tek
cf88740f6a
Fixes bugs in SafariBrowserState module and add tests
2022-01-26 14:50:34 +01:00
tek
eb4810b0ad
Fixes bug in parsing of configuration profiles
2022-01-25 20:32:27 +01:00
Nex
cce9159eda
Adding indicator to matched results
2022-01-23 15:01:49 +01:00
Nex
e1211991aa
Bumped version
2022-01-23 14:17:43 +01:00
Nex
8ae9ca328c
Added log line at the end to highlight number of detections
2022-01-21 16:50:32 +01:00
Nex
0e2eb51732
Fixed checking of indicators in filesystem module
2022-01-21 16:30:34 +01:00
Nex
b35cd4bc73
Added support for context-aware indicators.
...
This way when a detection is logged, the user can know which STIX2
file was matched by the module
2022-01-21 16:26:58 +01:00
Nex
1b4f99a31d
Trying to catch missing argument error (ref: #211 )
2022-01-21 12:20:22 +01:00
tek
e4e1716729
Bumped version
2022-01-20 15:28:42 +01:00
tek
083bc12351
Merge branch 'feature/check-file-path'
2022-01-20 15:19:37 +01:00
tek
95205d8e17
Adds indicators check to iOS TCC module
2022-01-18 17:12:20 +01:00
Nex
a6fd5fe1f3
Bumped version
2022-01-18 16:06:14 +01:00
Nex
3e0ef20fcd
.
2022-01-18 16:05:01 +01:00
Donncha Ó Cearbhaill
6fcd40f6b6
Fix use of global list instance as self.results variable
2022-01-18 15:53:05 +01:00
tek
38bb583a9e
Improves management of file path indicators
2022-01-18 15:50:31 +01:00
Donncha Ó Cearbhaill
48ec2d8fa8
Merge branch 'main' into tests
2022-01-18 15:30:40 +01:00
tek
798805c583
Improves Shortcut output
2022-01-18 13:06:35 +01:00
Nex
24be9e9570
Use default list of indicators files now that some default ones are automatically loaded
2022-01-14 16:26:14 +01:00
Nex
adbd95c559
Dots
2022-01-14 02:01:59 +01:00
Nex
8a707c288a
Bumped version
2022-01-14 01:53:10 +01:00
Nex
4c906ad52e
Renamed download iocs function
2022-01-14 01:52:57 +01:00
Nex
a2f8030cce
Added new iOS versions
2022-01-14 01:41:48 +01:00
Nex
737007afdb
Bumped version
2022-01-12 16:18:13 +01:00
Nex
33efeda90a
Added TODO note
2022-01-12 16:10:15 +01:00
Nex
146f2ae57d
Renaming check function for consistency
2022-01-12 16:02:13 +01:00
Nex
11bc916854
Sorted imports
2022-01-11 16:02:44 +01:00
Nex
3084876f31
Removing unused imports, fixing conditions, new lines
2022-01-11 16:02:01 +01:00
Nex
f63cb585b2
Shortened command to download-iocs
2022-01-11 15:59:01 +01:00
Nex
637aebcd89
Small cleanup
2022-01-11 15:53:10 +01:00
Nex
16a0de3af4
Added new module to highlight installed accessibility services
2022-01-11 15:16:26 +01:00
tek
15fbedccc9
Fixes a minor bug in WebkitResourceLoadStatistics
2022-01-10 18:09:31 +01:00
tek
e0514b20dd
Catches exception in Shortcuts module if the table does not exist
2022-01-10 16:58:12 +01:00
Donncha Ó Cearbhaill
54963b0b59
Update test PR to work with latest code, fix flake8
2022-01-07 17:03:53 +01:00
tek
28d57e7178
Add command to download latest public indicators
...
Squashed commit of the following:
commit c0d9e8d5d188c13e7e5ec0612e99bfb7e25f47d4
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 16:05:12 2022 +0100
Update name of indicators JSON file
commit f719e49c5f942cef64931ecf422b6a6e7b8c9f17
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 15:38:03 2022 +0100
Do not set indicators option on module if no indicators were loaded
commit a289eb8de936f7d74c6c787cbb8daf5c5bec015c
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 14:43:00 2022 +0100
Simplify code for loading IoCs
commit 0804563415ee80d76c13d3b38ffe639fa14caa14
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 13:43:47 2022 +0100
Add metadata to IoC entries
commit 97d0e893c1a0736c4931363ff40f09a030b90cf6
Author: tek <tek@randhome.io>
Date: Fri Dec 17 16:43:09 2021 +0100
Implements automated loading of indicators
commit c381e14df92ae4d7d846a1c97bcf6639cc526082
Author: tek <tek@randhome.io>
Date: Fri Dec 17 12:41:15 2021 +0100
Improves download-indicators
commit b938e02ddfd0b916fd883f510b467491a4a84e5f
Author: tek <tek@randhome.io>
Date: Fri Dec 17 01:44:26 2021 +0100
Adds download-indicators for mvt-ios and mvt-android
2022-01-07 16:38:04 +01:00
Nicolai Søborg
c282d4341d
Bump adb read timeout
...
Some adb commands (like `dumpsys`) are very slow and the default timeout is "only" 10s.
A timeout of 200 seconds is chosen completely at random - works on my phone 🤷
Fixes https://github.com/mvt-project/mvt/issues/113
Fixes https://github.com/mvt-project/mvt/issues/228
2021-12-28 13:56:04 +01:00
tek
681bae2f66
Bump version to v1.4.1
2021-12-27 16:19:25 +01:00
tek
82b57f1997
Fixes IOC issue in android CLI
2021-12-22 00:19:16 +01:00
Donncha Ó Cearbhaill
8f88f872df
Bump to 1.4.0 to skip previously used PyPi versions
2021-12-17 12:52:06 +01:00
Donncha Ó Cearbhaill
2d16218489
Bump version to v1.3.2
2021-12-17 12:24:41 +01:00
Donncha Ó Cearbhaill
3215e797ec
Bug fixes for config profile and shortcut module
2021-12-16 22:58:36 +01:00
Donncha Ó Cearbhaill
e80c02451c
Bump version to 1.3.1. Skipping 1.3 as a tag already exists
2021-12-16 19:27:58 +01:00
Donncha Ó Cearbhaill
5df50f864c
Merge branch 'main' into main
2021-12-16 19:21:18 +01:00
Donncha Ó Cearbhaill
45b31bb718
Add support for indentifying known malicious file paths over ADB
2021-12-16 19:16:24 +01:00
Donncha Ó Cearbhaill
e10f1767e6
Update WhatsApp module to search for links in attachments
2021-12-16 18:46:31 +01:00
tek
d64277c0bf
Adds missing iOS version
2021-12-16 18:39:22 +01:00
Donncha Ó Cearbhaill
3f3261511a
Add module to search for known malicious or suspicious configuration profiles
2021-12-16 17:57:26 +01:00
Donncha Ó Cearbhaill
4cfe75e2d4
Add module to parse iOS Shortcuts and search for malicious actions
2021-12-16 17:47:08 +01:00
tek
cdd90332f7
Adds timeline support to TCC iOS module
2021-12-16 13:57:44 +01:00
tek
d9b29b3739
Fixes indicator issue in the android cli
2021-12-16 12:51:57 +01:00
tek
79bb7d1d4b
Fixes indiator parsing bug
2021-12-13 18:37:05 +01:00
tek
a653cb3cfc
Implements loading STIX files from env variable MVT_STIX2
2021-12-10 16:11:59 +01:00
tek
b25cc48be0
Fixes issue in Safari Browser State for older iOS versions
2021-12-06 15:04:52 +01:00
tek
40bd9ddc1d
Fixes issue with different TCC database versions
2021-12-03 20:31:12 +01:00
Tek
deb95297da
Merge pull request #219 from workingreact/main
...
Fix ConfigurationProfiles
2021-12-03 19:56:43 +01:00
tek
02014b414b
Add warning for apple notification
2021-12-03 19:42:35 +01:00
tek
7dd5fe7831
Catch and recover malformed SMS database
2021-12-03 17:46:41 +01:00
workingreact
11d1a3dcee
fix typo
2021-12-02 18:31:07 +01:00
workingreact
74f9db2bf2
fix ConfigurationProfiles
2021-12-02 16:55:14 +01:00
tek
356bddc3af
Adds new iOS versions
2021-11-28 17:43:50 +01:00
Nex
512f40dcb4
Standardized code with flake8
2021-11-19 15:27:51 +01:00
Nex
b3a464ba58
Removed unused imports
2021-11-19 14:54:53 +01:00
Nex
529df85f0f
Sorted imports
2021-11-04 12:58:35 +01:00
panelmix
34c997f923
Replace NetworkingAnalytics with Analytics
2021-11-02 13:29:12 +01:00
Nex
02bf903411
Bumped version
2021-10-30 13:40:25 +02:00
Nex
7019375767
Merge pull request #210 from hurtcrushing/main
...
Search for entries in ZPROCESS but not in ZLIVEUSAGE
2021-10-27 14:22:40 +02:00
Nex
34dd27c5d2
Added iPhone 13
2021-10-26 18:33:07 +02:00
Nex
a4d6a08a8b
Added iOS 15.1
2021-10-26 18:09:31 +02:00
hurtcrushing
635d3a392d
change warning to info
2021-10-25 14:54:03 +02:00
hurtcrushing
2d78bddbba
Search for entries in ZPROCESS but not in ZLIVEUSAGE
2021-10-25 14:34:18 +02:00
Nex
6d8de5b461
Bumped version
2021-10-23 13:51:44 +02:00
tek
e0c9a44b10
Merge branch 'main' of github.com:mvt-project/mvt
2021-10-21 21:17:31 +02:00
tek
ef8c1ae895
Adds recent iOS versions
2021-10-21 21:17:09 +02:00
Nex
3165801e2b
Bumped version
2021-10-18 13:40:30 +02:00
Nex
f8e380baa1
Minor style fixes
2021-10-18 12:51:20 +02:00
Nex
35559b09a8
Merge pull request #206 from colossalzippy/main
...
improve Filesystem module
2021-10-18 12:48:58 +02:00
colossalzippy
f601db2174
improve Filesystem
2021-10-15 14:58:50 +02:00
witchbuild
3ce9641c23
add NetworkingAnalytics
2021-10-15 11:53:06 +02:00
Nex
9be393e3f6
Bumped version
2021-10-14 19:59:09 +02:00
Nex
169f5fbc26
Pyment to reST
2021-10-12 18:06:58 +02:00
vin01
40b0da9885
Specify public key for PythonRSASigner
2021-10-08 21:36:49 +02:00
tek
94a8d9dd91
Fixes bug in adb handling
2021-09-29 18:16:33 +02:00
tek
963d3db51a
Fixes a bug in android packages module
2021-09-29 17:59:50 +02:00
Nex
660e208473
Bumped version
2021-09-28 15:40:26 +02:00
Nex
01e68ccc6a
Fixed dict decl
2021-09-28 12:45:15 +02:00
Nex
fba0fa1f2c
Removed newline
2021-09-28 12:44:15 +02:00
Nex
8fcc79ebfa
Adapted for better support
2021-09-28 12:42:57 +02:00
Nex
423462395a
Merge branch 'main' of https://github.com/pungentsneak/mvt into pungentsneak-main
2021-09-28 12:33:14 +02:00
Nex
1f08572a6a
Bumped version
2021-09-22 17:32:22 +02:00
Nex
94e3c0ce7b
Added iOS 15.0
2021-09-22 17:27:29 +02:00
pungentsneak
904daad935
add ShutdownLog
2021-09-22 13:24:17 +02:00
Nex
60a17381a2
Standardized code
2021-09-21 22:27:35 +02:00
tek
ef2bb93dc4
Adds indicator check for android package name and file hash
2021-09-21 19:43:02 +02:00
Nex
f68b7e7089
Pull file hashes fom Packages module directly
2021-09-20 19:15:39 +02:00
Nex
a22241ec32
Added version commands
2021-09-17 14:19:03 +02:00
Nex
8ad1bc7a2b
Bumped version
2021-09-16 10:45:26 +02:00
Nex
75b5b296a5
Added check for indicators ( closes : #189 )
2021-09-16 10:44:39 +02:00
Nex
f1d039346d
Bumped version
2021-09-14 14:33:17 +02:00
Nex
ccdfd92d4a
Merge branch 'dozenfossil-main'
2021-09-14 14:29:21 +02:00
Nex
032b229eb8
Minor changes for consistency
2021-09-14 14:29:04 +02:00
Nex
93936976c7
Merge branch 'main' of https://github.com/dozenfossil/mvt into dozenfossil-main
2021-09-14 14:26:37 +02:00
Nex
f3a4e9d108
Merge pull request #186 from beneficentboast/main
...
fix error for manipulated entries in DataUsage/NetUsage
2021-09-14 14:26:00 +02:00
Nex
93a9735b5e
Reordering
2021-09-14 14:21:54 +02:00
Nex
7b0e2d4564
Added version
2021-09-14 14:20:54 +02:00
beneficentboast
725a99bcd5
fix error for manipulated entries in DataUsage
2021-09-13 20:13:43 +02:00
dozenfossil
35a6f6ec9a
fix multi path/file issue
2021-09-13 20:02:48 +02:00
Nex
3f9809f36c
Formatting docstrings
2021-09-11 02:39:33 +02:00
Nex
6da6595108
More docstrings
2021-09-10 20:09:37 +02:00
Nex
35dfeaccee
Re-ordered list of shortener domains
2021-09-10 15:21:02 +02:00
Nex
e5f2aa3c3d
Standardizing reST docstrings
2021-09-10 15:18:13 +02:00
Nex
3236c1b390
Added new TCC module
2021-09-09 12:00:48 +02:00
Nex
80a670273d
Added additional locationd path
2021-09-07 15:18:00 +02:00
Nex
969b5cc506
Fixed bug in locationd module
2021-09-07 15:06:19 +02:00
Nex
ef8622d4c3
Changed event name
2021-09-03 14:49:04 +02:00
Nex
e39e9e6f92
Cleaned up and simplified module
2021-09-03 14:48:24 +02:00
Nex
7b32ed3179
Compacted record data
2021-09-03 14:41:55 +02:00
Nex
3e679312d1
Renamed module
2021-09-03 13:35:27 +02:00
guitarsinger
be4f1afed6
add OSAnalyticsADDAILY
2021-09-03 11:59:44 +02:00
Nex
0dea25d86e
Reverted version number to minor
2021-09-02 15:33:36 +02:00
Nex
505d3c7e60
Bumped version
2021-09-02 15:31:25 +02:00
Nex
8f04c09b75
Removed duplicate
2021-09-02 15:28:17 +02:00
Nex
595b7e2066
Fixed typo
2021-09-02 15:27:00 +02:00
Nex
d3941bb5d3
Merge pull request #177 from harsaphes/main
...
Checking idstatuscache.plist in a dump for iOS>14.7
2021-09-01 22:00:51 +02:00
Nex
194c8a0ac1
Using new function to retrieve local db path
2021-09-01 21:59:12 +02:00
tek
cacf027051
Fixes a bug in retrieving the backup file path in webkit session resource logs
2021-09-01 15:49:23 -04:00
tek
da97f5ca30
Add db recovery to Safari history module
2021-09-01 15:40:45 -04:00
Nex
a774577940
Handling some exceptions more gracefully
2021-09-01 13:41:21 +02:00
Nex
7252cc82a7
Added module to dump full output of dumpsys
2021-08-30 22:20:05 +02:00
Nex
b34d80fd11
Logging module completed
2021-08-30 22:19:28 +02:00
Nex
0347dfa3c9
Added module Files to pull list of visible file pathso
2021-08-30 22:11:07 +02:00
Nex
28647b8493
Fixed is_dir() to isdir()
2021-08-30 22:08:29 +02:00
harsaphes
c2ec26fd75
Checking idstatuscache.plist in a dump for iOS>14.7
2021-08-30 21:01:59 +02:00
Nex
856a6fb895
Cleaning up some classes
2021-08-28 12:33:27 +02:00
Jeff Irion
34c64af815
Fix `_adb_check_keys` method
2021-08-27 23:26:50 -07:00
Nex
ea4da71277
Creating android home folder if missing
2021-08-27 19:12:09 +02:00
Nex
94fe3c90e0
Added logcat modules
2021-08-26 15:23:54 +02:00
Nex
f78332aa71
Split receivers into a new package
2021-08-26 14:51:56 +02:00
Nex
0c4eb0bb34
Added discovery of Android packages with potentially abusive receivers
2021-08-26 14:08:39 +02:00
Nex
e70054d0c2
Bumped version
2021-08-26 12:48:09 +02:00
Nex
c859b43220
Adding logo to iOS cli
2021-08-26 12:40:45 +02:00
Nex
75ee2db02e
Upgrading version
2021-08-26 12:36:37 +02:00
Nex
b27047ed27
Updated lookup modules to new format ( closes : #175 )
2021-08-25 21:58:03 +02:00
Nex
79f313827f
Changed mvt-android download-apks to only fetch non-system packages
2021-08-25 13:35:21 +02:00
Nex
0005ad2abd
Removed unused imports
2021-08-21 15:50:12 +02:00
Nex
a16b0c12d2
Added shared help messages
2021-08-21 15:48:52 +02:00
Nex
e0a6608b9d
Logging which files error the manifest module
2021-08-20 17:15:35 +02:00
Nex
80a91bb2ad
Checking if the backup is actually encrypted before proceeding ( closes : #48 )
2021-08-20 15:18:08 +02:00
Nex
2d277d2d14
Catching in case uid field is not present
2021-08-18 23:11:18 +02:00
Nex
817aaab258
Indicate in help message that option can be invoked multiple times
2021-08-18 13:24:10 +02:00
Nex
4d8d91846c
Added missing import of IndicatorsFileBadFormat
2021-08-18 13:21:54 +02:00
Nex
e31e08e710
Added multiple indicators to Android cli
2021-08-18 13:19:34 +02:00
Nex
27847bf16c
Added counter for loaded indicators
2021-08-18 13:18:34 +02:00
Nex
f2b1311ff7
Sorted imports
2021-08-18 13:18:28 +02:00
Nex
48810af83d
Fixed creation of Indicators instance
2021-08-18 13:12:37 +02:00
Nex
6a63256b5c
Added ability to import multiple STIX2 indicators files
2021-08-18 13:08:32 +02:00
Nex
d77809060f
Added newline
2021-08-17 22:54:33 +02:00
Nex
99d539b040
Renamed packages.json to apks.json to avoid conflicts with other module
2021-08-17 13:26:26 +02:00
Nex
7edf147112
Better handling of package parsing and more logging ( closes : #102 )
2021-08-17 13:26:04 +02:00
Nex
39b81214c2
Catching exception when unable to connect to device over TCP
2021-08-17 13:10:36 +02:00
Nex
94fd6b5208
Catching errors more gracefully when downloading apks ( closes : #158 )
2021-08-17 13:06:31 +02:00
Nex
96e4a9a4a4
Overhaul of mvt-ios modules
2021-08-16 10:50:35 +02:00
Nex
24d7187303
Fixed variable name
2021-08-15 20:02:17 +02:00
Nex
6af6c52f60
Renamed function for consistency
2021-08-15 20:01:33 +02:00
Nex
fdaf2fc760
Fixed WebkitSessionResourceLog module, still needs testing
2021-08-15 20:00:29 +02:00
Nex
fda621672d
Renamed webkit helper function
2021-08-15 19:50:55 +02:00
Nex
ce6cc771b4
Replaced leftover dicts
2021-08-15 19:20:41 +02:00
Nex
e1e4476bee
Standardizing Manifest results structure
2021-08-15 19:07:45 +02:00
Nex
9582778adf
Getting rid of dict()
2021-08-15 19:05:15 +02:00
Nex
5e6e4fa8d0
Added modules to extract details on configuration profiles from backup
2021-08-15 18:53:02 +02:00
Nex
9e5a412fe2
Creating helper function to locate files in Manifest.db
2021-08-15 17:39:14 +02:00
Nex
763cb6e06c
DeviceInfo module is now BackupInfo and only running on backups
2021-08-15 13:16:00 +02:00
Nex
cbdbf41e1e
Restructured modules folders
2021-08-15 13:14:18 +02:00
Nex
cf630f7c2b
Fixed unused imports
2021-08-14 18:56:33 +02:00
Nex
3d6e01179a
Fixed typo
2021-08-14 18:52:00 +02:00
Nex
8260bda308
Got rid of biplist, using standard plistlib
2021-08-14 18:50:11 +02:00
Nex
30e00e0707
Added module to extract information on device
2021-08-14 18:39:46 +02:00
Nex
88e2576334
Copying plist files too when decrypting a backup
2021-08-14 18:25:41 +02:00
Nex
076930c2c9
Added newline
2021-08-14 18:06:30 +02:00
Nex
8a91e64bb9
Catching gracefully if indicators file parse fails
2021-08-12 20:17:37 +02:00
Nex
54eaf046b0
Standardizing base classes declarations
2021-08-12 18:36:31 +02:00
Nex
23e4babbc9
Sorted imports
2021-08-12 18:34:33 +02:00
Nex
78b9fcd50c
Added super init to NetBase
2021-08-12 18:34:23 +02:00
Nex
4eb7a64614
Removed serial in declaration
2021-08-12 18:33:58 +02:00
Nex
e512e0b72f
Fixed download_apks init
2021-08-12 18:25:57 +02:00
Nex
8ca7030195
Refactored serial specification for ADB
2021-08-12 18:21:21 +02:00
Nex
f78c671885
Merge branch 'main' of https://github.com/j0k2r/mvt into j0k2r-main
2021-08-12 18:07:50 +02:00
Nex
411ac53522
Letting module handler catch any exception
2021-08-12 17:57:40 +02:00
Nex
8be60e8a04
Checking all processes
2021-08-12 17:53:19 +02:00
Nex
8a484b3b24
Added a more clear message regarding rooted Androids
2021-08-12 17:47:20 +02:00
Nex
0a7512cfb2
Checking for manipulated entries even when no indicators are provided
2021-08-12 12:57:27 +02:00
Nex
8d93ab66c9
Improved logging around detection results
2021-08-12 12:56:12 +02:00
Nex
6e19d34700
Merge branch 'main' of https://github.com/DL6ER/mvt into DL6ER-main
2021-08-12 12:49:36 +02:00
Nex
88324c7c42
Standardized to logging format
2021-08-12 12:48:29 +02:00
Daniel Kahn Gillmor
ec93c3d8b8
Even friendlier behaviors when the user mis-specifies the backup path
...
As discussed in #147
2021-08-10 23:19:45 -04:00
Daniel Kahn Gillmor
1288f8ca53
handle error cases better
2021-08-10 22:57:15 -04:00
DL6ER
290776a286
Log if there was no detection made by the module
...
Signed-off-by: DL6ER <dl6er@dl6er.de>
2021-08-10 12:13:23 +02:00
Hamza Z
15c0d71933
Fix merge conflicts
2021-08-08 20:05:50 +02:00
Nex
e5f7727c80
Fixed typo ( closes : #157 )
2021-08-06 18:40:09 +02:00
Nex
9f696dcb72
Added version 14.7.1
2021-08-05 09:03:02 +02:00
Nex
2302c9fb1c
Fixed language
2021-08-05 08:56:41 +02:00
Nex
9bb8ae5187
Merge branch 'clearer-error-reporting' of https://github.com/dkg/mvt into dkg-clearer-error-reporting
2021-08-05 08:54:29 +02:00