https://github.com/AloneMonkey/frida-ios-dump |
Dump decrypted IPA files |
| Objection | https://github.com/sensepost/objection |
Bypass jailbreak detection & analyze apps |
| A-Bypass | https://repo.xsf1re.kr/ |
Advanced jailbreak detection bypass |
| FlyJB X | https://repo.xsf1re.kr/ |
Hide jailbreak from apps |
| Liberty Lite | https://ryleyangus.com/repo/ |
Bypass jailbreak detection |
| PassBy | https://repo.hackyouriphone.org/ |
Bypass iOS password restrictions |
| iRET Toolkit | https://github.com/SecurityMac/iRET |
Reverse engineering & pentesting |