crt0mega
/
mvt
mirror of https://github.com/mvt-project/mvt.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
612 Commits 22 Branches 67 Tags 6 MiB
Commit Graph

412 Commits

Author SHA1 Message Date
tek cf88740f6a Fixes bugs in SafariBrowserState module and add tests 2022-01-26 14:50:34 +01:00
tek eb4810b0ad Fixes bug in parsing of configuration profiles 2022-01-25 20:32:27 +01:00
Nex cce9159eda Adding indicator to matched results 2022-01-23 15:01:49 +01:00
Nex e1211991aa Bumped version 2022-01-23 14:17:43 +01:00
Nex 8ae9ca328c Added log line at the end to highlight number of detections 2022-01-21 16:50:32 +01:00
Nex 0e2eb51732 Fixed checking of indicators in filesystem module 2022-01-21 16:30:34 +01:00
Nex b35cd4bc73 Added support for context-aware indicators. 
This way when a detection is logged, the user can know which STIX2
file was matched by the module
 2022-01-21 16:26:58 +01:00
Nex 1b4f99a31d Trying to catch missing argument error (ref: #211) 2022-01-21 12:20:22 +01:00
tek e4e1716729 Bumped version 2022-01-20 15:28:42 +01:00
tek 083bc12351 Merge branch 'feature/check-file-path' 2022-01-20 15:19:37 +01:00
tek 95205d8e17 Adds indicators check to iOS TCC module 2022-01-18 17:12:20 +01:00
Nex a6fd5fe1f3 Bumped version 2022-01-18 16:06:14 +01:00
Nex 3e0ef20fcd . 2022-01-18 16:05:01 +01:00
Donncha Ó Cearbhaill 6fcd40f6b6 Fix use of global list instance as self.results variable 2022-01-18 15:53:05 +01:00
tek 38bb583a9e Improves management of file path indicators 2022-01-18 15:50:31 +01:00
Donncha Ó Cearbhaill 48ec2d8fa8 Merge branch 'main' into tests 2022-01-18 15:30:40 +01:00
tek 798805c583 Improves Shortcut output 2022-01-18 13:06:35 +01:00
Nex 24be9e9570 Use default list of indicators files now that some default ones are automatically loaded 2022-01-14 16:26:14 +01:00
Nex adbd95c559 Dots 2022-01-14 02:01:59 +01:00
Nex 8a707c288a Bumped version 2022-01-14 01:53:10 +01:00
Nex 4c906ad52e Renamed download iocs function 2022-01-14 01:52:57 +01:00
Nex a2f8030cce Added new iOS versions 2022-01-14 01:41:48 +01:00
Nex 737007afdb Bumped version 2022-01-12 16:18:13 +01:00
Nex 33efeda90a Added TODO note 2022-01-12 16:10:15 +01:00
Nex 146f2ae57d Renaming check function for consistency 2022-01-12 16:02:13 +01:00
Nex 11bc916854 Sorted imports 2022-01-11 16:02:44 +01:00
Nex 3084876f31 Removing unused imports, fixing conditions, new lines 2022-01-11 16:02:01 +01:00
Nex f63cb585b2 Shortened command to download-iocs 2022-01-11 15:59:01 +01:00
Nex 637aebcd89 Small cleanup 2022-01-11 15:53:10 +01:00
Nex 16a0de3af4 Added new module to highlight installed accessibility services 2022-01-11 15:16:26 +01:00
tek 15fbedccc9 Fixes a minor bug in WebkitResourceLoadStatistics 2022-01-10 18:09:31 +01:00
tek e0514b20dd Catches exception in Shortcuts module if the table does not exist 2022-01-10 16:58:12 +01:00
Donncha Ó Cearbhaill 54963b0b59 Update test PR to work with latest code, fix flake8 2022-01-07 17:03:53 +01:00
tek 28d57e7178 Add command to download latest public indicators 
Squashed commit of the following:

commit c0d9e8d5d188c13e7e5ec0612e99bfb7e25f47d4
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date:   Fri Jan 7 16:05:12 2022 +0100

    Update name of indicators JSON file

commit f719e49c5f942cef64931ecf422b6a6e7b8c9f17
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date:   Fri Jan 7 15:38:03 2022 +0100

    Do not set indicators option on module if no indicators were loaded

commit a289eb8de936f7d74c6c787cbb8daf5c5bec015c
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date:   Fri Jan 7 14:43:00 2022 +0100

    Simplify code for loading IoCs

commit 0804563415ee80d76c13d3b38ffe639fa14caa14
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date:   Fri Jan 7 13:43:47 2022 +0100

    Add metadata to IoC entries

commit 97d0e893c1a0736c4931363ff40f09a030b90cf6
Author: tek <tek@randhome.io>
Date:   Fri Dec 17 16:43:09 2021 +0100

    Implements automated loading of indicators

commit c381e14df92ae4d7d846a1c97bcf6639cc526082
Author: tek <tek@randhome.io>
Date:   Fri Dec 17 12:41:15 2021 +0100

    Improves download-indicators

commit b938e02ddfd0b916fd883f510b467491a4a84e5f
Author: tek <tek@randhome.io>
Date:   Fri Dec 17 01:44:26 2021 +0100

    Adds download-indicators for mvt-ios and mvt-android
 2022-01-07 16:38:04 +01:00
Nicolai Søborg c282d4341d
Bump adb read timeout 
Some adb commands (like `dumpsys`) are very slow and the default timeout is "only" 10s. 
A timeout of 200 seconds is chosen completely at random - works on my phone 🤷

Fixes https://github.com/mvt-project/mvt/issues/113
Fixes https://github.com/mvt-project/mvt/issues/228
 2021-12-28 13:56:04 +01:00
tek 681bae2f66 Bump version to v1.4.1 2021-12-27 16:19:25 +01:00
tek 82b57f1997 Fixes IOC issue in android CLI 2021-12-22 00:19:16 +01:00
Donncha Ó Cearbhaill 8f88f872df Bump to 1.4.0 to skip previously used PyPi versions 2021-12-17 12:52:06 +01:00
Donncha Ó Cearbhaill 2d16218489 Bump version to v1.3.2 2021-12-17 12:24:41 +01:00
Donncha Ó Cearbhaill 3215e797ec Bug fixes for config profile and shortcut module 2021-12-16 22:58:36 +01:00
Donncha Ó Cearbhaill e80c02451c Bump version to 1.3.1. Skipping 1.3 as a tag already exists 2021-12-16 19:27:58 +01:00
Donncha Ó Cearbhaill 5df50f864c Merge branch 'main' into main 2021-12-16 19:21:18 +01:00
Donncha Ó Cearbhaill 45b31bb718 Add support for indentifying known malicious file paths over ADB 2021-12-16 19:16:24 +01:00
Donncha Ó Cearbhaill e10f1767e6 Update WhatsApp module to search for links in attachments 2021-12-16 18:46:31 +01:00
tek d64277c0bf Adds missing iOS version 2021-12-16 18:39:22 +01:00
Donncha Ó Cearbhaill 3f3261511a Add module to search for known malicious or suspicious configuration profiles 2021-12-16 17:57:26 +01:00
Donncha Ó Cearbhaill 4cfe75e2d4 Add module to parse iOS Shortcuts and search for malicious actions 2021-12-16 17:47:08 +01:00
tek cdd90332f7 Adds timeline support to TCC iOS module 2021-12-16 13:57:44 +01:00
tek d9b29b3739 Fixes indicator issue in the android cli 2021-12-16 12:51:57 +01:00
tek 79bb7d1d4b Fixes indiator parsing bug 2021-12-13 18:37:05 +01:00
tek a653cb3cfc Implements loading STIX files from env variable MVT_STIX2 2021-12-10 16:11:59 +01:00
tek b25cc48be0 Fixes issue in Safari Browser State for older iOS versions 2021-12-06 15:04:52 +01:00
tek 40bd9ddc1d Fixes issue with different TCC database versions 2021-12-03 20:31:12 +01:00
Tek deb95297da
Merge pull request #219 from workingreact/main 
Fix ConfigurationProfiles
 2021-12-03 19:56:43 +01:00
tek 02014b414b Add warning for apple notification 2021-12-03 19:42:35 +01:00
tek 7dd5fe7831 Catch and recover malformed SMS database 2021-12-03 17:46:41 +01:00
workingreact 11d1a3dcee fix typo 2021-12-02 18:31:07 +01:00
workingreact 74f9db2bf2 fix ConfigurationProfiles 2021-12-02 16:55:14 +01:00
tek 356bddc3af Adds new iOS versions 2021-11-28 17:43:50 +01:00
Nex 512f40dcb4 Standardized code with flake8 2021-11-19 15:27:51 +01:00
Nex b3a464ba58 Removed unused imports 2021-11-19 14:54:53 +01:00
Nex 529df85f0f Sorted imports 2021-11-04 12:58:35 +01:00
panelmix 34c997f923 Replace NetworkingAnalytics with Analytics 2021-11-02 13:29:12 +01:00
Nex 02bf903411 Bumped version 2021-10-30 13:40:25 +02:00
Nex 7019375767
Merge pull request #210 from hurtcrushing/main 
Search for entries in ZPROCESS but not in ZLIVEUSAGE
 2021-10-27 14:22:40 +02:00
Nex 34dd27c5d2 Added iPhone 13 2021-10-26 18:33:07 +02:00
Nex a4d6a08a8b Added iOS 15.1 2021-10-26 18:09:31 +02:00
hurtcrushing 635d3a392d change warning to info 2021-10-25 14:54:03 +02:00
hurtcrushing 2d78bddbba Search for entries in ZPROCESS but not in ZLIVEUSAGE 2021-10-25 14:34:18 +02:00
Nex 6d8de5b461 Bumped version 2021-10-23 13:51:44 +02:00
tek e0c9a44b10 Merge branch 'main' of github.com:mvt-project/mvt 2021-10-21 21:17:31 +02:00
tek ef8c1ae895 Adds recent iOS versions 2021-10-21 21:17:09 +02:00
Nex 3165801e2b Bumped version 2021-10-18 13:40:30 +02:00
Nex f8e380baa1 Minor style fixes 2021-10-18 12:51:20 +02:00
Nex 35559b09a8
Merge pull request #206 from colossalzippy/main 
improve Filesystem module
 2021-10-18 12:48:58 +02:00
colossalzippy f601db2174 improve Filesystem 2021-10-15 14:58:50 +02:00
witchbuild 3ce9641c23 add NetworkingAnalytics 2021-10-15 11:53:06 +02:00
Nex 9be393e3f6 Bumped version 2021-10-14 19:59:09 +02:00
Nex 169f5fbc26 Pyment to reST 2021-10-12 18:06:58 +02:00
vin01 40b0da9885
Specify public key for PythonRSASigner 2021-10-08 21:36:49 +02:00
tek 94a8d9dd91 Fixes bug in adb handling 2021-09-29 18:16:33 +02:00
tek 963d3db51a Fixes a bug in android packages module 2021-09-29 17:59:50 +02:00
Nex 660e208473 Bumped version 2021-09-28 15:40:26 +02:00
Nex 01e68ccc6a Fixed dict decl 2021-09-28 12:45:15 +02:00
Nex fba0fa1f2c Removed newline 2021-09-28 12:44:15 +02:00
Nex 8fcc79ebfa Adapted for better support 2021-09-28 12:42:57 +02:00
Nex 423462395a Merge branch 'main' of https://github.com/pungentsneak/mvt into pungentsneak-main 2021-09-28 12:33:14 +02:00
Nex 1f08572a6a Bumped version 2021-09-22 17:32:22 +02:00
Nex 94e3c0ce7b Added iOS 15.0 2021-09-22 17:27:29 +02:00
pungentsneak 904daad935 add ShutdownLog 2021-09-22 13:24:17 +02:00
Nex 60a17381a2 Standardized code 2021-09-21 22:27:35 +02:00
tek ef2bb93dc4 Adds indicator check for android package name and file hash 2021-09-21 19:43:02 +02:00
Nex f68b7e7089 Pull file hashes fom Packages module directly 2021-09-20 19:15:39 +02:00
Nex a22241ec32 Added version commands 2021-09-17 14:19:03 +02:00
Nex 8ad1bc7a2b Bumped version 2021-09-16 10:45:26 +02:00
Nex 75b5b296a5 Added check for indicators (closes: #189) 2021-09-16 10:44:39 +02:00
Nex f1d039346d Bumped version 2021-09-14 14:33:17 +02:00
Nex ccdfd92d4a Merge branch 'dozenfossil-main' 2021-09-14 14:29:21 +02:00
Nex 032b229eb8 Minor changes for consistency 2021-09-14 14:29:04 +02:00
Nex 93936976c7 Merge branch 'main' of https://github.com/dozenfossil/mvt into dozenfossil-main 2021-09-14 14:26:37 +02:00
Nex f3a4e9d108
Merge pull request #186 from beneficentboast/main 
fix error for manipulated entries in DataUsage/NetUsage
 2021-09-14 14:26:00 +02:00
Nex 93a9735b5e Reordering 2021-09-14 14:21:54 +02:00
Nex 7b0e2d4564 Added version 2021-09-14 14:20:54 +02:00
beneficentboast 725a99bcd5 fix error for manipulated entries in DataUsage 2021-09-13 20:13:43 +02:00
dozenfossil 35a6f6ec9a fix multi path/file issue 2021-09-13 20:02:48 +02:00
Nex 3f9809f36c Formatting docstrings 2021-09-11 02:39:33 +02:00
Nex 6da6595108 More docstrings 2021-09-10 20:09:37 +02:00
Nex 35dfeaccee Re-ordered list of shortener domains 2021-09-10 15:21:02 +02:00
Nex e5f2aa3c3d Standardizing reST docstrings 2021-09-10 15:18:13 +02:00
Nex 3236c1b390 Added new TCC module 2021-09-09 12:00:48 +02:00
Nex 80a670273d Added additional locationd path 2021-09-07 15:18:00 +02:00
Nex 969b5cc506 Fixed bug in locationd module 2021-09-07 15:06:19 +02:00
Nex ef8622d4c3 Changed event name 2021-09-03 14:49:04 +02:00
Nex e39e9e6f92 Cleaned up and simplified module 2021-09-03 14:48:24 +02:00
Nex 7b32ed3179 Compacted record data 2021-09-03 14:41:55 +02:00
Nex 3e679312d1 Renamed module 2021-09-03 13:35:27 +02:00
guitarsinger be4f1afed6 add OSAnalyticsADDAILY 2021-09-03 11:59:44 +02:00
Nex 0dea25d86e Reverted version number to minor 2021-09-02 15:33:36 +02:00
Nex 505d3c7e60 Bumped version 2021-09-02 15:31:25 +02:00
Nex 8f04c09b75 Removed duplicate 2021-09-02 15:28:17 +02:00
Nex 595b7e2066 Fixed typo 2021-09-02 15:27:00 +02:00
Nex d3941bb5d3
Merge pull request #177 from harsaphes/main 
Checking idstatuscache.plist in a dump for iOS>14.7
 2021-09-01 22:00:51 +02:00
Nex 194c8a0ac1 Using new function to retrieve local db path 2021-09-01 21:59:12 +02:00
tek cacf027051 Fixes a bug in retrieving the backup file path in webkit session resource logs 2021-09-01 15:49:23 -04:00
tek da97f5ca30 Add db recovery to Safari history module 2021-09-01 15:40:45 -04:00
Nex a774577940 Handling some exceptions more gracefully 2021-09-01 13:41:21 +02:00
Nex 7252cc82a7 Added module to dump full output of dumpsys 2021-08-30 22:20:05 +02:00
Nex b34d80fd11 Logging module completed 2021-08-30 22:19:28 +02:00
Nex 0347dfa3c9 Added module Files to pull list of visible file pathso 2021-08-30 22:11:07 +02:00
Nex 28647b8493 Fixed is_dir() to isdir() 2021-08-30 22:08:29 +02:00
harsaphes c2ec26fd75 Checking idstatuscache.plist in a dump for iOS>14.7 2021-08-30 21:01:59 +02:00
Nex 856a6fb895 Cleaning up some classes 2021-08-28 12:33:27 +02:00
Jeff Irion 34c64af815
Fix `_adb_check_keys` method 2021-08-27 23:26:50 -07:00
Nex ea4da71277 Creating android home folder if missing 2021-08-27 19:12:09 +02:00
Nex 94fe3c90e0 Added logcat modules 2021-08-26 15:23:54 +02:00
Nex f78332aa71 Split receivers into a new package 2021-08-26 14:51:56 +02:00
Nex 0c4eb0bb34 Added discovery of Android packages with potentially abusive receivers 2021-08-26 14:08:39 +02:00
Nex e70054d0c2 Bumped version 2021-08-26 12:48:09 +02:00
Nex c859b43220 Adding logo to iOS cli 2021-08-26 12:40:45 +02:00
Nex 75ee2db02e Upgrading version 2021-08-26 12:36:37 +02:00
Nex b27047ed27 Updated lookup modules to new format (closes: #175) 2021-08-25 21:58:03 +02:00
Nex 79f313827f Changed mvt-android download-apks to only fetch non-system packages 2021-08-25 13:35:21 +02:00
Nex 0005ad2abd Removed unused imports 2021-08-21 15:50:12 +02:00
Nex a16b0c12d2 Added shared help messages 2021-08-21 15:48:52 +02:00
Nex e0a6608b9d Logging which files error the manifest module 2021-08-20 17:15:35 +02:00
Nex 80a91bb2ad Checking if the backup is actually encrypted before proceeding (closes: #48) 2021-08-20 15:18:08 +02:00
Nex 2d277d2d14 Catching in case uid field is not present 2021-08-18 23:11:18 +02:00
Nex 817aaab258 Indicate in help message that option can be invoked multiple times 2021-08-18 13:24:10 +02:00
Nex 4d8d91846c Added missing import of IndicatorsFileBadFormat 2021-08-18 13:21:54 +02:00
Nex e31e08e710 Added multiple indicators to Android cli 2021-08-18 13:19:34 +02:00
Nex 27847bf16c Added counter for loaded indicators 2021-08-18 13:18:34 +02:00
Nex f2b1311ff7 Sorted imports 2021-08-18 13:18:28 +02:00
Nex 48810af83d Fixed creation of Indicators instance 2021-08-18 13:12:37 +02:00
Nex 6a63256b5c Added ability to import multiple STIX2 indicators files 2021-08-18 13:08:32 +02:00
Nex d77809060f Added newline 2021-08-17 22:54:33 +02:00
Nex 99d539b040 Renamed packages.json to apks.json to avoid conflicts with other module 2021-08-17 13:26:26 +02:00
Nex 7edf147112 Better handling of package parsing and more logging (closes: #102) 2021-08-17 13:26:04 +02:00
Nex 39b81214c2 Catching exception when unable to connect to device over TCP 2021-08-17 13:10:36 +02:00
Nex 94fd6b5208 Catching errors more gracefully when downloading apks (closes: #158) 2021-08-17 13:06:31 +02:00
Nex 96e4a9a4a4 Overhaul of mvt-ios modules 2021-08-16 10:50:35 +02:00
Nex 24d7187303 Fixed variable name 2021-08-15 20:02:17 +02:00
Nex 6af6c52f60 Renamed function for consistency 2021-08-15 20:01:33 +02:00
Nex fdaf2fc760 Fixed WebkitSessionResourceLog module, still needs testing 2021-08-15 20:00:29 +02:00
Nex fda621672d Renamed webkit helper function 2021-08-15 19:50:55 +02:00
Nex ce6cc771b4 Replaced leftover dicts 2021-08-15 19:20:41 +02:00
Nex e1e4476bee Standardizing Manifest results structure 2021-08-15 19:07:45 +02:00
Nex 9582778adf Getting rid of dict() 2021-08-15 19:05:15 +02:00
Nex 5e6e4fa8d0 Added modules to extract details on configuration profiles from backup 2021-08-15 18:53:02 +02:00
Nex 9e5a412fe2 Creating helper function to locate files in Manifest.db 2021-08-15 17:39:14 +02:00
Nex 763cb6e06c DeviceInfo module is now BackupInfo and only running on backups 2021-08-15 13:16:00 +02:00
Nex cbdbf41e1e Restructured modules folders 2021-08-15 13:14:18 +02:00
Nex cf630f7c2b Fixed unused imports 2021-08-14 18:56:33 +02:00
Nex 3d6e01179a Fixed typo 2021-08-14 18:52:00 +02:00
Nex 8260bda308 Got rid of biplist, using standard plistlib 2021-08-14 18:50:11 +02:00
Nex 30e00e0707 Added module to extract information on device 2021-08-14 18:39:46 +02:00
Nex 88e2576334 Copying plist files too when decrypting a backup 2021-08-14 18:25:41 +02:00
Nex 076930c2c9 Added newline 2021-08-14 18:06:30 +02:00
Nex 8a91e64bb9 Catching gracefully if indicators file parse fails 2021-08-12 20:17:37 +02:00
Nex 54eaf046b0 Standardizing base classes declarations 2021-08-12 18:36:31 +02:00
Nex 23e4babbc9 Sorted imports 2021-08-12 18:34:33 +02:00
Nex 78b9fcd50c Added super init to NetBase 2021-08-12 18:34:23 +02:00
Nex 4eb7a64614 Removed serial in declaration 2021-08-12 18:33:58 +02:00
Nex e512e0b72f Fixed download_apks init 2021-08-12 18:25:57 +02:00
Nex 8ca7030195 Refactored serial specification for ADB 2021-08-12 18:21:21 +02:00
Nex f78c671885 Merge branch 'main' of https://github.com/j0k2r/mvt into j0k2r-main 2021-08-12 18:07:50 +02:00
Nex 411ac53522 Letting module handler catch any exception 2021-08-12 17:57:40 +02:00
Nex 8be60e8a04 Checking all processes 2021-08-12 17:53:19 +02:00
Nex 8a484b3b24 Added a more clear message regarding rooted Androids 2021-08-12 17:47:20 +02:00
Nex 0a7512cfb2 Checking for manipulated entries even when no indicators are provided 2021-08-12 12:57:27 +02:00
Nex 8d93ab66c9 Improved logging around detection results 2021-08-12 12:56:12 +02:00
Nex 6e19d34700 Merge branch 'main' of https://github.com/DL6ER/mvt into DL6ER-main 2021-08-12 12:49:36 +02:00
Nex 88324c7c42 Standardized to logging format 2021-08-12 12:48:29 +02:00
Daniel Kahn Gillmor ec93c3d8b8 Even friendlier behaviors when the user mis-specifies the backup path 
As discussed in #147
 2021-08-10 23:19:45 -04:00
Daniel Kahn Gillmor 1288f8ca53 handle error cases better 2021-08-10 22:57:15 -04:00
DL6ER 290776a286
Log if there was no detection made by the module 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2021-08-10 12:13:23 +02:00
Hamza Z 15c0d71933 Fix merge conflicts 2021-08-08 20:05:50 +02:00
Nex e5f7727c80 Fixed typo (closes: #157) 2021-08-06 18:40:09 +02:00
Nex 9f696dcb72 Added version 14.7.1 2021-08-05 09:03:02 +02:00
Nex 2302c9fb1c Fixed language 2021-08-05 08:56:41 +02:00
Nex 9bb8ae5187 Merge branch 'clearer-error-reporting' of https://github.com/dkg/mvt into dkg-clearer-error-reporting 2021-08-05 08:54:29 +02:00