Donncha Ó Cearbhaill
|
3215e797ec
|
Bug fixes for config profile and shortcut module
|
2021-12-16 22:58:36 +01:00 |
|
Donncha Ó Cearbhaill
|
5df50f864c
|
Merge branch 'main' into main
|
2021-12-16 19:21:18 +01:00 |
|
Donncha Ó Cearbhaill
|
45b31bb718
|
Add support for indentifying known malicious file paths over ADB
|
2021-12-16 19:16:24 +01:00 |
|
Donncha Ó Cearbhaill
|
e10f1767e6
|
Update WhatsApp module to search for links in attachments
|
2021-12-16 18:46:31 +01:00 |
|
tek
|
d64277c0bf
|
Adds missing iOS version
|
2021-12-16 18:39:22 +01:00 |
|
Donncha Ó Cearbhaill
|
3f3261511a
|
Add module to search for known malicious or suspicious configuration profiles
|
2021-12-16 17:57:26 +01:00 |
|
Donncha Ó Cearbhaill
|
4cfe75e2d4
|
Add module to parse iOS Shortcuts and search for malicious actions
|
2021-12-16 17:47:08 +01:00 |
|
tek
|
cdd90332f7
|
Adds timeline support to TCC iOS module
|
2021-12-16 13:57:44 +01:00 |
|
tek
|
79bb7d1d4b
|
Fixes indiator parsing bug
|
2021-12-13 18:37:05 +01:00 |
|
tek
|
b25cc48be0
|
Fixes issue in Safari Browser State for older iOS versions
|
2021-12-06 15:04:52 +01:00 |
|
tek
|
40bd9ddc1d
|
Fixes issue with different TCC database versions
|
2021-12-03 20:31:12 +01:00 |
|
Tek
|
deb95297da
|
Merge pull request #219 from workingreact/main
Fix ConfigurationProfiles
|
2021-12-03 19:56:43 +01:00 |
|
tek
|
02014b414b
|
Add warning for apple notification
|
2021-12-03 19:42:35 +01:00 |
|
tek
|
7dd5fe7831
|
Catch and recover malformed SMS database
|
2021-12-03 17:46:41 +01:00 |
|
workingreact
|
11d1a3dcee
|
fix typo
|
2021-12-02 18:31:07 +01:00 |
|
workingreact
|
74f9db2bf2
|
fix ConfigurationProfiles
|
2021-12-02 16:55:14 +01:00 |
|
tek
|
356bddc3af
|
Adds new iOS versions
|
2021-11-28 17:43:50 +01:00 |
|
Nex
|
512f40dcb4
|
Standardized code with flake8
|
2021-11-19 15:27:51 +01:00 |
|
Nex
|
529df85f0f
|
Sorted imports
|
2021-11-04 12:58:35 +01:00 |
|
panelmix
|
34c997f923
|
Replace NetworkingAnalytics with Analytics
|
2021-11-02 13:29:12 +01:00 |
|
Nex
|
7019375767
|
Merge pull request #210 from hurtcrushing/main
Search for entries in ZPROCESS but not in ZLIVEUSAGE
|
2021-10-27 14:22:40 +02:00 |
|
Nex
|
34dd27c5d2
|
Added iPhone 13
|
2021-10-26 18:33:07 +02:00 |
|
Nex
|
a4d6a08a8b
|
Added iOS 15.1
|
2021-10-26 18:09:31 +02:00 |
|
hurtcrushing
|
635d3a392d
|
change warning to info
|
2021-10-25 14:54:03 +02:00 |
|
hurtcrushing
|
2d78bddbba
|
Search for entries in ZPROCESS but not in ZLIVEUSAGE
|
2021-10-25 14:34:18 +02:00 |
|
tek
|
e0c9a44b10
|
Merge branch 'main' of github.com:mvt-project/mvt
|
2021-10-21 21:17:31 +02:00 |
|
tek
|
ef8c1ae895
|
Adds recent iOS versions
|
2021-10-21 21:17:09 +02:00 |
|
Nex
|
f8e380baa1
|
Minor style fixes
|
2021-10-18 12:51:20 +02:00 |
|
Nex
|
35559b09a8
|
Merge pull request #206 from colossalzippy/main
improve Filesystem module
|
2021-10-18 12:48:58 +02:00 |
|
colossalzippy
|
f601db2174
|
improve Filesystem
|
2021-10-15 14:58:50 +02:00 |
|
witchbuild
|
3ce9641c23
|
add NetworkingAnalytics
|
2021-10-15 11:53:06 +02:00 |
|
Nex
|
01e68ccc6a
|
Fixed dict decl
|
2021-09-28 12:45:15 +02:00 |
|
Nex
|
fba0fa1f2c
|
Removed newline
|
2021-09-28 12:44:15 +02:00 |
|
Nex
|
8fcc79ebfa
|
Adapted for better support
|
2021-09-28 12:42:57 +02:00 |
|
Nex
|
423462395a
|
Merge branch 'main' of https://github.com/pungentsneak/mvt into pungentsneak-main
|
2021-09-28 12:33:14 +02:00 |
|
Nex
|
94e3c0ce7b
|
Added iOS 15.0
|
2021-09-22 17:27:29 +02:00 |
|
pungentsneak
|
904daad935
|
add ShutdownLog
|
2021-09-22 13:24:17 +02:00 |
|
Nex
|
a22241ec32
|
Added version commands
|
2021-09-17 14:19:03 +02:00 |
|
Nex
|
75b5b296a5
|
Added check for indicators (closes: #189)
|
2021-09-16 10:44:39 +02:00 |
|
Nex
|
ccdfd92d4a
|
Merge branch 'dozenfossil-main'
|
2021-09-14 14:29:21 +02:00 |
|
Nex
|
032b229eb8
|
Minor changes for consistency
|
2021-09-14 14:29:04 +02:00 |
|
Nex
|
93936976c7
|
Merge branch 'main' of https://github.com/dozenfossil/mvt into dozenfossil-main
|
2021-09-14 14:26:37 +02:00 |
|
Nex
|
f3a4e9d108
|
Merge pull request #186 from beneficentboast/main
fix error for manipulated entries in DataUsage/NetUsage
|
2021-09-14 14:26:00 +02:00 |
|
Nex
|
93a9735b5e
|
Reordering
|
2021-09-14 14:21:54 +02:00 |
|
Nex
|
7b0e2d4564
|
Added version
|
2021-09-14 14:20:54 +02:00 |
|
beneficentboast
|
725a99bcd5
|
fix error for manipulated entries in DataUsage
|
2021-09-13 20:13:43 +02:00 |
|
dozenfossil
|
35a6f6ec9a
|
fix multi path/file issue
|
2021-09-13 20:02:48 +02:00 |
|
Nex
|
e5f2aa3c3d
|
Standardizing reST docstrings
|
2021-09-10 15:18:13 +02:00 |
|
Nex
|
3236c1b390
|
Added new TCC module
|
2021-09-09 12:00:48 +02:00 |
|
Nex
|
80a670273d
|
Added additional locationd path
|
2021-09-07 15:18:00 +02:00 |
|
Nex
|
969b5cc506
|
Fixed bug in locationd module
|
2021-09-07 15:06:19 +02:00 |
|
Nex
|
ef8622d4c3
|
Changed event name
|
2021-09-03 14:49:04 +02:00 |
|
Nex
|
e39e9e6f92
|
Cleaned up and simplified module
|
2021-09-03 14:48:24 +02:00 |
|
Nex
|
7b32ed3179
|
Compacted record data
|
2021-09-03 14:41:55 +02:00 |
|
Nex
|
3e679312d1
|
Renamed module
|
2021-09-03 13:35:27 +02:00 |
|
guitarsinger
|
be4f1afed6
|
add OSAnalyticsADDAILY
|
2021-09-03 11:59:44 +02:00 |
|
Nex
|
8f04c09b75
|
Removed duplicate
|
2021-09-02 15:28:17 +02:00 |
|
Nex
|
595b7e2066
|
Fixed typo
|
2021-09-02 15:27:00 +02:00 |
|
Nex
|
d3941bb5d3
|
Merge pull request #177 from harsaphes/main
Checking idstatuscache.plist in a dump for iOS>14.7
|
2021-09-01 22:00:51 +02:00 |
|
Nex
|
194c8a0ac1
|
Using new function to retrieve local db path
|
2021-09-01 21:59:12 +02:00 |
|
tek
|
cacf027051
|
Fixes a bug in retrieving the backup file path in webkit session resource logs
|
2021-09-01 15:49:23 -04:00 |
|
tek
|
da97f5ca30
|
Add db recovery to Safari history module
|
2021-09-01 15:40:45 -04:00 |
|
Nex
|
a774577940
|
Handling some exceptions more gracefully
|
2021-09-01 13:41:21 +02:00 |
|
harsaphes
|
c2ec26fd75
|
Checking idstatuscache.plist in a dump for iOS>14.7
|
2021-08-30 21:01:59 +02:00 |
|
Nex
|
856a6fb895
|
Cleaning up some classes
|
2021-08-28 12:33:27 +02:00 |
|
Nex
|
c859b43220
|
Adding logo to iOS cli
|
2021-08-26 12:40:45 +02:00 |
|
Nex
|
0005ad2abd
|
Removed unused imports
|
2021-08-21 15:50:12 +02:00 |
|
Nex
|
a16b0c12d2
|
Added shared help messages
|
2021-08-21 15:48:52 +02:00 |
|
Nex
|
e0a6608b9d
|
Logging which files error the manifest module
|
2021-08-20 17:15:35 +02:00 |
|
Nex
|
80a91bb2ad
|
Checking if the backup is actually encrypted before proceeding (closes: #48)
|
2021-08-20 15:18:08 +02:00 |
|
Nex
|
817aaab258
|
Indicate in help message that option can be invoked multiple times
|
2021-08-18 13:24:10 +02:00 |
|
Nex
|
27847bf16c
|
Added counter for loaded indicators
|
2021-08-18 13:18:34 +02:00 |
|
Nex
|
48810af83d
|
Fixed creation of Indicators instance
|
2021-08-18 13:12:37 +02:00 |
|
Nex
|
6a63256b5c
|
Added ability to import multiple STIX2 indicators files
|
2021-08-18 13:08:32 +02:00 |
|
Nex
|
96e4a9a4a4
|
Overhaul of mvt-ios modules
|
2021-08-16 10:50:35 +02:00 |
|
Nex
|
24d7187303
|
Fixed variable name
|
2021-08-15 20:02:17 +02:00 |
|
Nex
|
6af6c52f60
|
Renamed function for consistency
|
2021-08-15 20:01:33 +02:00 |
|
Nex
|
fdaf2fc760
|
Fixed WebkitSessionResourceLog module, still needs testing
|
2021-08-15 20:00:29 +02:00 |
|
Nex
|
fda621672d
|
Renamed webkit helper function
|
2021-08-15 19:50:55 +02:00 |
|
Nex
|
ce6cc771b4
|
Replaced leftover dicts
|
2021-08-15 19:20:41 +02:00 |
|
Nex
|
e1e4476bee
|
Standardizing Manifest results structure
|
2021-08-15 19:07:45 +02:00 |
|
Nex
|
9582778adf
|
Getting rid of dict()
|
2021-08-15 19:05:15 +02:00 |
|
Nex
|
5e6e4fa8d0
|
Added modules to extract details on configuration profiles from backup
|
2021-08-15 18:53:02 +02:00 |
|
Nex
|
9e5a412fe2
|
Creating helper function to locate files in Manifest.db
|
2021-08-15 17:39:14 +02:00 |
|
Nex
|
763cb6e06c
|
DeviceInfo module is now BackupInfo and only running on backups
|
2021-08-15 13:16:00 +02:00 |
|
Nex
|
cbdbf41e1e
|
Restructured modules folders
|
2021-08-15 13:14:18 +02:00 |
|
Nex
|
cf630f7c2b
|
Fixed unused imports
|
2021-08-14 18:56:33 +02:00 |
|
Nex
|
3d6e01179a
|
Fixed typo
|
2021-08-14 18:52:00 +02:00 |
|
Nex
|
8260bda308
|
Got rid of biplist, using standard plistlib
|
2021-08-14 18:50:11 +02:00 |
|
Nex
|
30e00e0707
|
Added module to extract information on device
|
2021-08-14 18:39:46 +02:00 |
|
Nex
|
88e2576334
|
Copying plist files too when decrypting a backup
|
2021-08-14 18:25:41 +02:00 |
|
Nex
|
8a91e64bb9
|
Catching gracefully if indicators file parse fails
|
2021-08-12 20:17:37 +02:00 |
|
Nex
|
54eaf046b0
|
Standardizing base classes declarations
|
2021-08-12 18:36:31 +02:00 |
|
Nex
|
23e4babbc9
|
Sorted imports
|
2021-08-12 18:34:33 +02:00 |
|
Nex
|
78b9fcd50c
|
Added super init to NetBase
|
2021-08-12 18:34:23 +02:00 |
|
Nex
|
0a7512cfb2
|
Checking for manipulated entries even when no indicators are provided
|
2021-08-12 12:57:27 +02:00 |
|
Nex
|
88324c7c42
|
Standardized to logging format
|
2021-08-12 12:48:29 +02:00 |
|
Daniel Kahn Gillmor
|
ec93c3d8b8
|
Even friendlier behaviors when the user mis-specifies the backup path
As discussed in #147
|
2021-08-10 23:19:45 -04:00 |
|
Daniel Kahn Gillmor
|
1288f8ca53
|
handle error cases better
|
2021-08-10 22:57:15 -04:00 |
|
Nex
|
9f696dcb72
|
Added version 14.7.1
|
2021-08-05 09:03:02 +02:00 |
|