mirror of
https://github.com/mvt-project/mvt.git
synced 2024-06-02 03:05:30 +00:00
41db117168
Some MVT modules such as the WhatsApp module can be very slow as it was taking a naive approach to look for IOCs. The code was checking URLs (potentially more than 100k) against 1000's of IOC domains resulting in a quadratic run-time with hundreds of millions of comparisons as the number of IOCs increases. This commit add an Aho-Corasick library which allows the efficient search in a string (the URL in this case) for all matches in set of keys (the IOCs). This data structure is perfect for this use case. A quick measurement shows a 80% performance improvement for a WhatsApp database with 100k entries. The slow path is now the time spent fetching and expanding short URLs found in the database. This can also be sped up significantly by fetching each URL asynchronously. This would require reworking modules to split the URL expansion from the IOC check so I will implement in a separate PR.
97 lines
1.9 KiB
INI
97 lines
1.9 KiB
INI
[metadata]
|
|
name = mvt
|
|
version = attr: mvt.common.version.MVT_VERSION
|
|
author = Claudio Guarnieri
|
|
author_email = nex@nex.sx
|
|
description = Mobile Verification Toolkit
|
|
long_description = file: README.md
|
|
long_description_content_type = text/markdown
|
|
url = https://github.com/mvt-project/mvt
|
|
keywords = security, mobile, forensics, malware
|
|
license = MVT v1.1
|
|
classifiers =
|
|
Development Status :: 5 - Production/Stable
|
|
Intended Audience :: Information Technology
|
|
Operating System :: OS Independent
|
|
Programming Language :: Python
|
|
|
|
[options]
|
|
packages = find:
|
|
package_dir = = ./
|
|
include_package_data = True
|
|
python_requires = >= 3.8
|
|
install_requires =
|
|
click >=8.1.3
|
|
rich >=12.6.0
|
|
tld >=0.12.6
|
|
requests >=2.28.1
|
|
simplejson >=3.17.6
|
|
packaging >=21.3
|
|
appdirs >=1.4.4
|
|
iOSbackup >=0.9.923
|
|
adb-shell >=0.4.3
|
|
libusb1 >=3.0.0
|
|
cryptography >=38.0.1
|
|
pyyaml >=6.0
|
|
pyahocorasick >= 2.0.0
|
|
|
|
[options.packages.find]
|
|
where = ./
|
|
|
|
[options.entry_points]
|
|
console_scripts =
|
|
mvt-ios = mvt.ios:cli
|
|
mvt-android = mvt.android:cli
|
|
|
|
[options.package_data]
|
|
mvt = ios/data/*.json
|
|
|
|
[flake8]
|
|
max-complexity = 10
|
|
max-line-length = 1000
|
|
ignore =
|
|
C901,
|
|
E265,
|
|
F401,
|
|
E127,
|
|
W503,
|
|
E226,
|
|
E203
|
|
|
|
[pylint]
|
|
score = no
|
|
reports = no
|
|
output-format = colorized
|
|
|
|
max-locals = 25
|
|
max-args = 10
|
|
|
|
good-names = i,m
|
|
|
|
min-similarity-lines = 10
|
|
ignore-comments = yes
|
|
ignore-docstrings = yes
|
|
ignore-imports = yes
|
|
|
|
ignored-argument-names=args|kwargs
|
|
|
|
# https://pylint.pycqa.org/en/stable/technical_reference/features.html
|
|
disable =
|
|
too-many-instance-attributes,
|
|
broad-except,
|
|
abstract-method,
|
|
dangerous-default-value,
|
|
too-few-public-methods,
|
|
missing-docstring,
|
|
missing-module-docstring,
|
|
missing-class-docstring,
|
|
missing-function-docstring,
|
|
#duplicate-code,
|
|
#line-too-long,
|
|
|
|
[mypy]
|
|
ignore_missing_imports = True
|
|
|
|
[isort]
|
|
profile=black
|