mirror of
https://github.com/mvt-project/mvt.git
synced 2024-07-01 08:29:03 +00:00
Compare commits
3 Commits
68337cdd42
...
b2e25e56c5
Author | SHA1 | Date | |
---|---|---|---|
|
b2e25e56c5 | ||
|
013282dbba | ||
|
4b89887f4b |
|
@ -13,7 +13,6 @@ ENV DEBIAN_FRONTEND=noninteractive
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
RUN apt update \
|
RUN apt update \
|
||||||
&& apt install -y python3 python3-pip libusb-1.0-0-dev wget unzip default-jre-headless adb \
|
&& apt install -y python3 python3-pip libusb-1.0-0-dev wget unzip default-jre-headless adb \
|
||||||
|
|
||||||
# Install build tools for libimobiledevice
|
# Install build tools for libimobiledevice
|
||||||
# ----------------------------------------
|
# ----------------------------------------
|
||||||
build-essential \
|
build-essential \
|
||||||
|
@ -27,7 +26,6 @@ RUN apt update \
|
||||||
libssl-dev \
|
libssl-dev \
|
||||||
sqlite3 \
|
sqlite3 \
|
||||||
pkg-config \
|
pkg-config \
|
||||||
|
|
||||||
# Clean up
|
# Clean up
|
||||||
# --------
|
# --------
|
||||||
&& apt-get clean \
|
&& apt-get clean \
|
||||||
|
@ -41,17 +39,11 @@ RUN git clone https://github.com/libimobiledevice/libplist \
|
||||||
&& git clone https://github.com/libimobiledevice/libusbmuxd \
|
&& git clone https://github.com/libimobiledevice/libusbmuxd \
|
||||||
&& git clone https://github.com/libimobiledevice/libimobiledevice \
|
&& git clone https://github.com/libimobiledevice/libimobiledevice \
|
||||||
&& git clone https://github.com/libimobiledevice/usbmuxd \
|
&& git clone https://github.com/libimobiledevice/usbmuxd \
|
||||||
|
|
||||||
&& cd libplist && ./autogen.sh && make && make install && ldconfig \
|
&& cd libplist && ./autogen.sh && make && make install && ldconfig \
|
||||||
|
|
||||||
&& cd ../libimobiledevice-glue && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr && make && make install && ldconfig \
|
&& cd ../libimobiledevice-glue && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr && make && make install && ldconfig \
|
||||||
|
|
||||||
&& cd ../libusbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh && make && make install && ldconfig \
|
&& cd ../libusbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh && make && make install && ldconfig \
|
||||||
|
|
||||||
&& cd ../libimobiledevice && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --enable-debug && make && make install && ldconfig \
|
&& cd ../libimobiledevice && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --enable-debug && make && make install && ldconfig \
|
||||||
|
|
||||||
&& cd ../usbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make && make install \
|
&& cd ../usbmuxd && PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./autogen.sh --prefix=/usr --sysconfdir=/etc --localstatedir=/var --runstatedir=/run && make && make install \
|
||||||
|
|
||||||
# Clean up.
|
# Clean up.
|
||||||
&& cd .. && rm -rf libplist libimobiledevice-glue libusbmuxd libimobiledevice usbmuxd
|
&& cd .. && rm -rf libplist libimobiledevice-glue libusbmuxd libimobiledevice usbmuxd
|
||||||
|
|
||||||
|
|
|
@ -44,20 +44,25 @@ class SMS(IOSExtraction):
|
||||||
def serialize(self, record: dict) -> Union[dict, list]:
|
def serialize(self, record: dict) -> Union[dict, list]:
|
||||||
text = record["text"].replace("\n", "\\n")
|
text = record["text"].replace("\n", "\\n")
|
||||||
sms_data = f"{record['service']}: {record['guid']} \"{text}\" from {record['phone_number']} ({record['account']})"
|
sms_data = f"{record['service']}: {record['guid']} \"{text}\" from {record['phone_number']} ({record['account']})"
|
||||||
return [
|
sms_data = [
|
||||||
{
|
{
|
||||||
"timestamp": record["isodate"],
|
"timestamp": record["isodate"],
|
||||||
"module": self.__class__.__name__,
|
"module": self.__class__.__name__,
|
||||||
"event": "sms_received",
|
"event": "sms_received",
|
||||||
"data": sms_data,
|
"data": sms_data,
|
||||||
},
|
},
|
||||||
{
|
|
||||||
"timestamp": record["isodate_read"],
|
|
||||||
"module": self.__class__.__name__,
|
|
||||||
"event": "sms_read",
|
|
||||||
"data": sms_data,
|
|
||||||
},
|
|
||||||
]
|
]
|
||||||
|
# If the message was read, we add an extra event.
|
||||||
|
if record["isodate_read"]:
|
||||||
|
sms_data.append(
|
||||||
|
{
|
||||||
|
"timestamp": record["isodate_read"],
|
||||||
|
"module": self.__class__.__name__,
|
||||||
|
"event": "sms_read",
|
||||||
|
"data": sms_data,
|
||||||
|
}
|
||||||
|
)
|
||||||
|
return sms_data
|
||||||
|
|
||||||
def check_indicators(self) -> None:
|
def check_indicators(self) -> None:
|
||||||
for message in self.results:
|
for message in self.results:
|
||||||
|
|
|
@ -55,6 +55,10 @@ class SMSAttachments(IOSExtraction):
|
||||||
|
|
||||||
def check_indicators(self) -> None:
|
def check_indicators(self) -> None:
|
||||||
for attachment in self.results:
|
for attachment in self.results:
|
||||||
|
# Check for known malicious filenames.
|
||||||
|
if self.indicators.check_file_path(attachment["filename"]):
|
||||||
|
self.detected.append(attachment)
|
||||||
|
|
||||||
if (
|
if (
|
||||||
attachment["filename"].startswith("/var/tmp/")
|
attachment["filename"].startswith("/var/tmp/")
|
||||||
and attachment["filename"].endswith("-1")
|
and attachment["filename"].endswith("-1")
|
||||||
|
|
|
@ -17,7 +17,7 @@ class TestSMSModule:
|
||||||
m = SMS(target_path=get_ios_backup_folder())
|
m = SMS(target_path=get_ios_backup_folder())
|
||||||
run_module(m)
|
run_module(m)
|
||||||
assert len(m.results) == 1
|
assert len(m.results) == 1
|
||||||
assert len(m.timeline) == 2 # SMS received and read events.
|
assert len(m.timeline) == 1
|
||||||
assert len(m.detected) == 0
|
assert len(m.detected) == 0
|
||||||
|
|
||||||
def test_detection(self, indicator_file):
|
def test_detection(self, indicator_file):
|
||||||
|
|
Loading…
Reference in New Issue
Block a user