Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add basic support for IP indicators in MVT #556

Merged
merged 2 commits into from
Oct 17, 2024
Merged

Add basic support for IP indicators in MVT #556

merged 2 commits into from
Oct 17, 2024

Conversation

DonnchaC
Copy link
Collaborator

This PR reworks #465 which was started by renini.

The initial PR had support for specifying IP address in CIDR format. I've remove this for now as it could risk making MVT slow if large CIDRs are specified with thousands or millions of IPs.

This first version supports IP addresses by treated as domains internally in MVT which will automatically be matching in existing check_domain and check_url functions.

Closes #465.

renini and others added 2 commits October 17, 2024 13:43
@DonnchaC
Add prelimary ipv4-addr ioc matching support under collection domains
66f97d7
@DonnchaC
Add IP addresses as a valid IOC type
b8093bc 
This currently just supports IPv4 addresses which
are treated as domains internally in MVT.
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Oct 17, 2024
edited
Loading

Coverage

Coverage Report
FileStmtsMissCoverMissing
src/mvt/android
   cli.py1575466%61, 69, 88–120, 156–180, 218–219, 226, 280–281, 288, 344–345, 352, 375–382, 390–391
   cmd_check_adb.py10370%26–37
   cmd_check_androidqf.py34585%57–60, 64
   cmd_check_backup.py631871%60, 69–70, 78–79, 85–88, 95–108, 112
   cmd_check_bugreport.py39782%51, 54–57, 70, 76
   cmd_download_apks.py876921%38–42, 51–53, 65–99, 105–112, 116–172, 175–177, 180–184
   utils.py16569%11–20
src/mvt/android/artifacts
   dumpsys_appops.py90693%23, 89–90, 138–140, 146
   dumpsys_battery_daily.py42295%42–43
   dumpsys_battery_history.py48688%47–55
   dumpsys_dbinfo.py42588%60–65
   dumpsys_package_activities.py40490%12, 64, 70–71
   dumpsys_packages.py121596%18–24, 161, 168
   dumpsys_receivers.py57689%24, 29, 34, 97, 103–104
   getprop.py31390%40, 48, 51
   processes.py34974%20, 24–25, 31, 55, 59, 63–65
src/mvt/android/modules/adb
   base.py14811224%51–61, 66–73, 77–138, 142, 146–148, 157, 166–167, 171–172, 185, 198–200, 218–224, 234–269, 282–306, 309–352, 356
   chrome_history.py372435%30–38, 41, 50–56, 64–98, 101–110
   dumpsys_accessibility.py15847%26, 36–47
   dumpsys_activities.py14750%28–37, 40–45
   dumpsys_appops.py14657%28, 38–44
   dumpsys_battery_daily.py13654%26, 36–42
   dumpsys_battery_history.py13654%26, 36–42
   dumpsys_dbinfo.py14657%28, 38–44
   dumpsys_full.py16944%25, 35–45
   dumpsys_receivers.py14750%26–35, 38–44
   files.py725721%37–45, 48–56, 59–70, 73–88, 93–121, 124–155
   getprop.py14750%26–35, 38–43
   logcat.py211433%25, 35–57
   packages.py16814812%39–47, 50–72, 75–109, 113–162, 166–176, 181–212, 215–312
   processes.py13654%26, 36–42
   root_binaries.py251828%24, 34–36, 39–70
   selinux_status.py171041%26–35, 38–48
   settings.py251828%26–35, 38–58
   sms.py796024%56–65, 68–69, 77–90, 98–127, 137–151, 154–179
   whatsapp.py533926%31, 41–42, 50–60, 68–103, 106–113
src/mvt/android/modules/androidqf
   dumpsys_packages.py24388%52–53, 56
   packages.py41490%44–50, 71
   settings.py24292%51–52
   sms.py491373%48, 51, 56–57, 73–78, 81, 85–91, 96–97
src/mvt/android/modules/backup
   base.py33294%64–65
   helpers.py22195%26
   sms.py33488%40, 44, 47–48
src/mvt/android/modules/bugreport
   accessibility.py17382%38–42, 51
   activities.py16288%42–46
   appops.py15287%38–42
   base.py511669%48–49, 54–55, 62–67, 71, 86–93
   battery_daily.py15287%38–42
   battery_history.py15287%38–42
   dbinfo.py16288%40–44
   getprop.py26773%40–44, 51–52, 57–60
   packages.py24388%39–43, 56
   receivers.py16288%40–44
src/mvt/android/parsers
   backup.py109992%62, 102–103, 109, 129, 132, 175, 190–191
src/mvt/common
   artifact.py10280%22, 28
   cmd_check_iocs.py382924%26–36, 39–80
   command.py1324764%67–73, 79–97, 103–109, 118–146, 152–156, 159–161, 167, 201, 218, 222–223
   indicators.py3026080%38–40, 53–59, 137, 149, 186–191, 274, 286, 298, 340–343, 360, 386–404, 431, 453, 484, 503, 518–524, 537–545, 556, 580, 605, 614–621, 636, 661–674, 685, 688, 739, 757
   logo.py403318%16–74, 78–85
   module.py1193670%71–75, 80–84, 99–119, 160, 169, 174, 184, 203–204, 220–221, 237–246
   options.py13377%27–33
   updates.py14311817%26–33, 38–51, 56–64, 67–69, 76–84, 87–89, 92–104, 107–122, 125–163, 170–199, 206–216, 219–249
   url.py25676%327, 366, 372–376
   utils.py1073765%48–50, 63, 95–96, 110, 124–125, 164–181, 196–197, 210–211, 218–227, 242, 252, 260
   virustotal.py231343%25–52
src/mvt/ios
   cli.py1396255%61, 69, 98–142, 161–185, 226–227, 260–281, 304–311, 319–320
   cmd_check_fs.py13469%28–40, 43
   decrypt.py1149219%33–36, 39, 48–56, 61–64, 73–123, 131–181, 192–221, 227–231, 244–255
   versions.py32391%21, 30, 48
src/mvt/ios/modules
   base.py902374%54, 64, 71–96, 114, 122, 129, 137–138, 157–160, 195–196
   net_base.py1194661%74–75, 156–211, 226–237, 249, 294–295, 303–304, 308
src/mvt/ios/modules/backup
   backup_info.py29293%43, 79
   configuration_profiles.py674631%43–48, 58, 61–88, 103–178
   manifest.py81890%59, 66, 112–119, 124, 170–171
   profile_events.py513237%44, 55, 58–67, 71–97, 103–110, 113
src/mvt/ios/modules/fs
   analytics.py655023%34, 44, 52–77, 80–137, 140–143, 146–152
   analytics_ios_versions.py362628%30, 40, 48–86
   cache_files.py463524%24, 34–45, 48–62, 65–80, 92–99
   filesystem.py42881%52, 56–57, 61, 77–78, 89–90
   net_netusage.py181044%34, 44–57
   safari_favicon.py372630%31, 41, 50–60, 63–115, 118–124
   shutdownlog.py655417%30, 40, 49–69, 72–127, 130–133
   version_history.py20955%32, 42, 50–65
   webkit_base.py221627%17–24, 27–38
   webkit_indexeddb.py13469%34, 44, 53–54
   webkit_localstorage.py12467%32, 42, 51–52
   webkit_safariviewservice.py10370%32, 42–43
src/mvt/ios/modules/mixed
   applications.py744638%44–51, 55–93, 99–107, 113–118, 128–140, 146, 148–150
   calendar.py49296%75–78
   calls.py221055%41, 53–82
   chrome_favicon.py362336%42, 50–60, 66–104
   chrome_history.py301743%44, 54–61, 67–102
   contacts.py281739%45–75
   firefox_favicon.py321941%43, 52–62, 68–106
   firefox_history.py301743%47, 55–62, 68–101
   global_preferences.py25196%45
   idstatuscache.py563930%46, 55–72, 75–105, 110–120
   interactionc.py554027%251–275, 281–320
   locationd.py836522%58–70, 73–133, 136–155, 160–172
   osanalytics_addaily.py311745%45, 56–63, 70–98
   safari_browserstate.py732763%68, 71–75, 96–98, 112–132, 167, 173–180
   safari_history.py704437%48, 59–98, 107, 110–113, 116–151, 163–171
   shortcuts.py675025%47–55, 71–78, 84–153
   sms.py691381%74, 86, 110–127, 140, 154
   sms_attachments.py422443%44, 57–74, 97–128
   tcc.py802865%68, 85, 108–125, 140–143, 163–205
   webkit_resource_load_statistics.py521081%67–68, 93–94, 128–135
   webkit_session_resource_log.py755231%56–66, 70, 73–113, 119–149, 156–173
   whatsapp.py513825%43–48, 56–63, 69–135
TOTAL5812240059% 

Tests Skipped Failures Errors Time
100 0 💤 0 ❌ 0 🔥 7.864s ⏱️

@github-actions GitHub Actions
Copy link
Contributor

Coverage

Coverage Report
FileStmtsMissCoverMissing
src/mvt/android
   cli.py1575466%61, 69, 88–120, 156–180, 218–219, 226, 280–281, 288, 344–345, 352, 375–382, 390–391
   cmd_check_adb.py10370%26–37
   cmd_check_androidqf.py34585%57–60, 64
   cmd_check_backup.py631871%60, 69–70, 78–79, 85–88, 95–108, 112
   cmd_check_bugreport.py39782%51, 54–57, 70, 76
   cmd_download_apks.py866821%38–42, 51–53, 65–99, 105–112, 116–172, 175–177, 180–184
   utils.py16569%11–20
src/mvt/android/artifacts
   dumpsys_appops.py90693%23, 89–90, 138–140, 146
   dumpsys_battery_daily.py42295%42–43
   dumpsys_battery_history.py48785%47–55, 68
   dumpsys_dbinfo.py42588%60–65
   dumpsys_package_activities.py40490%12, 64, 70–71
   dumpsys_packages.py121596%18–24, 161, 168
   dumpsys_receivers.py57689%24, 29, 34, 97, 103–104
   getprop.py31390%40, 48, 51
   processes.py34974%20, 24–25, 31, 55, 59, 63–65
src/mvt/android/modules/adb
   base.py14711124%51–61, 66–73, 77–138, 142, 146–148, 157, 166–167, 171–172, 185, 198–200, 218–224, 234–269, 282–306, 309–352, 356
   chrome_history.py372435%30–38, 41, 50–56, 64–98, 101–110
   dumpsys_accessibility.py15847%26, 36–47
   dumpsys_activities.py14750%28–37, 40–45
   dumpsys_appops.py14657%28, 38–44
   dumpsys_battery_daily.py13654%26, 36–42
   dumpsys_battery_history.py13654%26, 36–42
   dumpsys_dbinfo.py14657%28, 38–44
   dumpsys_full.py16944%25, 35–45
   dumpsys_receivers.py14750%26–35, 38–44
   files.py725721%37–45, 48–56, 59–70, 73–88, 93–121, 124–155
   getprop.py14750%26–35, 38–43
   logcat.py211433%25, 35–57
   packages.py16814812%39–47, 50–72, 75–109, 113–162, 166–176, 181–212, 215–312
   processes.py13654%26, 36–42
   root_binaries.py251828%24, 34–36, 39–70
   selinux_status.py171041%26–35, 38–48
   settings.py251828%26–35, 38–58
   sms.py796024%56–65, 68–69, 77–90, 98–127, 137–151, 154–179
   whatsapp.py533926%31, 41–42, 50–60, 68–103, 106–113
src/mvt/android/modules/androidqf
   dumpsys_packages.py24388%52–53, 56
   packages.py40392%44–50
   settings.py24292%51–52
   sms.py491373%48, 51, 56–57, 73–78, 81, 85–91, 96–97
src/mvt/android/modules/backup
   base.py33294%64–65
   helpers.py22195%26
   sms.py33488%40, 44, 47–48
src/mvt/android/modules/bugreport
   accessibility.py17382%38–42, 51
   activities.py16288%42–46
   appops.py15287%38–42
   base.py511669%48–49, 54–55, 62–67, 71, 86–93
   battery_daily.py15287%38–42
   battery_history.py15287%38–42
   dbinfo.py16288%40–44
   getprop.py26773%40–44, 51–52, 57–60
   packages.py24388%39–43, 56
   receivers.py16288%40–44
src/mvt/android/parsers
   backup.py109992%62, 102–103, 109, 129, 132, 175, 190–191
src/mvt/common
   artifact.py10280%22, 28
   cmd_check_iocs.py382924%26–36, 39–80
   command.py1324764%67–73, 79–97, 103–109, 118–146, 152–156, 159–161, 167, 201, 218, 222–223
   indicators.py3026080%38–40, 53–59, 137, 149, 186–191, 274, 286, 298, 340–343, 360, 386–404, 431, 453, 484, 503, 518–524, 537–545, 556, 580, 605, 614–621, 636, 661–674, 685, 688, 739, 757
   logo.py403318%16–74, 78–85
   module.py1193670%71–75, 80–84, 99–119, 160, 169, 174, 184, 203–204, 220–221, 237–246
   options.py13377%27–33
   updates.py14311817%26–33, 38–51, 56–64, 67–69, 76–84, 87–89, 92–104, 107–122, 125–163, 170–199, 206–216, 219–249
   url.py25676%327, 366, 372–376
   utils.py1073765%48–50, 63, 95–96, 110, 124–125, 164–181, 196–197, 210–211, 218–227, 242, 252, 260
   virustotal.py231343%25–52
src/mvt/ios
   cli.py1396255%61, 69, 98–142, 161–185, 226–227, 260–281, 304–311, 319–320
   cmd_check_fs.py13469%28–40, 43
   decrypt.py1149219%33–36, 39, 48–56, 61–64, 73–123, 131–181, 192–221, 227–231, 244–255
   versions.py32391%21, 30, 48
src/mvt/ios/modules
   base.py902374%54, 64, 71–96, 114, 122, 129, 137–138, 157–160, 195–196
   net_base.py1194661%74–75, 156–211, 226–237, 249, 294–295, 303–304, 308
src/mvt/ios/modules/backup
   backup_info.py29293%43, 79
   configuration_profiles.py674631%43–48, 58, 61–88, 103–178
   manifest.py81890%59, 66, 112–119, 124, 170–171
   profile_events.py513237%44, 55, 58–67, 71–97, 103–110, 113
src/mvt/ios/modules/fs
   analytics.py655023%34, 44, 52–77, 80–137, 140–143, 146–152
   analytics_ios_versions.py362628%30, 40, 48–86
   cache_files.py463524%24, 34–45, 48–62, 65–80, 92–99
   filesystem.py42881%52, 56–57, 61, 77–78, 89–90
   net_netusage.py181044%34, 44–57
   safari_favicon.py372630%31, 41, 50–60, 63–115, 118–124
   shutdownlog.py655417%30, 40, 49–69, 72–127, 130–133
   version_history.py20955%32, 42, 50–65
   webkit_base.py221627%17–24, 27–38
   webkit_indexeddb.py13469%34, 44, 53–54
   webkit_localstorage.py12467%32, 42, 51–52
   webkit_safariviewservice.py10370%32, 42–43
src/mvt/ios/modules/mixed
   applications.py744638%44–51, 55–93, 99–107, 113–118, 128–140, 146, 148–150
   calendar.py49296%75–78
   calls.py221055%41, 53–82
   chrome_favicon.py362336%42, 50–60, 66–104
   chrome_history.py301743%44, 54–61, 67–102
   contacts.py281739%45–75
   firefox_favicon.py321941%43, 52–62, 68–106
   firefox_history.py301743%47, 55–62, 68–101
   global_preferences.py25196%45
   idstatuscache.py563930%46, 55–72, 75–105, 110–120
   interactionc.py554027%251–275, 281–320
   locationd.py836522%58–70, 73–133, 136–155, 160–172
   osanalytics_addaily.py311745%45, 56–63, 70–98
   safari_browserstate.py732763%68, 71–75, 96–98, 112–132, 167, 173–180
   safari_history.py704437%48, 59–98, 107, 110–113, 116–151, 163–171
   shortcuts.py675025%47–55, 71–78, 84–153
   sms.py691381%74, 86, 110–127, 140, 154
   sms_attachments.py422443%44, 57–74, 97–128
   tcc.py802865%68, 85, 108–125, 140–143, 163–205
   webkit_resource_load_statistics.py521081%67–68, 93–94, 128–135
   webkit_session_resource_log.py755231%56–66, 70, 73–113, 119–149, 156–173
   whatsapp.py513825%43–48, 56–63, 69–135
TOTAL5809239859% 

Tests Skipped Failures Errors Time
100 0 💤 0 ❌ 0 🔥 7.985s ⏱️

@DonnchaC DonnchaC merged commit 81b647b into main Oct 17, 2024
4 checks passed
@DonnchaC DonnchaC mentioned this pull request Oct 17, 2024
Closed
@DonnchaC DonnchaC deleted the ioc-ipadr branch October 23, 2024 13:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@DonnchaC