Nex
b94ba28873
Supporting loading from extracted folder
2022-02-02 16:10:12 +01:00
Nex
564efc3629
Sorted imports
2022-02-02 15:49:24 +01:00
Nex
9c62e6e4d6
Added Packages module
2022-02-02 15:47:55 +01:00
Nex
153f6cce02
Returning stix2 file name with iocs as well
2022-02-02 14:57:32 +01:00
Nex
47f9a0104c
Added a break for speed
2022-02-02 14:54:40 +01:00
Nex
bdad23feee
Refactored indicators to support multiple malware/collections per stix2 file
2022-02-02 14:53:26 +01:00
Nex
e2936c3d33
Added new check-bugreport command and modules
2022-02-02 00:09:53 +01:00
Nex
3483ca1584
Package dumpsys parsing as static method
2022-02-01 21:45:26 +01:00
Nex
7b107edf1f
Bumped version
2022-02-01 17:54:01 +01:00
Nex
b97ce7651a
Fixed missing checks for indicators instance (ref: #245 )
2022-02-01 17:48:19 +01:00
Nex
52a204cab6
Obtaining permissions for installed packages
2022-02-01 15:33:19 +01:00
Nex
1b335fda1d
Renamed function argument to more descriptive
2022-02-01 15:07:43 +01:00
Nex
2ad175eae2
Renamed package to package_name for consistency
2022-02-01 14:27:00 +01:00
Nex
2d00dca5bd
Bumped version
2022-02-01 12:46:31 +01:00
Nex
434738a306
Better regexp formatting
2022-01-31 13:05:03 +01:00
Nex
06cd640c5e
Using static methods
2022-01-31 12:58:33 +01:00
Nex
fb8a7ca104
Enforce consistency in Android modules
2022-01-31 11:30:49 +01:00
Nex
8d15ff58dd
Renamed matched field name to singular
2022-01-30 20:29:09 +01:00
Nex
eb5f07a75d
Updated copyright notice
2022-01-30 20:15:01 +01:00
Nex
ececf1a6b2
Added module to extract db queries
2022-01-30 19:43:09 +01:00
Nex
851cd52602
Ordering and clean-up
2022-01-30 16:41:32 +01:00
Nex
8db04fc991
Added module to parse battery daily stats package updates
2022-01-30 16:02:24 +01:00
Nex
3d0ba56e1f
Fixed parsing of wake events
2022-01-30 15:20:03 +01:00
Nex
c48a4e8f50
Fixed variable name
2022-01-30 04:12:19 +01:00
Nex
001c2998a5
Removed unnecessary newlines
2022-01-30 04:11:46 +01:00
Nex
5e7c5727af
Added check for indicators to dumpsys modules
2022-01-30 04:08:48 +01:00
Nex
883fbaeb88
Parsing records from accessibility and battery history
2022-01-30 03:44:41 +01:00
Nex
6f0012cede
Removed modules which are only duplicated outputs from dumpsys full
2022-01-30 03:39:26 +01:00
Nex
458e80ccbb
Adding module to process battery history
2022-01-30 03:34:16 +01:00
Nex
c8185fdbd8
Small code clean-ups
2022-01-29 15:13:35 +01:00
Yallxe
43b1612dfe
Set utf-8 as an encoding for open()
...
Not every system uses 'utf-8' as a default encoding for opening files in Python.
Before you say that there must be a way to set default encoding in one line, no, there is not. At least, I didn't found a way to do this.
2022-01-29 12:18:18 +01:00
Nex
49e34f6299
Better parsing of dumpsys package and added parsing of Activities too
2022-01-29 03:50:33 +01:00
Nex
d88a66dd54
Fixed typo
2022-01-29 01:13:52 +01:00
Nex
d3ed778ae4
Fixed comment stylling
2022-01-29 01:13:29 +01:00
tek
4c3306c272
Separate receivers parsing in DumpsysReceivers
2022-01-29 01:06:32 +01:00
Nex
1c912f68fe
Bumped version
2022-01-28 22:25:41 +01:00
Nex
10a640d3f7
Temporary disabing VirusTotal lookup because of API issues
2022-01-28 22:25:21 +01:00
Nex
c3acc95e9e
Bumped version
2022-01-28 20:08:14 +01:00
Nex
90d05336da
Added check for additional outgoing call event
2022-01-28 17:21:28 +01:00
Nex
5513e6e9e3
Ordered imports
2022-01-28 16:36:24 +01:00
Nex
38116f8405
Catching device not found exception
2022-01-28 15:47:50 +01:00
Nex
59b069f006
Added lookups for non-system packages on check-adb too
2022-01-28 12:25:50 +01:00
Nex
28e1348aa7
Added check-iocs command to mvt-android
2022-01-27 18:23:19 +01:00
Nex
034338d1f4
Added iOS 15.3
2022-01-27 17:04:48 +01:00
Nex
09d5eabf2f
Changing check logic for Android settings
2022-01-27 15:24:17 +01:00
Nex
a425d6c511
Added missing comma and ordered imports
2022-01-27 14:56:02 +01:00
Nex
f8897a4f8c
Added more dangerous settings
2022-01-27 14:54:31 +01:00
Nex
86eae68bdb
Added Android settings module
2022-01-27 13:33:06 +01:00
Nex
d2bf348b03
Merge branch 'main' of github.com:mvt-project/mvt
2022-01-27 12:51:14 +01:00
Nex
25c6c03075
Added Getprop module and cleaned Files and Packages Android modules
2022-01-27 12:50:37 +01:00
tek
cf88740f6a
Fixes bugs in SafariBrowserState module and add tests
2022-01-26 14:50:34 +01:00
tek
eb4810b0ad
Fixes bug in parsing of configuration profiles
2022-01-25 20:32:27 +01:00
Nex
cce9159eda
Adding indicator to matched results
2022-01-23 15:01:49 +01:00
Nex
e1211991aa
Bumped version
2022-01-23 14:17:43 +01:00
Nex
8ae9ca328c
Added log line at the end to highlight number of detections
2022-01-21 16:50:32 +01:00
Nex
0e2eb51732
Fixed checking of indicators in filesystem module
2022-01-21 16:30:34 +01:00
Nex
b35cd4bc73
Added support for context-aware indicators.
...
This way when a detection is logged, the user can know which STIX2
file was matched by the module
2022-01-21 16:26:58 +01:00
Nex
1b4f99a31d
Trying to catch missing argument error (ref: #211 )
2022-01-21 12:20:22 +01:00
tek
e4e1716729
Bumped version
2022-01-20 15:28:42 +01:00
tek
083bc12351
Merge branch 'feature/check-file-path'
2022-01-20 15:19:37 +01:00
tek
95205d8e17
Adds indicators check to iOS TCC module
2022-01-18 17:12:20 +01:00
Nex
a6fd5fe1f3
Bumped version
2022-01-18 16:06:14 +01:00
Nex
3e0ef20fcd
.
2022-01-18 16:05:01 +01:00
Donncha Ó Cearbhaill
6fcd40f6b6
Fix use of global list instance as self.results variable
2022-01-18 15:53:05 +01:00
tek
38bb583a9e
Improves management of file path indicators
2022-01-18 15:50:31 +01:00
Donncha Ó Cearbhaill
48ec2d8fa8
Merge branch 'main' into tests
2022-01-18 15:30:40 +01:00
tek
798805c583
Improves Shortcut output
2022-01-18 13:06:35 +01:00
Nex
24be9e9570
Use default list of indicators files now that some default ones are automatically loaded
2022-01-14 16:26:14 +01:00
Nex
adbd95c559
Dots
2022-01-14 02:01:59 +01:00
Nex
8a707c288a
Bumped version
2022-01-14 01:53:10 +01:00
Nex
4c906ad52e
Renamed download iocs function
2022-01-14 01:52:57 +01:00
Nex
a2f8030cce
Added new iOS versions
2022-01-14 01:41:48 +01:00
Nex
737007afdb
Bumped version
2022-01-12 16:18:13 +01:00
Nex
33efeda90a
Added TODO note
2022-01-12 16:10:15 +01:00
Nex
146f2ae57d
Renaming check function for consistency
2022-01-12 16:02:13 +01:00
Nex
11bc916854
Sorted imports
2022-01-11 16:02:44 +01:00
Nex
3084876f31
Removing unused imports, fixing conditions, new lines
2022-01-11 16:02:01 +01:00
Nex
f63cb585b2
Shortened command to download-iocs
2022-01-11 15:59:01 +01:00
Nex
637aebcd89
Small cleanup
2022-01-11 15:53:10 +01:00
Nex
16a0de3af4
Added new module to highlight installed accessibility services
2022-01-11 15:16:26 +01:00
tek
15fbedccc9
Fixes a minor bug in WebkitResourceLoadStatistics
2022-01-10 18:09:31 +01:00
tek
e0514b20dd
Catches exception in Shortcuts module if the table does not exist
2022-01-10 16:58:12 +01:00
Donncha Ó Cearbhaill
54963b0b59
Update test PR to work with latest code, fix flake8
2022-01-07 17:03:53 +01:00
tek
28d57e7178
Add command to download latest public indicators
...
Squashed commit of the following:
commit c0d9e8d5d188c13e7e5ec0612e99bfb7e25f47d4
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 16:05:12 2022 +0100
Update name of indicators JSON file
commit f719e49c5f942cef64931ecf422b6a6e7b8c9f17
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 15:38:03 2022 +0100
Do not set indicators option on module if no indicators were loaded
commit a289eb8de936f7d74c6c787cbb8daf5c5bec015c
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 14:43:00 2022 +0100
Simplify code for loading IoCs
commit 0804563415ee80d76c13d3b38ffe639fa14caa14
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 13:43:47 2022 +0100
Add metadata to IoC entries
commit 97d0e893c1a0736c4931363ff40f09a030b90cf6
Author: tek <tek@randhome.io>
Date: Fri Dec 17 16:43:09 2021 +0100
Implements automated loading of indicators
commit c381e14df92ae4d7d846a1c97bcf6639cc526082
Author: tek <tek@randhome.io>
Date: Fri Dec 17 12:41:15 2021 +0100
Improves download-indicators
commit b938e02ddfd0b916fd883f510b467491a4a84e5f
Author: tek <tek@randhome.io>
Date: Fri Dec 17 01:44:26 2021 +0100
Adds download-indicators for mvt-ios and mvt-android
2022-01-07 16:38:04 +01:00
Nicolai Søborg
c282d4341d
Bump adb read timeout
...
Some adb commands (like `dumpsys`) are very slow and the default timeout is "only" 10s.
A timeout of 200 seconds is chosen completely at random - works on my phone 🤷
Fixes https://github.com/mvt-project/mvt/issues/113
Fixes https://github.com/mvt-project/mvt/issues/228
2021-12-28 13:56:04 +01:00
tek
681bae2f66
Bump version to v1.4.1
2021-12-27 16:19:25 +01:00
tek
82b57f1997
Fixes IOC issue in android CLI
2021-12-22 00:19:16 +01:00
Donncha Ó Cearbhaill
8f88f872df
Bump to 1.4.0 to skip previously used PyPi versions
2021-12-17 12:52:06 +01:00
Donncha Ó Cearbhaill
2d16218489
Bump version to v1.3.2
2021-12-17 12:24:41 +01:00
Donncha Ó Cearbhaill
3215e797ec
Bug fixes for config profile and shortcut module
2021-12-16 22:58:36 +01:00
Donncha Ó Cearbhaill
e80c02451c
Bump version to 1.3.1. Skipping 1.3 as a tag already exists
2021-12-16 19:27:58 +01:00
Donncha Ó Cearbhaill
5df50f864c
Merge branch 'main' into main
2021-12-16 19:21:18 +01:00
Donncha Ó Cearbhaill
45b31bb718
Add support for indentifying known malicious file paths over ADB
2021-12-16 19:16:24 +01:00
Donncha Ó Cearbhaill
e10f1767e6
Update WhatsApp module to search for links in attachments
2021-12-16 18:46:31 +01:00
tek
d64277c0bf
Adds missing iOS version
2021-12-16 18:39:22 +01:00
Donncha Ó Cearbhaill
3f3261511a
Add module to search for known malicious or suspicious configuration profiles
2021-12-16 17:57:26 +01:00
Donncha Ó Cearbhaill
4cfe75e2d4
Add module to parse iOS Shortcuts and search for malicious actions
2021-12-16 17:47:08 +01:00
tek
cdd90332f7
Adds timeline support to TCC iOS module
2021-12-16 13:57:44 +01:00
tek
d9b29b3739
Fixes indicator issue in the android cli
2021-12-16 12:51:57 +01:00
tek
79bb7d1d4b
Fixes indiator parsing bug
2021-12-13 18:37:05 +01:00
tek
a653cb3cfc
Implements loading STIX files from env variable MVT_STIX2
2021-12-10 16:11:59 +01:00
tek
b25cc48be0
Fixes issue in Safari Browser State for older iOS versions
2021-12-06 15:04:52 +01:00
tek
40bd9ddc1d
Fixes issue with different TCC database versions
2021-12-03 20:31:12 +01:00
Tek
deb95297da
Merge pull request #219 from workingreact/main
...
Fix ConfigurationProfiles
2021-12-03 19:56:43 +01:00
tek
02014b414b
Add warning for apple notification
2021-12-03 19:42:35 +01:00
tek
7dd5fe7831
Catch and recover malformed SMS database
2021-12-03 17:46:41 +01:00
workingreact
11d1a3dcee
fix typo
2021-12-02 18:31:07 +01:00
workingreact
74f9db2bf2
fix ConfigurationProfiles
2021-12-02 16:55:14 +01:00
tek
356bddc3af
Adds new iOS versions
2021-11-28 17:43:50 +01:00
Nex
512f40dcb4
Standardized code with flake8
2021-11-19 15:27:51 +01:00
Nex
b3a464ba58
Removed unused imports
2021-11-19 14:54:53 +01:00
Nex
529df85f0f
Sorted imports
2021-11-04 12:58:35 +01:00
panelmix
34c997f923
Replace NetworkingAnalytics with Analytics
2021-11-02 13:29:12 +01:00
Nex
02bf903411
Bumped version
2021-10-30 13:40:25 +02:00
Nex
7019375767
Merge pull request #210 from hurtcrushing/main
...
Search for entries in ZPROCESS but not in ZLIVEUSAGE
2021-10-27 14:22:40 +02:00
Nex
34dd27c5d2
Added iPhone 13
2021-10-26 18:33:07 +02:00
Nex
a4d6a08a8b
Added iOS 15.1
2021-10-26 18:09:31 +02:00
hurtcrushing
635d3a392d
change warning to info
2021-10-25 14:54:03 +02:00
hurtcrushing
2d78bddbba
Search for entries in ZPROCESS but not in ZLIVEUSAGE
2021-10-25 14:34:18 +02:00
Nex
6d8de5b461
Bumped version
2021-10-23 13:51:44 +02:00
tek
e0c9a44b10
Merge branch 'main' of github.com:mvt-project/mvt
2021-10-21 21:17:31 +02:00
tek
ef8c1ae895
Adds recent iOS versions
2021-10-21 21:17:09 +02:00
Nex
3165801e2b
Bumped version
2021-10-18 13:40:30 +02:00
Nex
f8e380baa1
Minor style fixes
2021-10-18 12:51:20 +02:00
Nex
35559b09a8
Merge pull request #206 from colossalzippy/main
...
improve Filesystem module
2021-10-18 12:48:58 +02:00
colossalzippy
f601db2174
improve Filesystem
2021-10-15 14:58:50 +02:00
witchbuild
3ce9641c23
add NetworkingAnalytics
2021-10-15 11:53:06 +02:00
Nex
9be393e3f6
Bumped version
2021-10-14 19:59:09 +02:00
Nex
169f5fbc26
Pyment to reST
2021-10-12 18:06:58 +02:00
vin01
40b0da9885
Specify public key for PythonRSASigner
2021-10-08 21:36:49 +02:00
tek
94a8d9dd91
Fixes bug in adb handling
2021-09-29 18:16:33 +02:00
tek
963d3db51a
Fixes a bug in android packages module
2021-09-29 17:59:50 +02:00
Nex
660e208473
Bumped version
2021-09-28 15:40:26 +02:00
Nex
01e68ccc6a
Fixed dict decl
2021-09-28 12:45:15 +02:00
Nex
fba0fa1f2c
Removed newline
2021-09-28 12:44:15 +02:00
Nex
8fcc79ebfa
Adapted for better support
2021-09-28 12:42:57 +02:00
Nex
423462395a
Merge branch 'main' of https://github.com/pungentsneak/mvt into pungentsneak-main
2021-09-28 12:33:14 +02:00
Nex
1f08572a6a
Bumped version
2021-09-22 17:32:22 +02:00
Nex
94e3c0ce7b
Added iOS 15.0
2021-09-22 17:27:29 +02:00
pungentsneak
904daad935
add ShutdownLog
2021-09-22 13:24:17 +02:00
Nex
60a17381a2
Standardized code
2021-09-21 22:27:35 +02:00
tek
ef2bb93dc4
Adds indicator check for android package name and file hash
2021-09-21 19:43:02 +02:00
Nex
f68b7e7089
Pull file hashes fom Packages module directly
2021-09-20 19:15:39 +02:00
Nex
a22241ec32
Added version commands
2021-09-17 14:19:03 +02:00
Nex
8ad1bc7a2b
Bumped version
2021-09-16 10:45:26 +02:00
Nex
75b5b296a5
Added check for indicators ( closes : #189 )
2021-09-16 10:44:39 +02:00
Nex
f1d039346d
Bumped version
2021-09-14 14:33:17 +02:00
Nex
ccdfd92d4a
Merge branch 'dozenfossil-main'
2021-09-14 14:29:21 +02:00
Nex
032b229eb8
Minor changes for consistency
2021-09-14 14:29:04 +02:00
Nex
93936976c7
Merge branch 'main' of https://github.com/dozenfossil/mvt into dozenfossil-main
2021-09-14 14:26:37 +02:00