mirror of
https://github.com/mvt-project/mvt.git
synced 2024-06-28 23:28:55 +00:00
Merge branch 'dozenfossil-main'
This commit is contained in:
commit
ccdfd92d4a
|
@ -51,12 +51,8 @@ class IDStatusCache(IOSExtraction):
|
||||||
result.get("user"))
|
result.get("user"))
|
||||||
self.detected.append(result)
|
self.detected.append(result)
|
||||||
|
|
||||||
def run(self):
|
def _extract_idstatuscache_entries(self, file_path):
|
||||||
self._find_ios_database(backup_ids=IDSTATUSCACHE_BACKUP_IDS,
|
with open(file_path, "rb") as handle:
|
||||||
root_paths=IDSTATUSCACHE_ROOT_PATHS)
|
|
||||||
self.log.info("Found IDStatusCache plist at path: %s", self.file_path)
|
|
||||||
|
|
||||||
with open(self.file_path, "rb") as handle:
|
|
||||||
file_plist = plistlib.load(handle)
|
file_plist = plistlib.load(handle)
|
||||||
|
|
||||||
id_status_cache_entries = []
|
id_status_cache_entries = []
|
||||||
|
@ -84,4 +80,16 @@ class IDStatusCache(IOSExtraction):
|
||||||
entry["occurrences"] = entry_counter[entry["user"]]
|
entry["occurrences"] = entry_counter[entry["user"]]
|
||||||
self.results.append(entry)
|
self.results.append(entry)
|
||||||
|
|
||||||
|
def run(self):
|
||||||
|
|
||||||
|
if self.is_backup:
|
||||||
|
self._find_ios_database(backup_ids=IDSTATUSCACHE_BACKUP_IDS)
|
||||||
|
self.log.info("Found IDStatusCache plist at path: %s", self.file_path)
|
||||||
|
self._extract_idstatuscache_entries(self.file_path)
|
||||||
|
elif self.is_fs_dump:
|
||||||
|
for idstatuscache_path in self._get_fs_files_from_patterns(IDSTATUSCACHE_ROOT_PATHS):
|
||||||
|
self.file_path = idstatuscache_path
|
||||||
|
self.log.info("Found IDStatusCache plist at path: %s", self.file_path)
|
||||||
|
self._extract_idstatuscache_entries(self.file_path)
|
||||||
|
|
||||||
self.log.info("Extracted a total of %d ID Status Cache entries", len(self.results))
|
self.log.info("Extracted a total of %d ID Status Cache entries", len(self.results))
|
||||||
|
|
|
@ -59,12 +59,8 @@ class LocationdClients(IOSExtraction):
|
||||||
if self.indicators.check_process(proc_name):
|
if self.indicators.check_process(proc_name):
|
||||||
self.detected.append(result)
|
self.detected.append(result)
|
||||||
|
|
||||||
def run(self):
|
def _extract_locationd_entries(self, file_path):
|
||||||
self._find_ios_database(backup_ids=LOCATIOND_BACKUP_IDS,
|
with open(file_path, "rb") as handle:
|
||||||
root_paths=LOCATIOND_ROOT_PATHS)
|
|
||||||
self.log.info("Found Locationd Clients plist at path: %s", self.file_path)
|
|
||||||
|
|
||||||
with open(self.file_path, "rb") as handle:
|
|
||||||
file_plist = plistlib.load(handle)
|
file_plist = plistlib.load(handle)
|
||||||
|
|
||||||
for key, values in file_plist.items():
|
for key, values in file_plist.items():
|
||||||
|
@ -76,4 +72,16 @@ class LocationdClients(IOSExtraction):
|
||||||
|
|
||||||
self.results.append(result)
|
self.results.append(result)
|
||||||
|
|
||||||
|
def run(self):
|
||||||
|
|
||||||
|
if self.is_backup:
|
||||||
|
self._find_ios_database(backup_ids=LOCATIOND_BACKUP_IDS)
|
||||||
|
self.log.info("Found Locationd Clients plist at path: %s", self.file_path)
|
||||||
|
self._extract_locationd_entries(self.file_path)
|
||||||
|
elif self.is_fs_dump:
|
||||||
|
for locationd_path in self._get_fs_files_from_patterns(LOCATIOND_ROOT_PATHS):
|
||||||
|
self.file_path = locationd_path
|
||||||
|
self.log.info("Found Locationd Clients plist at path: %s", self.file_path)
|
||||||
|
self._extract_locationd_entries(self.file_path)
|
||||||
|
|
||||||
self.log.info("Extracted a total of %d Locationd Clients entries", len(self.results))
|
self.log.info("Extracted a total of %d Locationd Clients entries", len(self.results))
|
||||||
|
|
|
@ -13,9 +13,6 @@ from mvt.common.utils import (convert_mactime_to_unix,
|
||||||
|
|
||||||
from ..base import IOSExtraction
|
from ..base import IOSExtraction
|
||||||
|
|
||||||
SAFARI_BROWSER_STATE_BACKUP_IDS = [
|
|
||||||
"3a47b0981ed7c10f3e2800aa66bac96a3b5db28e",
|
|
||||||
]
|
|
||||||
SAFARI_BROWSER_STATE_BACKUP_RELPATH = "Library/Safari/BrowserState.db"
|
SAFARI_BROWSER_STATE_BACKUP_RELPATH = "Library/Safari/BrowserState.db"
|
||||||
SAFARI_BROWSER_STATE_ROOT_PATHS = [
|
SAFARI_BROWSER_STATE_ROOT_PATHS = [
|
||||||
"private/var/mobile/Library/Safari/BrowserState.db",
|
"private/var/mobile/Library/Safari/BrowserState.db",
|
||||||
|
@ -101,12 +98,17 @@ class SafariBrowserState(IOSExtraction):
|
||||||
})
|
})
|
||||||
|
|
||||||
def run(self):
|
def run(self):
|
||||||
# TODO: Is there really only one BrowserState.db in a device?
|
|
||||||
self._find_ios_database(backup_ids=SAFARI_BROWSER_STATE_BACKUP_IDS,
|
|
||||||
root_paths=SAFARI_BROWSER_STATE_ROOT_PATHS)
|
|
||||||
self.log.info("Found Safari browser state database at path: %s", self.file_path)
|
|
||||||
|
|
||||||
self._process_browser_state_db(self.file_path)
|
if self.is_backup:
|
||||||
|
for backup_file in self._get_backup_files_from_manifest(relative_path=SAFARI_BROWSER_STATE_BACKUP_RELPATH):
|
||||||
|
self.file_path = self._get_backup_file_from_id(backup_file["file_id"])
|
||||||
|
self.log.info("Found Safari browser state database at path: %s", self.file_path)
|
||||||
|
self._process_browser_state_db(self.file_path)
|
||||||
|
elif self.is_fs_dump:
|
||||||
|
for safari_browserstate_path in self._get_fs_files_from_patterns(SAFARI_BROWSER_STATE_ROOT_PATHS):
|
||||||
|
self.file_path = safari_browserstate_path
|
||||||
|
self.log.info("Found Safari browser state database at path: %s", self.file_path)
|
||||||
|
self._process_browser_state_db(self.file_path)
|
||||||
|
|
||||||
self.log.info("Extracted a total of %d tab records and %d session history entries",
|
self.log.info("Extracted a total of %d tab records and %d session history entries",
|
||||||
len(self.results), self._session_history_count)
|
len(self.results), self._session_history_count)
|
||||||
|
|
Loading…
Reference in New Issue
Block a user