crt0mega
/
mvt
mirror of https://github.com/mvt-project/mvt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
612 Commits 22 Branches 67 Tags 6 MiB
Commit Graph

412 Commits

Author SHA1 Message Date
Nex b94ba28873 Supporting loading from extracted folder 2022-02-02 16:10:12 +01:00
Nex 564efc3629 Sorted imports 2022-02-02 15:49:24 +01:00
Nex 9c62e6e4d6 Added Packages module 2022-02-02 15:47:55 +01:00
Nex 153f6cce02 Returning stix2 file name with iocs as well 2022-02-02 14:57:32 +01:00
Nex 47f9a0104c Added a break for speed 2022-02-02 14:54:40 +01:00
Nex bdad23feee Refactored indicators to support multiple malware/collections per stix2 file 2022-02-02 14:53:26 +01:00
Nex e2936c3d33 Added new check-bugreport command and modules 2022-02-02 00:09:53 +01:00
Nex 3483ca1584 Package dumpsys parsing as static method 2022-02-01 21:45:26 +01:00
Nex 7b107edf1f Bumped version 2022-02-01 17:54:01 +01:00
Nex b97ce7651a Fixed missing checks for indicators instance (ref: #245) 2022-02-01 17:48:19 +01:00
Nex 52a204cab6 Obtaining permissions for installed packages 2022-02-01 15:33:19 +01:00
Nex 1b335fda1d Renamed function argument to more descriptive 2022-02-01 15:07:43 +01:00
Nex 2ad175eae2 Renamed package to package_name for consistency 2022-02-01 14:27:00 +01:00
Nex 2d00dca5bd Bumped version 2022-02-01 12:46:31 +01:00
Nex 434738a306 Better regexp formatting 2022-01-31 13:05:03 +01:00
Nex 06cd640c5e Using static methods 2022-01-31 12:58:33 +01:00
Nex fb8a7ca104 Enforce consistency in Android modules 2022-01-31 11:30:49 +01:00
Nex 8d15ff58dd Renamed matched field name to singular 2022-01-30 20:29:09 +01:00
Nex eb5f07a75d Updated copyright notice 2022-01-30 20:15:01 +01:00
Nex ececf1a6b2 Added module to extract db queries 2022-01-30 19:43:09 +01:00
Nex 851cd52602 Ordering and clean-up 2022-01-30 16:41:32 +01:00
Nex 8db04fc991 Added module to parse battery daily stats package updates 2022-01-30 16:02:24 +01:00
Nex 3d0ba56e1f Fixed parsing of wake events 2022-01-30 15:20:03 +01:00
Nex c48a4e8f50 Fixed variable name 2022-01-30 04:12:19 +01:00
Nex 001c2998a5 Removed unnecessary newlines 2022-01-30 04:11:46 +01:00
Nex 5e7c5727af Added check for indicators to dumpsys modules 2022-01-30 04:08:48 +01:00
Nex 883fbaeb88 Parsing records from accessibility and battery history 2022-01-30 03:44:41 +01:00
Nex 6f0012cede Removed modules which are only duplicated outputs from dumpsys full 2022-01-30 03:39:26 +01:00
Nex 458e80ccbb Adding module to process battery history 2022-01-30 03:34:16 +01:00
Nex c8185fdbd8 Small code clean-ups 2022-01-29 15:13:35 +01:00
Yallxe 43b1612dfe Set utf-8 as an encoding for open() 
Not every system uses 'utf-8' as a default encoding for opening files in Python.

Before you say that there must be a way to set default encoding in one line, no, there is not. At least, I didn't found a way to do this.
 2022-01-29 12:18:18 +01:00
Nex 49e34f6299 Better parsing of dumpsys package and added parsing of Activities too 2022-01-29 03:50:33 +01:00
Nex d88a66dd54 Fixed typo 2022-01-29 01:13:52 +01:00
Nex d3ed778ae4 Fixed comment stylling 2022-01-29 01:13:29 +01:00
tek 4c3306c272 Separate receivers parsing in DumpsysReceivers 2022-01-29 01:06:32 +01:00
Nex 1c912f68fe Bumped version 2022-01-28 22:25:41 +01:00
Nex 10a640d3f7 Temporary disabing VirusTotal lookup because of API issues 2022-01-28 22:25:21 +01:00
Nex c3acc95e9e Bumped version 2022-01-28 20:08:14 +01:00
Nex 90d05336da Added check for additional outgoing call event 2022-01-28 17:21:28 +01:00
Nex 5513e6e9e3 Ordered imports 2022-01-28 16:36:24 +01:00
Nex 38116f8405 Catching device not found exception 2022-01-28 15:47:50 +01:00
Nex 59b069f006 Added lookups for non-system packages on check-adb too 2022-01-28 12:25:50 +01:00
Nex 28e1348aa7 Added check-iocs command to mvt-android 2022-01-27 18:23:19 +01:00
Nex 034338d1f4 Added iOS 15.3 2022-01-27 17:04:48 +01:00
Nex 09d5eabf2f Changing check logic for Android settings 2022-01-27 15:24:17 +01:00
Nex a425d6c511 Added missing comma and ordered imports 2022-01-27 14:56:02 +01:00
Nex f8897a4f8c Added more dangerous settings 2022-01-27 14:54:31 +01:00
Nex 86eae68bdb Added Android settings module 2022-01-27 13:33:06 +01:00
Nex d2bf348b03 Merge branch 'main' of github.com:mvt-project/mvt 2022-01-27 12:51:14 +01:00
Nex 25c6c03075 Added Getprop module and cleaned Files and Packages Android modules 2022-01-27 12:50:37 +01:00
tek cf88740f6a Fixes bugs in SafariBrowserState module and add tests 2022-01-26 14:50:34 +01:00
tek eb4810b0ad Fixes bug in parsing of configuration profiles 2022-01-25 20:32:27 +01:00
Nex cce9159eda Adding indicator to matched results 2022-01-23 15:01:49 +01:00
Nex e1211991aa Bumped version 2022-01-23 14:17:43 +01:00
Nex 8ae9ca328c Added log line at the end to highlight number of detections 2022-01-21 16:50:32 +01:00
Nex 0e2eb51732 Fixed checking of indicators in filesystem module 2022-01-21 16:30:34 +01:00
Nex b35cd4bc73 Added support for context-aware indicators. 
This way when a detection is logged, the user can know which STIX2
file was matched by the module
 2022-01-21 16:26:58 +01:00
Nex 1b4f99a31d Trying to catch missing argument error (ref: #211) 2022-01-21 12:20:22 +01:00
tek e4e1716729 Bumped version 2022-01-20 15:28:42 +01:00
tek 083bc12351 Merge branch 'feature/check-file-path' 2022-01-20 15:19:37 +01:00
tek 95205d8e17 Adds indicators check to iOS TCC module 2022-01-18 17:12:20 +01:00
Nex a6fd5fe1f3 Bumped version 2022-01-18 16:06:14 +01:00
Nex 3e0ef20fcd . 2022-01-18 16:05:01 +01:00
Donncha Ó Cearbhaill 6fcd40f6b6 Fix use of global list instance as self.results variable 2022-01-18 15:53:05 +01:00
tek 38bb583a9e Improves management of file path indicators 2022-01-18 15:50:31 +01:00
Donncha Ó Cearbhaill 48ec2d8fa8 Merge branch 'main' into tests 2022-01-18 15:30:40 +01:00
tek 798805c583 Improves Shortcut output 2022-01-18 13:06:35 +01:00
Nex 24be9e9570 Use default list of indicators files now that some default ones are automatically loaded 2022-01-14 16:26:14 +01:00
Nex adbd95c559 Dots 2022-01-14 02:01:59 +01:00
Nex 8a707c288a Bumped version 2022-01-14 01:53:10 +01:00
Nex 4c906ad52e Renamed download iocs function 2022-01-14 01:52:57 +01:00
Nex a2f8030cce Added new iOS versions 2022-01-14 01:41:48 +01:00
Nex 737007afdb Bumped version 2022-01-12 16:18:13 +01:00
Nex 33efeda90a Added TODO note 2022-01-12 16:10:15 +01:00
Nex 146f2ae57d Renaming check function for consistency 2022-01-12 16:02:13 +01:00
Nex 11bc916854 Sorted imports 2022-01-11 16:02:44 +01:00
Nex 3084876f31 Removing unused imports, fixing conditions, new lines 2022-01-11 16:02:01 +01:00
Nex f63cb585b2 Shortened command to download-iocs 2022-01-11 15:59:01 +01:00
Nex 637aebcd89 Small cleanup 2022-01-11 15:53:10 +01:00
Nex 16a0de3af4 Added new module to highlight installed accessibility services 2022-01-11 15:16:26 +01:00
tek 15fbedccc9 Fixes a minor bug in WebkitResourceLoadStatistics 2022-01-10 18:09:31 +01:00
tek e0514b20dd Catches exception in Shortcuts module if the table does not exist 2022-01-10 16:58:12 +01:00
Donncha Ó Cearbhaill 54963b0b59 Update test PR to work with latest code, fix flake8 2022-01-07 17:03:53 +01:00
tek 28d57e7178 Add command to download latest public indicators 
Squashed commit of the following:

commit c0d9e8d5d188c13e7e5ec0612e99bfb7e25f47d4
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date:   Fri Jan 7 16:05:12 2022 +0100

    Update name of indicators JSON file

commit f719e49c5f942cef64931ecf422b6a6e7b8c9f17
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date:   Fri Jan 7 15:38:03 2022 +0100

    Do not set indicators option on module if no indicators were loaded

commit a289eb8de936f7d74c6c787cbb8daf5c5bec015c
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date:   Fri Jan 7 14:43:00 2022 +0100

    Simplify code for loading IoCs

commit 0804563415ee80d76c13d3b38ffe639fa14caa14
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date:   Fri Jan 7 13:43:47 2022 +0100

    Add metadata to IoC entries

commit 97d0e893c1a0736c4931363ff40f09a030b90cf6
Author: tek <tek@randhome.io>
Date:   Fri Dec 17 16:43:09 2021 +0100

    Implements automated loading of indicators

commit c381e14df92ae4d7d846a1c97bcf6639cc526082
Author: tek <tek@randhome.io>
Date:   Fri Dec 17 12:41:15 2021 +0100

    Improves download-indicators

commit b938e02ddfd0b916fd883f510b467491a4a84e5f
Author: tek <tek@randhome.io>
Date:   Fri Dec 17 01:44:26 2021 +0100

    Adds download-indicators for mvt-ios and mvt-android
 2022-01-07 16:38:04 +01:00
Nicolai Søborg c282d4341d
Bump adb read timeout 
Some adb commands (like `dumpsys`) are very slow and the default timeout is "only" 10s. 
A timeout of 200 seconds is chosen completely at random - works on my phone 🤷

Fixes https://github.com/mvt-project/mvt/issues/113
Fixes https://github.com/mvt-project/mvt/issues/228
 2021-12-28 13:56:04 +01:00
tek 681bae2f66 Bump version to v1.4.1 2021-12-27 16:19:25 +01:00
tek 82b57f1997 Fixes IOC issue in android CLI 2021-12-22 00:19:16 +01:00
Donncha Ó Cearbhaill 8f88f872df Bump to 1.4.0 to skip previously used PyPi versions 2021-12-17 12:52:06 +01:00
Donncha Ó Cearbhaill 2d16218489 Bump version to v1.3.2 2021-12-17 12:24:41 +01:00
Donncha Ó Cearbhaill 3215e797ec Bug fixes for config profile and shortcut module 2021-12-16 22:58:36 +01:00
Donncha Ó Cearbhaill e80c02451c Bump version to 1.3.1. Skipping 1.3 as a tag already exists 2021-12-16 19:27:58 +01:00
Donncha Ó Cearbhaill 5df50f864c Merge branch 'main' into main 2021-12-16 19:21:18 +01:00
Donncha Ó Cearbhaill 45b31bb718 Add support for indentifying known malicious file paths over ADB 2021-12-16 19:16:24 +01:00
Donncha Ó Cearbhaill e10f1767e6 Update WhatsApp module to search for links in attachments 2021-12-16 18:46:31 +01:00
tek d64277c0bf Adds missing iOS version 2021-12-16 18:39:22 +01:00
Donncha Ó Cearbhaill 3f3261511a Add module to search for known malicious or suspicious configuration profiles 2021-12-16 17:57:26 +01:00
Donncha Ó Cearbhaill 4cfe75e2d4 Add module to parse iOS Shortcuts and search for malicious actions 2021-12-16 17:47:08 +01:00
tek cdd90332f7 Adds timeline support to TCC iOS module 2021-12-16 13:57:44 +01:00
tek d9b29b3739 Fixes indicator issue in the android cli 2021-12-16 12:51:57 +01:00
tek 79bb7d1d4b Fixes indiator parsing bug 2021-12-13 18:37:05 +01:00
tek a653cb3cfc Implements loading STIX files from env variable MVT_STIX2 2021-12-10 16:11:59 +01:00
tek b25cc48be0 Fixes issue in Safari Browser State for older iOS versions 2021-12-06 15:04:52 +01:00
tek 40bd9ddc1d Fixes issue with different TCC database versions 2021-12-03 20:31:12 +01:00
Tek deb95297da
Merge pull request #219 from workingreact/main 
Fix ConfigurationProfiles
 2021-12-03 19:56:43 +01:00
tek 02014b414b Add warning for apple notification 2021-12-03 19:42:35 +01:00
tek 7dd5fe7831 Catch and recover malformed SMS database 2021-12-03 17:46:41 +01:00
workingreact 11d1a3dcee fix typo 2021-12-02 18:31:07 +01:00
workingreact 74f9db2bf2 fix ConfigurationProfiles 2021-12-02 16:55:14 +01:00
tek 356bddc3af Adds new iOS versions 2021-11-28 17:43:50 +01:00
Nex 512f40dcb4 Standardized code with flake8 2021-11-19 15:27:51 +01:00
Nex b3a464ba58 Removed unused imports 2021-11-19 14:54:53 +01:00
Nex 529df85f0f Sorted imports 2021-11-04 12:58:35 +01:00
panelmix 34c997f923 Replace NetworkingAnalytics with Analytics 2021-11-02 13:29:12 +01:00
Nex 02bf903411 Bumped version 2021-10-30 13:40:25 +02:00
Nex 7019375767
Merge pull request #210 from hurtcrushing/main 
Search for entries in ZPROCESS but not in ZLIVEUSAGE
 2021-10-27 14:22:40 +02:00
Nex 34dd27c5d2 Added iPhone 13 2021-10-26 18:33:07 +02:00
Nex a4d6a08a8b Added iOS 15.1 2021-10-26 18:09:31 +02:00
hurtcrushing 635d3a392d change warning to info 2021-10-25 14:54:03 +02:00
hurtcrushing 2d78bddbba Search for entries in ZPROCESS but not in ZLIVEUSAGE 2021-10-25 14:34:18 +02:00
Nex 6d8de5b461 Bumped version 2021-10-23 13:51:44 +02:00
tek e0c9a44b10 Merge branch 'main' of github.com:mvt-project/mvt 2021-10-21 21:17:31 +02:00
tek ef8c1ae895 Adds recent iOS versions 2021-10-21 21:17:09 +02:00
Nex 3165801e2b Bumped version 2021-10-18 13:40:30 +02:00
Nex f8e380baa1 Minor style fixes 2021-10-18 12:51:20 +02:00
Nex 35559b09a8
Merge pull request #206 from colossalzippy/main 
improve Filesystem module
 2021-10-18 12:48:58 +02:00
colossalzippy f601db2174 improve Filesystem 2021-10-15 14:58:50 +02:00
witchbuild 3ce9641c23 add NetworkingAnalytics 2021-10-15 11:53:06 +02:00
Nex 9be393e3f6 Bumped version 2021-10-14 19:59:09 +02:00
Nex 169f5fbc26 Pyment to reST 2021-10-12 18:06:58 +02:00
vin01 40b0da9885
Specify public key for PythonRSASigner 2021-10-08 21:36:49 +02:00
tek 94a8d9dd91 Fixes bug in adb handling 2021-09-29 18:16:33 +02:00
tek 963d3db51a Fixes a bug in android packages module 2021-09-29 17:59:50 +02:00
Nex 660e208473 Bumped version 2021-09-28 15:40:26 +02:00
Nex 01e68ccc6a Fixed dict decl 2021-09-28 12:45:15 +02:00
Nex fba0fa1f2c Removed newline 2021-09-28 12:44:15 +02:00
Nex 8fcc79ebfa Adapted for better support 2021-09-28 12:42:57 +02:00
Nex 423462395a Merge branch 'main' of https://github.com/pungentsneak/mvt into pungentsneak-main 2021-09-28 12:33:14 +02:00
Nex 1f08572a6a Bumped version 2021-09-22 17:32:22 +02:00
Nex 94e3c0ce7b Added iOS 15.0 2021-09-22 17:27:29 +02:00
pungentsneak 904daad935 add ShutdownLog 2021-09-22 13:24:17 +02:00
Nex 60a17381a2 Standardized code 2021-09-21 22:27:35 +02:00
tek ef2bb93dc4 Adds indicator check for android package name and file hash 2021-09-21 19:43:02 +02:00
Nex f68b7e7089 Pull file hashes fom Packages module directly 2021-09-20 19:15:39 +02:00
Nex a22241ec32 Added version commands 2021-09-17 14:19:03 +02:00
Nex 8ad1bc7a2b Bumped version 2021-09-16 10:45:26 +02:00
Nex 75b5b296a5 Added check for indicators (closes: #189) 2021-09-16 10:44:39 +02:00
Nex f1d039346d Bumped version 2021-09-14 14:33:17 +02:00
Nex ccdfd92d4a Merge branch 'dozenfossil-main' 2021-09-14 14:29:21 +02:00
Nex 032b229eb8 Minor changes for consistency 2021-09-14 14:29:04 +02:00
Nex 93936976c7 Merge branch 'main' of https://github.com/dozenfossil/mvt into dozenfossil-main 2021-09-14 14:26:37 +02:00