Nex
d6af7c8cca
Updating flake8 config and fixed some violations
2022-03-18 11:10:06 +01:00
Nex
6584d8232c
Fixed bug in bugreport packages parser
2022-03-16 10:20:53 +01:00
Nex
9bdef6ede4
Fixing spacing
2022-03-10 11:35:49 +01:00
Nex
fc9a27d030
Sorted imports
2022-03-10 11:33:54 +01:00
Donncha Ó Cearbhaill
ac26aa964a
Fix exception with bad password
2022-03-04 17:24:26 +01:00
Donncha Ó Cearbhaill
be511dcb51
Refactor SMS ADB code to use backup functions
2022-03-04 17:06:10 +01:00
Donncha Ó Cearbhaill
b44c67e699
Refactor some of the decryption code
2022-03-04 17:04:32 +01:00
tek
a4d08f8f35
Replaces pyaes with cryptography and reorganize backup parser code
2022-03-04 15:05:10 +01:00
tek
86c79075ff
Reorganise code for backup modules
2022-03-04 10:10:56 +01:00
tek
639c163297
Adds partial compression support in Android Backup parsing
2022-02-23 16:18:45 +01:00
tek
8eb30e3a02
Improves android backup parsing for check-backup and check-adb
2022-02-23 15:07:13 +01:00
Donncha Ó Cearbhaill
cd0e7d9879
Fix syntax error with broken comment
2022-02-18 15:09:08 +01:00
Donncha Ó Cearbhaill
bdaaf15434
Add initial implementation of SMS extraction using ADB
2022-02-17 18:17:38 +01:00
Nex
57cbb0ed56
Fixed typo
2022-02-09 13:30:31 +01:00
Nex
e9cc6b3928
Fixed code styling and added missing check in adb getprop
2022-02-09 13:20:09 +01:00
tek
ed54761747
Adds warning if phone is outdated in getprop module
2022-02-07 17:28:01 +01:00
Nex
71c4ba799f
Fixed help message for download-apks
2022-02-04 13:42:32 +01:00
Nex
6fc6102b73
Improved parsing of bugreports by finding dumpstate file name from main_entry.txt
2022-02-04 13:34:40 +01:00
Nex
3fe5d8dc8d
Fixing battery stats history parsing
2022-02-03 22:18:37 +01:00
Nex
fec6210d1b
Fixed parsing of dbinfo to support multiple formats
2022-02-03 20:36:47 +01:00
Nex
6a723e533f
Fixed logging in adb modules
2022-02-03 20:19:07 +01:00
Nex
ed8a5a3845
Fixed dumpstate parsing for different formats and added logging
2022-02-03 19:55:18 +01:00
Nex
04225a4455
Ignoring decoding errors
2022-02-03 19:40:36 +01:00
Nex
5987f218be
Supporting multiple file names
2022-02-03 19:26:45 +01:00
Nex
748780476e
Fixed a typo and catching exception
2022-02-03 19:20:26 +01:00
Nex
c522b54326
Supporting searching files by multiple patterns
2022-02-03 17:21:29 +01:00
Nex
0e0e346916
Fixed issue in parsing batterystats daily
2022-02-03 13:36:08 +01:00
Nex
69daf3c3cd
Added module checking SELinux enforcement status
2022-02-03 11:34:02 +01:00
Nex
230f81879a
Added check for indicators to Processes
2022-02-03 00:06:15 +01:00
Nex
df42efb7cb
Added getprop parser
2022-02-02 22:07:47 +01:00
Nex
0922e569b0
Sorted imports
2022-02-02 22:00:48 +01:00
Nex
03092cf3b7
Attempting split of parsers
2022-02-02 21:58:11 +01:00
Nex
ab63a02c9f
Code clean-ups
2022-02-02 19:18:47 +01:00
Nex
a833dda581
Added getprop bugreport module
2022-02-02 19:00:20 +01:00
Nex
512c349c2c
Sorted imports
2022-02-02 16:10:24 +01:00
Nex
b94ba28873
Supporting loading from extracted folder
2022-02-02 16:10:12 +01:00
Nex
564efc3629
Sorted imports
2022-02-02 15:49:24 +01:00
Nex
9c62e6e4d6
Added Packages module
2022-02-02 15:47:55 +01:00
Nex
e2936c3d33
Added new check-bugreport command and modules
2022-02-02 00:09:53 +01:00
Nex
3483ca1584
Package dumpsys parsing as static method
2022-02-01 21:45:26 +01:00
Nex
b97ce7651a
Fixed missing checks for indicators instance (ref: #245 )
2022-02-01 17:48:19 +01:00
Nex
52a204cab6
Obtaining permissions for installed packages
2022-02-01 15:33:19 +01:00
Nex
1b335fda1d
Renamed function argument to more descriptive
2022-02-01 15:07:43 +01:00
Nex
2ad175eae2
Renamed package to package_name for consistency
2022-02-01 14:27:00 +01:00
Nex
434738a306
Better regexp formatting
2022-01-31 13:05:03 +01:00
Nex
06cd640c5e
Using static methods
2022-01-31 12:58:33 +01:00
Nex
fb8a7ca104
Enforce consistency in Android modules
2022-01-31 11:30:49 +01:00
Nex
8d15ff58dd
Renamed matched field name to singular
2022-01-30 20:29:09 +01:00
Nex
eb5f07a75d
Updated copyright notice
2022-01-30 20:15:01 +01:00
Nex
ececf1a6b2
Added module to extract db queries
2022-01-30 19:43:09 +01:00
Nex
851cd52602
Ordering and clean-up
2022-01-30 16:41:32 +01:00
Nex
8db04fc991
Added module to parse battery daily stats package updates
2022-01-30 16:02:24 +01:00
Nex
3d0ba56e1f
Fixed parsing of wake events
2022-01-30 15:20:03 +01:00
Nex
c48a4e8f50
Fixed variable name
2022-01-30 04:12:19 +01:00
Nex
001c2998a5
Removed unnecessary newlines
2022-01-30 04:11:46 +01:00
Nex
5e7c5727af
Added check for indicators to dumpsys modules
2022-01-30 04:08:48 +01:00
Nex
883fbaeb88
Parsing records from accessibility and battery history
2022-01-30 03:44:41 +01:00
Nex
6f0012cede
Removed modules which are only duplicated outputs from dumpsys full
2022-01-30 03:39:26 +01:00
Nex
458e80ccbb
Adding module to process battery history
2022-01-30 03:34:16 +01:00
Nex
c8185fdbd8
Small code clean-ups
2022-01-29 15:13:35 +01:00
Yallxe
43b1612dfe
Set utf-8 as an encoding for open()
...
Not every system uses 'utf-8' as a default encoding for opening files in Python.
Before you say that there must be a way to set default encoding in one line, no, there is not. At least, I didn't found a way to do this.
2022-01-29 12:18:18 +01:00
Nex
49e34f6299
Better parsing of dumpsys package and added parsing of Activities too
2022-01-29 03:50:33 +01:00
Nex
d88a66dd54
Fixed typo
2022-01-29 01:13:52 +01:00
Nex
d3ed778ae4
Fixed comment stylling
2022-01-29 01:13:29 +01:00
tek
4c3306c272
Separate receivers parsing in DumpsysReceivers
2022-01-29 01:06:32 +01:00
Nex
10a640d3f7
Temporary disabing VirusTotal lookup because of API issues
2022-01-28 22:25:21 +01:00
Nex
90d05336da
Added check for additional outgoing call event
2022-01-28 17:21:28 +01:00
Nex
5513e6e9e3
Ordered imports
2022-01-28 16:36:24 +01:00
Nex
38116f8405
Catching device not found exception
2022-01-28 15:47:50 +01:00
Nex
59b069f006
Added lookups for non-system packages on check-adb too
2022-01-28 12:25:50 +01:00
Nex
28e1348aa7
Added check-iocs command to mvt-android
2022-01-27 18:23:19 +01:00
Nex
09d5eabf2f
Changing check logic for Android settings
2022-01-27 15:24:17 +01:00
Nex
a425d6c511
Added missing comma and ordered imports
2022-01-27 14:56:02 +01:00
Nex
f8897a4f8c
Added more dangerous settings
2022-01-27 14:54:31 +01:00
Nex
86eae68bdb
Added Android settings module
2022-01-27 13:33:06 +01:00
Nex
25c6c03075
Added Getprop module and cleaned Files and Packages Android modules
2022-01-27 12:50:37 +01:00
Nex
b35cd4bc73
Added support for context-aware indicators.
...
This way when a detection is logged, the user can know which STIX2
file was matched by the module
2022-01-21 16:26:58 +01:00
Nex
1b4f99a31d
Trying to catch missing argument error (ref: #211 )
2022-01-21 12:20:22 +01:00
tek
38bb583a9e
Improves management of file path indicators
2022-01-18 15:50:31 +01:00
Nex
146f2ae57d
Renaming check function for consistency
2022-01-12 16:02:13 +01:00
Nex
11bc916854
Sorted imports
2022-01-11 16:02:44 +01:00
Nex
3084876f31
Removing unused imports, fixing conditions, new lines
2022-01-11 16:02:01 +01:00
Nex
f63cb585b2
Shortened command to download-iocs
2022-01-11 15:59:01 +01:00
Nex
637aebcd89
Small cleanup
2022-01-11 15:53:10 +01:00
Nex
16a0de3af4
Added new module to highlight installed accessibility services
2022-01-11 15:16:26 +01:00
tek
28d57e7178
Add command to download latest public indicators
...
Squashed commit of the following:
commit c0d9e8d5d188c13e7e5ec0612e99bfb7e25f47d4
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 16:05:12 2022 +0100
Update name of indicators JSON file
commit f719e49c5f942cef64931ecf422b6a6e7b8c9f17
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 15:38:03 2022 +0100
Do not set indicators option on module if no indicators were loaded
commit a289eb8de936f7d74c6c787cbb8daf5c5bec015c
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 14:43:00 2022 +0100
Simplify code for loading IoCs
commit 0804563415ee80d76c13d3b38ffe639fa14caa14
Author: Donncha Ó Cearbhaill <donncha.ocearbhaill@amnesty.org>
Date: Fri Jan 7 13:43:47 2022 +0100
Add metadata to IoC entries
commit 97d0e893c1a0736c4931363ff40f09a030b90cf6
Author: tek <tek@randhome.io>
Date: Fri Dec 17 16:43:09 2021 +0100
Implements automated loading of indicators
commit c381e14df92ae4d7d846a1c97bcf6639cc526082
Author: tek <tek@randhome.io>
Date: Fri Dec 17 12:41:15 2021 +0100
Improves download-indicators
commit b938e02ddfd0b916fd883f510b467491a4a84e5f
Author: tek <tek@randhome.io>
Date: Fri Dec 17 01:44:26 2021 +0100
Adds download-indicators for mvt-ios and mvt-android
2022-01-07 16:38:04 +01:00
Nicolai Søborg
c282d4341d
Bump adb read timeout
...
Some adb commands (like `dumpsys`) are very slow and the default timeout is "only" 10s.
A timeout of 200 seconds is chosen completely at random - works on my phone 🤷
Fixes https://github.com/mvt-project/mvt/issues/113
Fixes https://github.com/mvt-project/mvt/issues/228
2021-12-28 13:56:04 +01:00
tek
82b57f1997
Fixes IOC issue in android CLI
2021-12-22 00:19:16 +01:00
Donncha Ó Cearbhaill
45b31bb718
Add support for indentifying known malicious file paths over ADB
2021-12-16 19:16:24 +01:00
tek
d9b29b3739
Fixes indicator issue in the android cli
2021-12-16 12:51:57 +01:00
Nex
512f40dcb4
Standardized code with flake8
2021-11-19 15:27:51 +01:00
Nex
b3a464ba58
Removed unused imports
2021-11-19 14:54:53 +01:00
vin01
40b0da9885
Specify public key for PythonRSASigner
2021-10-08 21:36:49 +02:00
tek
94a8d9dd91
Fixes bug in adb handling
2021-09-29 18:16:33 +02:00
tek
963d3db51a
Fixes a bug in android packages module
2021-09-29 17:59:50 +02:00
Nex
60a17381a2
Standardized code
2021-09-21 22:27:35 +02:00
tek
ef2bb93dc4
Adds indicator check for android package name and file hash
2021-09-21 19:43:02 +02:00
Nex
f68b7e7089
Pull file hashes fom Packages module directly
2021-09-20 19:15:39 +02:00
Nex
a22241ec32
Added version commands
2021-09-17 14:19:03 +02:00
Nex
e5f2aa3c3d
Standardizing reST docstrings
2021-09-10 15:18:13 +02:00
Nex
7252cc82a7
Added module to dump full output of dumpsys
2021-08-30 22:20:05 +02:00
Nex
b34d80fd11
Logging module completed
2021-08-30 22:19:28 +02:00
Nex
0347dfa3c9
Added module Files to pull list of visible file pathso
2021-08-30 22:11:07 +02:00
Nex
28647b8493
Fixed is_dir() to isdir()
2021-08-30 22:08:29 +02:00
Jeff Irion
34c64af815
Fix _adb_check_keys
method
2021-08-27 23:26:50 -07:00
Nex
ea4da71277
Creating android home folder if missing
2021-08-27 19:12:09 +02:00
Nex
94fe3c90e0
Added logcat modules
2021-08-26 15:23:54 +02:00
Nex
f78332aa71
Split receivers into a new package
2021-08-26 14:51:56 +02:00
Nex
0c4eb0bb34
Added discovery of Android packages with potentially abusive receivers
2021-08-26 14:08:39 +02:00
Nex
75ee2db02e
Upgrading version
2021-08-26 12:36:37 +02:00
Nex
b27047ed27
Updated lookup modules to new format ( closes : #175 )
2021-08-25 21:58:03 +02:00
Nex
79f313827f
Changed mvt-android download-apks to only fetch non-system packages
2021-08-25 13:35:21 +02:00
Nex
a16b0c12d2
Added shared help messages
2021-08-21 15:48:52 +02:00
Nex
2d277d2d14
Catching in case uid field is not present
2021-08-18 23:11:18 +02:00
Nex
817aaab258
Indicate in help message that option can be invoked multiple times
2021-08-18 13:24:10 +02:00
Nex
4d8d91846c
Added missing import of IndicatorsFileBadFormat
2021-08-18 13:21:54 +02:00
Nex
e31e08e710
Added multiple indicators to Android cli
2021-08-18 13:19:34 +02:00
Nex
f2b1311ff7
Sorted imports
2021-08-18 13:18:28 +02:00
Nex
d77809060f
Added newline
2021-08-17 22:54:33 +02:00
Nex
99d539b040
Renamed packages.json to apks.json to avoid conflicts with other module
2021-08-17 13:26:26 +02:00
Nex
7edf147112
Better handling of package parsing and more logging ( closes : #102 )
2021-08-17 13:26:04 +02:00
Nex
39b81214c2
Catching exception when unable to connect to device over TCP
2021-08-17 13:10:36 +02:00
Nex
94fd6b5208
Catching errors more gracefully when downloading apks ( closes : #158 )
2021-08-17 13:06:31 +02:00
Nex
9582778adf
Getting rid of dict()
2021-08-15 19:05:15 +02:00
Nex
cf630f7c2b
Fixed unused imports
2021-08-14 18:56:33 +02:00
Nex
54eaf046b0
Standardizing base classes declarations
2021-08-12 18:36:31 +02:00
Nex
23e4babbc9
Sorted imports
2021-08-12 18:34:33 +02:00
Nex
e512e0b72f
Fixed download_apks init
2021-08-12 18:25:57 +02:00
Nex
8ca7030195
Refactored serial specification for ADB
2021-08-12 18:21:21 +02:00
Nex
f78c671885
Merge branch 'main' of https://github.com/j0k2r/mvt into j0k2r-main
2021-08-12 18:07:50 +02:00
Nex
411ac53522
Letting module handler catch any exception
2021-08-12 17:57:40 +02:00
Nex
8be60e8a04
Checking all processes
2021-08-12 17:53:19 +02:00
Nex
8a484b3b24
Added a more clear message regarding rooted Androids
2021-08-12 17:47:20 +02:00
Hamza Z
15c0d71933
Fix merge conflicts
2021-08-08 20:05:50 +02:00
Nex
76e6138d77
Catching check if root exception more grafully ( closes : #5 )
2021-08-05 08:49:34 +02:00
Nex
f011fd19e8
More explicit copyright and licensing notes
2021-08-01 21:11:08 +02:00
Nex
632409c81d
Using consistent constant names
2021-07-30 18:08:52 +02:00
Nex
6df6064370
Merge branch 'fix_SMS_PATH' of https://github.com/EmilienCourt/mvt into EmilienCourt-fix_SMS_PATH
2021-07-30 18:04:16 +02:00
Nex
c966eea7e6
Sorted imports
2021-07-30 11:40:09 +02:00
Nex
18ed58cbf9
Removed unused dependency
2021-07-30 11:19:15 +02:00
Nex
490fb12302
Refactored creation of output folders
2021-07-30 11:08:32 +02:00
Nex
e2d82b0349
Merge branch 'master' of https://github.com/febrezo/mvt into febrezo-master
2021-07-30 10:48:34 +02:00
emilien
47df94fa12
fix typo
2021-07-25 15:13:23 +02:00
emilien
e5003b6490
Handle SMS bases in mmssms.db instead of bugle_db
2021-07-25 15:06:22 +02:00
emilien
3d9574682c
Fix WhatsApp thumb image
2021-07-25 14:13:10 +02:00
Nex
97558ec3af
Merge pull request #19 from goshawk22/patch-2
...
Better check for if device has root
2021-07-24 13:56:12 +02:00
Nex
25d6d52557
Merge pull request #98 from Trigus42/main
...
Fix download of APKs that require root privileges #2
2021-07-24 13:53:43 +02:00
Trigus42
03523a40c0
Fix _adb_process_file & Improve _adb_download_root
...
- The _adb_download function doesn't need a package_name argument. This broke _adb_process_file and unnecessarily clutters function calls. Also, the function may be used to download other files or folders too. Generating a random filename seems like the best solution to me since it is less likely to get a duplicate filename and thus to replace an existing file.
- The path /sdcard/Download doesn't necessarily exist. Using /sdcard seems more reliable.
2021-07-24 12:09:59 +02:00
goshawk22
ad3faa186b
Use command -v instead of which to check for root
...
`command` is built in, unlike `which`, and is more reliable.
https://github.com/mvt-project/mvt/pull/19#issuecomment-885650430
https://stackoverflow.com/questions/592620/how-can-i-check-if-a-program-exists-from-a-bash-script/677212#677212
2021-07-23 15:35:56 +01:00
tek
e69449a2f0
Fixes typos
2021-07-22 23:21:31 +02:00