mirror of
https://github.com/mvt-project/mvt.git
synced 2024-06-27 14:48:56 +00:00
Getting rid of dict()
This commit is contained in:
Nex
parent
5e6e4fa8d0
commit
9582778adf
|
|
@ -52,14 +52,14 @@ class ChromeHistory(AndroidExtraction):
|
||||||
""")
|
""")
|
||||||
|
|
||||||
for item in cur:
|
for item in cur:
|
||||||
self.results.append(dict(
|
self.results.append({
|
||||||
id=item[0],
|
"id": item[0],
|
||||||
url=item[1],
|
"url": item[1],
|
||||||
visit_id=item[2],
|
"visit_id": item[2],
|
||||||
timestamp=item[3],
|
"timestamp": item[3],
|
||||||
isodate=convert_timestamp_to_iso(convert_chrometime_to_unix(item[3])),
|
"isodate": convert_timestamp_to_iso(convert_chrometime_to_unix[item[3]]),
|
||||||
redirect_source=item[4],
|
"redirect_source": item[4],
|
||||||
))
|
})
|
||||||
|
|
||||||
cur.close()
|
cur.close()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
|
||||||
|
|
@ -76,18 +76,18 @@ class Packages(AndroidExtraction):
|
||||||
first_install = dumpsys[1].split("=")[1].strip()
|
first_install = dumpsys[1].split("=")[1].strip()
|
||||||
last_update = dumpsys[2].split("=")[1].strip()
|
last_update = dumpsys[2].split("=")[1].strip()
|
||||||
|
|
||||||
self.results.append(dict(
|
self.results.append({
|
||||||
package_name=package_name,
|
"package_name": package_name,
|
||||||
file_name=file_name,
|
"file_name": file_name,
|
||||||
installer=installer,
|
"installer": installer,
|
||||||
timestamp=timestamp,
|
"timestamp": timestamp,
|
||||||
first_install_time=first_install,
|
"first_install_time": first_install,
|
||||||
last_update_time=last_update,
|
"last_update_time": last_update,
|
||||||
uid=uid,
|
"uid": uid,
|
||||||
disabled=False,
|
"disabled": False,
|
||||||
system=False,
|
"system": False,
|
||||||
third_party=False,
|
"third_party": False,
|
||||||
))
|
})
|
||||||
|
|
||||||
cmds = [
|
cmds = [
|
||||||
{"field": "disabled", "arg": "-d"},
|
{"field": "disabled", "arg": "-d"},
|
||||||
|
|
|
||||||
|
|
@ -29,13 +29,13 @@ class Processes(AndroidExtraction):
|
||||||
continue
|
continue
|
||||||
|
|
||||||
fields = line.split()
|
fields = line.split()
|
||||||
proc = dict(
|
proc = {
|
||||||
user=fields[0],
|
"user": fields[0],
|
||||||
pid=fields[1],
|
"pid": fields[1],
|
||||||
parent_pid=fields[2],
|
"parent_pid": fields[2],
|
||||||
vsize=fields[3],
|
"vsize": fields[3],
|
||||||
rss=fields[4],
|
"rss": fields[4],
|
||||||
)
|
}
|
||||||
|
|
||||||
# Sometimes WCHAN is empty, so we need to re-align output fields.
|
# Sometimes WCHAN is empty, so we need to re-align output fields.
|
||||||
if len(fields) == 8:
|
if len(fields) == 8:
|
||||||
|
|
|
||||||
|
|
@ -84,7 +84,7 @@ class SMS(AndroidExtraction):
|
||||||
names = [description[0] for description in cur.description]
|
names = [description[0] for description in cur.description]
|
||||||
|
|
||||||
for item in cur:
|
for item in cur:
|
||||||
message = dict()
|
message = {}
|
||||||
for index, value in enumerate(item):
|
for index, value in enumerate(item):
|
||||||
message[names[index]] = value
|
message[names[index]] = value
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -59,7 +59,7 @@ class Whatsapp(AndroidExtraction):
|
||||||
|
|
||||||
messages = []
|
messages = []
|
||||||
for item in cur:
|
for item in cur:
|
||||||
message = dict()
|
message = {}
|
||||||
for index, value in enumerate(item):
|
for index, value in enumerate(item):
|
||||||
message[names[index]] = value
|
message[names[index]] = value
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -33,11 +33,11 @@ class ConfigurationProfiles(IOSExtraction):
|
||||||
if "SignerCerts" in conf_plist:
|
if "SignerCerts" in conf_plist:
|
||||||
conf_plist["SignerCerts"] = [b64encode(x) for x in conf_plist["SignerCerts"]]
|
conf_plist["SignerCerts"] = [b64encode(x) for x in conf_plist["SignerCerts"]]
|
||||||
|
|
||||||
self.results.append(dict(
|
self.results.append({
|
||||||
file_id=conf_file["file_id"],
|
"file_id": conf_file["file_id"],
|
||||||
relative_path=conf_file["relative_path"],
|
"relative_path": conf_file["relative_path"],
|
||||||
domain=conf_file["domain"],
|
"domain": conf_file["domain"],
|
||||||
plist=conf_plist,
|
"plist": conf_plist,
|
||||||
))
|
})
|
||||||
|
|
||||||
self.log.info("Extracted details about %d configuration profiles", len(self.results))
|
self.log.info("Extracted details about %d configuration profiles", len(self.results))
|
||||||
|
|
|
||||||
|
|
@ -102,7 +102,7 @@ class Manifest(IOSExtraction):
|
||||||
names = [description[0] for description in cur.description]
|
names = [description[0] for description in cur.description]
|
||||||
|
|
||||||
for file_entry in cur:
|
for file_entry in cur:
|
||||||
file_data = dict()
|
file_data = {}
|
||||||
for index, value in enumerate(file_entry):
|
for index, value in enumerate(file_entry):
|
||||||
file_data[names[index]] = value
|
file_data[names[index]] = value
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -58,14 +58,14 @@ class CacheFiles(IOSExtraction):
|
||||||
self.results[key_name] = []
|
self.results[key_name] = []
|
||||||
|
|
||||||
for row in cur:
|
for row in cur:
|
||||||
self.results[key_name].append(dict(
|
self.results[key_name].append({
|
||||||
entry_id=row[0],
|
"entry_id": row[0],
|
||||||
version=row[1],
|
"version": row[1],
|
||||||
hash_value=row[2],
|
"hash_value": row[2],
|
||||||
storage_policy=row[3],
|
"storage_policy": row[3],
|
||||||
url=row[4],
|
"url": row[4],
|
||||||
isodate=row[5],
|
"isodate": row[5],
|
||||||
))
|
})
|
||||||
|
|
||||||
def run(self):
|
def run(self):
|
||||||
self.results = {}
|
self.results = {}
|
||||||
|
|
|
||||||
|
|
@ -57,13 +57,13 @@ class SafariFavicon(IOSExtraction):
|
||||||
|
|
||||||
items = []
|
items = []
|
||||||
for item in cur:
|
for item in cur:
|
||||||
items.append(dict(
|
items.append({
|
||||||
url=item[0],
|
"url": item[0],
|
||||||
icon_url=item[1],
|
"icon_url": item[1],
|
||||||
timestamp=item[2],
|
"timestamp": item[2],
|
||||||
isodate=convert_timestamp_to_iso(convert_mactime_to_unix(item[2])),
|
"isodate": convert_timestamp_to_iso(convert_mactime_to_unix(item[2])),
|
||||||
type="valid",
|
"type": "valid",
|
||||||
))
|
})
|
||||||
|
|
||||||
# Fetch icons from the rejected icons table.
|
# Fetch icons from the rejected icons table.
|
||||||
cur.execute("""SELECT
|
cur.execute("""SELECT
|
||||||
|
|
@ -73,13 +73,13 @@ class SafariFavicon(IOSExtraction):
|
||||||
FROM rejected_resources ORDER BY timestamp;""")
|
FROM rejected_resources ORDER BY timestamp;""")
|
||||||
|
|
||||||
for item in cur:
|
for item in cur:
|
||||||
items.append(dict(
|
items.append({
|
||||||
url=item[0],
|
"url": item[0],
|
||||||
icon_url=item[1],
|
"icon_url": item[1],
|
||||||
timestamp=item[2],
|
"timestamp": item[2],
|
||||||
isodate=convert_timestamp_to_iso(convert_mactime_to_unix(item[2])),
|
"isodate": convert_timestamp_to_iso(convert_mactime_to_unix(item[2])),
|
||||||
type="rejected",
|
"type": "rejected",
|
||||||
))
|
})
|
||||||
|
|
||||||
cur.close()
|
cur.close()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
|
||||||
|
|
@ -34,8 +34,8 @@ class WebkitBase(IOSExtraction):
|
||||||
name = name.replace("https_", "https://")
|
name = name.replace("https_", "https://")
|
||||||
url = name.split("_")[0]
|
url = name.split("_")[0]
|
||||||
|
|
||||||
self.results.append(dict(
|
self.results.append({
|
||||||
folder=key,
|
"folder": key,
|
||||||
url=url,
|
"url": url,
|
||||||
isodate=convert_timestamp_to_iso(datetime.datetime.utcfromtimestamp(os.stat(found_path).st_mtime)),
|
"isodate": convert_timestamp_to_iso(datetime.datetime.utcfromtimestamp(os.stat(found_path).st_mtime)),
|
||||||
))
|
})
|
||||||
|
|
|
||||||
|
|
@ -65,12 +65,12 @@ class ChromeFavicon(IOSExtraction):
|
||||||
items = []
|
items = []
|
||||||
for item in cur:
|
for item in cur:
|
||||||
last_timestamp = int(item[2]) or int(item[3])
|
last_timestamp = int(item[2]) or int(item[3])
|
||||||
items.append(dict(
|
items.append({
|
||||||
url=item[0],
|
"url": item[0],
|
||||||
icon_url=item[1],
|
"icon_url": item[1],
|
||||||
timestamp=last_timestamp,
|
"timestamp": last_timestamp,
|
||||||
isodate=convert_timestamp_to_iso(convert_chrometime_to_unix(last_timestamp)),
|
"isodate": convert_timestamp_to_iso(convert_chrometime_to_unix(last_timestamp)),
|
||||||
))
|
})
|
||||||
|
|
||||||
cur.close()
|
cur.close()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
|
||||||
|
|
@ -63,14 +63,14 @@ class ChromeHistory(IOSExtraction):
|
||||||
""")
|
""")
|
||||||
|
|
||||||
for item in cur:
|
for item in cur:
|
||||||
self.results.append(dict(
|
self.results.append({
|
||||||
id=item[0],
|
"id": item[0],
|
||||||
url=item[1],
|
"url": item[1],
|
||||||
visit_id=item[2],
|
"visit_id": item[2],
|
||||||
timestamp=item[3],
|
"timestamp": item[3],
|
||||||
isodate=convert_timestamp_to_iso(convert_chrometime_to_unix(item[3])),
|
"isodate": convert_timestamp_to_iso(convert_chrometime_to_unix(item[3])),
|
||||||
redirect_source=item[4],
|
"redirect_source": item[4],
|
||||||
))
|
})
|
||||||
|
|
||||||
cur.close()
|
cur.close()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
|
||||||
|
|
@ -40,7 +40,7 @@ class Contacts(IOSExtraction):
|
||||||
names = [description[0] for description in cur.description]
|
names = [description[0] for description in cur.description]
|
||||||
|
|
||||||
for entry in cur:
|
for entry in cur:
|
||||||
new_contact = dict()
|
new_contact = {}
|
||||||
for index, value in enumerate(entry):
|
for index, value in enumerate(entry):
|
||||||
new_contact[names[index]] = value
|
new_contact[names[index]] = value
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -64,16 +64,16 @@ class FirefoxFavicon(IOSExtraction):
|
||||||
""")
|
""")
|
||||||
|
|
||||||
for item in cur:
|
for item in cur:
|
||||||
self.results.append(dict(
|
self.results.append({
|
||||||
id=item[0],
|
"id": item[0],
|
||||||
url=item[1],
|
"url": item[1],
|
||||||
width=item[2],
|
"width": item[2],
|
||||||
height=item[3],
|
"height": item[3],
|
||||||
type=item[4],
|
"type": item[4],
|
||||||
isodate=convert_timestamp_to_iso(datetime.utcfromtimestamp(item[5])),
|
"isodate": convert_timestamp_to_iso(datetime.utcfromtimestamp(item[5])),
|
||||||
history_id=item[6],
|
"history_id": item[6],
|
||||||
history_url=item[7]
|
"history_url": item[7]
|
||||||
))
|
})
|
||||||
|
|
||||||
cur.close()
|
cur.close()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
|
||||||
|
|
@ -62,14 +62,14 @@ class FirefoxHistory(IOSExtraction):
|
||||||
""")
|
""")
|
||||||
|
|
||||||
for item in cur:
|
for item in cur:
|
||||||
self.results.append(dict(
|
self.results.append({
|
||||||
id=item[0],
|
"id": item[0],
|
||||||
isodate=convert_timestamp_to_iso(datetime.utcfromtimestamp(item[1])),
|
"isodate": convert_timestamp_to_iso(datetime.utcfromtimestamp(item[1])),
|
||||||
url=item[2],
|
"url": item[2],
|
||||||
title=item[3],
|
"title": item[3],
|
||||||
i1000000s_local=item[4],
|
"i1000000s_local": item[4],
|
||||||
type=item[5]
|
"type": item[5]
|
||||||
))
|
})
|
||||||
|
|
||||||
cur.close()
|
cur.close()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
|
||||||
|
|
@ -85,19 +85,19 @@ class SafariBrowserState(IOSExtraction):
|
||||||
if "SessionHistoryEntries" in session_data["SessionHistory"]:
|
if "SessionHistoryEntries" in session_data["SessionHistory"]:
|
||||||
for session_entry in session_data["SessionHistory"]["SessionHistoryEntries"]:
|
for session_entry in session_data["SessionHistory"]["SessionHistoryEntries"]:
|
||||||
session_history_count += 1
|
session_history_count += 1
|
||||||
session_entries.append(dict(
|
session_entries.append({
|
||||||
entry_title=session_entry["SessionHistoryEntryOriginalURL"],
|
"entry_title": session_entry["SessionHistoryEntryOriginalURL"],
|
||||||
entry_url=session_entry["SessionHistoryEntryURL"],
|
"entry_url": session_entry["SessionHistoryEntryURL"],
|
||||||
data_length=len(session_entry["SessionHistoryEntryData"]) if "SessionHistoryEntryData" in session_entry else 0,
|
"data_length": len(session_entry["SessionHistoryEntryData"]) if "SessionHistoryEntryData" in session_entry else 0,
|
||||||
))
|
})
|
||||||
|
|
||||||
self.results.append(dict(
|
self.results.append({
|
||||||
tab_title=item[0],
|
"tab_title": item[0],
|
||||||
tab_url=item[1],
|
"tab_url": item[1],
|
||||||
tab_visible_url=item[2],
|
"tab_visible_url": item[2],
|
||||||
last_viewed_timestamp=convert_timestamp_to_iso(convert_mactime_to_unix(item[3])),
|
"last_viewed_timestamp": convert_timestamp_to_iso(convert_mactime_to_unix(item[3])),
|
||||||
session_data=session_entries,
|
"session_data": session_entries,
|
||||||
))
|
})
|
||||||
|
|
||||||
self.log.info("Extracted a total of %d tab records and %d session history entries",
|
self.log.info("Extracted a total of %d tab records and %d session history entries",
|
||||||
len(self.results), session_history_count)
|
len(self.results), session_history_count)
|
||||||
|
|
|
||||||
|
|
@ -102,15 +102,15 @@ class SafariHistory(IOSExtraction):
|
||||||
|
|
||||||
items = []
|
items = []
|
||||||
for item in cur:
|
for item in cur:
|
||||||
items.append(dict(
|
items.append({
|
||||||
id=item[0],
|
"id": item[0],
|
||||||
url=item[1],
|
"url": item[1],
|
||||||
visit_id=item[2],
|
"visit_id": item[2],
|
||||||
timestamp=item[3],
|
"timestamp": item[3],
|
||||||
isodate=convert_timestamp_to_iso(convert_mactime_to_unix(item[3])),
|
"isodate": convert_timestamp_to_iso(convert_mactime_to_unix(item[3])),
|
||||||
redirect_source=item[4],
|
"redirect_source": item[4],
|
||||||
redirect_destination=item[5]
|
"redirect_destination": item[5]
|
||||||
))
|
})
|
||||||
|
|
||||||
cur.close()
|
cur.close()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
|
||||||
|
|
@ -64,7 +64,7 @@ class SMS(IOSExtraction):
|
||||||
names = [description[0] for description in cur.description]
|
names = [description[0] for description in cur.description]
|
||||||
|
|
||||||
for item in cur:
|
for item in cur:
|
||||||
message = dict()
|
message = {}
|
||||||
for index, value in enumerate(item):
|
for index, value in enumerate(item):
|
||||||
# We base64 escape some of the attributes that could contain
|
# We base64 escape some of the attributes that could contain
|
||||||
# binary data.
|
# binary data.
|
||||||
|
|
|
||||||
|
|
@ -44,16 +44,16 @@ class WebkitSessionResourceLog(IOSExtraction):
|
||||||
browsing_stats = file_plist["browsingStatistics"]
|
browsing_stats = file_plist["browsingStatistics"]
|
||||||
|
|
||||||
for item in browsing_stats:
|
for item in browsing_stats:
|
||||||
items.append(dict(
|
items.append({
|
||||||
origin=item.get("PrevalentResourceOrigin", ""),
|
"origin": item.get("PrevalentResourceOrigin", ""),
|
||||||
redirect_source=item.get("topFrameUniqueRedirectsFrom", ""),
|
"redirect_source": item.get("topFrameUniqueRedirectsFrom", ""),
|
||||||
redirect_destination=item.get("topFrameUniqueRedirectsTo", ""),
|
"redirect_destination": item.get("topFrameUniqueRedirectsTo", ""),
|
||||||
subframe_under_origin=item.get("subframeUnderTopFrameOrigins", ""),
|
"subframe_under_origin": item.get("subframeUnderTopFrameOrigins", ""),
|
||||||
subresource_under_origin=item.get("subresourceUnderTopFrameOrigins", ""),
|
"subresource_under_origin": item.get("subresourceUnderTopFrameOrigins", ""),
|
||||||
user_interaction=item.get("hadUserInteraction"),
|
"user_interaction": item.get("hadUserInteraction"),
|
||||||
most_recent_interaction=convert_timestamp_to_iso(item["mostRecentUserInteraction"]),
|
"most_recent_interaction": convert_timestamp_to_iso(item["mostRecentUserInteraction"]),
|
||||||
last_seen=convert_timestamp_to_iso(item["lastSeen"]),
|
"last_seen": convert_timestamp_to_iso(item["lastSeen"]),
|
||||||
))
|
})
|
||||||
|
|
||||||
return items
|
return items
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -61,7 +61,7 @@ class Whatsapp(IOSExtraction):
|
||||||
names = [description[0] for description in cur.description]
|
names = [description[0] for description in cur.description]
|
||||||
|
|
||||||
for message in cur:
|
for message in cur:
|
||||||
new_message = dict()
|
new_message = {}
|
||||||
for index, value in enumerate(message):
|
for index, value in enumerate(message):
|
||||||
new_message[names[index]] = value
|
new_message[names[index]] = value
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -55,20 +55,20 @@ class NetBase(IOSExtraction):
|
||||||
else:
|
else:
|
||||||
live_timestamp = ""
|
live_timestamp = ""
|
||||||
|
|
||||||
items.append(dict(
|
items.append({
|
||||||
first_isodate=first_isodate,
|
"first_isodate": first_isodate,
|
||||||
isodate=isodate,
|
"isodate": isodate,
|
||||||
proc_name=item[2],
|
"proc_name": item[2],
|
||||||
bundle_id=item[3],
|
"bundle_id": item[3],
|
||||||
proc_id=item[4],
|
"proc_id": item[4],
|
||||||
wifi_in=item[5],
|
"wifi_in": item[5],
|
||||||
wifi_out=item[6],
|
"wifi_out": item[6],
|
||||||
wwan_in=item[7],
|
"wwan_in": item[7],
|
||||||
wwan_out=item[8],
|
"wwan_out": item[8],
|
||||||
live_id=item[9],
|
"live_id": item[9],
|
||||||
live_proc_id=item[10],
|
"live_proc_id": item[10],
|
||||||
live_isodate=live_timestamp,
|
"live_isodate": live_timestamp,
|
||||||
))
|
})
|
||||||
|
|
||||||
cur.close()
|
cur.close()
|
||||||
conn.close()
|
conn.close()
|
||||||
|
|
@ -104,6 +104,7 @@ class NetBase(IOSExtraction):
|
||||||
"data": record_data,
|
"data": record_data,
|
||||||
}
|
}
|
||||||
])
|
])
|
||||||
|
|
||||||
return records
|
return records
|
||||||
|
|
||||||
def _find_suspicious_processes(self):
|
def _find_suspicious_processes(self):
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user