diff --git a/mvt/android/modules/adb/chrome_history.py b/mvt/android/modules/adb/chrome_history.py index f163147..4694bbd 100644 --- a/mvt/android/modules/adb/chrome_history.py +++ b/mvt/android/modules/adb/chrome_history.py @@ -52,14 +52,14 @@ class ChromeHistory(AndroidExtraction): """) for item in cur: - self.results.append(dict( - id=item[0], - url=item[1], - visit_id=item[2], - timestamp=item[3], - isodate=convert_timestamp_to_iso(convert_chrometime_to_unix(item[3])), - redirect_source=item[4], - )) + self.results.append({ + "id": item[0], + "url": item[1], + "visit_id": item[2], + "timestamp": item[3], + "isodate": convert_timestamp_to_iso(convert_chrometime_to_unix[item[3]]), + "redirect_source": item[4], + }) cur.close() conn.close() diff --git a/mvt/android/modules/adb/packages.py b/mvt/android/modules/adb/packages.py index 54d1158..9848d3e 100644 --- a/mvt/android/modules/adb/packages.py +++ b/mvt/android/modules/adb/packages.py @@ -76,18 +76,18 @@ class Packages(AndroidExtraction): first_install = dumpsys[1].split("=")[1].strip() last_update = dumpsys[2].split("=")[1].strip() - self.results.append(dict( - package_name=package_name, - file_name=file_name, - installer=installer, - timestamp=timestamp, - first_install_time=first_install, - last_update_time=last_update, - uid=uid, - disabled=False, - system=False, - third_party=False, - )) + self.results.append({ + "package_name": package_name, + "file_name": file_name, + "installer": installer, + "timestamp": timestamp, + "first_install_time": first_install, + "last_update_time": last_update, + "uid": uid, + "disabled": False, + "system": False, + "third_party": False, + }) cmds = [ {"field": "disabled", "arg": "-d"}, diff --git a/mvt/android/modules/adb/processes.py b/mvt/android/modules/adb/processes.py index 6350416..ac18526 100644 --- a/mvt/android/modules/adb/processes.py +++ b/mvt/android/modules/adb/processes.py @@ -29,13 +29,13 @@ class Processes(AndroidExtraction): continue fields = line.split() - proc = dict( - user=fields[0], - pid=fields[1], - parent_pid=fields[2], - vsize=fields[3], - rss=fields[4], - ) + proc = { + "user": fields[0], + "pid": fields[1], + "parent_pid": fields[2], + "vsize": fields[3], + "rss": fields[4], + } # Sometimes WCHAN is empty, so we need to re-align output fields. if len(fields) == 8: diff --git a/mvt/android/modules/adb/sms.py b/mvt/android/modules/adb/sms.py index 5db5652..eb83b83 100644 --- a/mvt/android/modules/adb/sms.py +++ b/mvt/android/modules/adb/sms.py @@ -84,7 +84,7 @@ class SMS(AndroidExtraction): names = [description[0] for description in cur.description] for item in cur: - message = dict() + message = {} for index, value in enumerate(item): message[names[index]] = value diff --git a/mvt/android/modules/adb/whatsapp.py b/mvt/android/modules/adb/whatsapp.py index 7a8fe37..28e3ea7 100644 --- a/mvt/android/modules/adb/whatsapp.py +++ b/mvt/android/modules/adb/whatsapp.py @@ -59,7 +59,7 @@ class Whatsapp(AndroidExtraction): messages = [] for item in cur: - message = dict() + message = {} for index, value in enumerate(item): message[names[index]] = value diff --git a/mvt/ios/modules/backup/configuration_profiles.py b/mvt/ios/modules/backup/configuration_profiles.py index a8ff09a..a2c608e 100644 --- a/mvt/ios/modules/backup/configuration_profiles.py +++ b/mvt/ios/modules/backup/configuration_profiles.py @@ -33,11 +33,11 @@ class ConfigurationProfiles(IOSExtraction): if "SignerCerts" in conf_plist: conf_plist["SignerCerts"] = [b64encode(x) for x in conf_plist["SignerCerts"]] - self.results.append(dict( - file_id=conf_file["file_id"], - relative_path=conf_file["relative_path"], - domain=conf_file["domain"], - plist=conf_plist, - )) + self.results.append({ + "file_id": conf_file["file_id"], + "relative_path": conf_file["relative_path"], + "domain": conf_file["domain"], + "plist": conf_plist, + }) self.log.info("Extracted details about %d configuration profiles", len(self.results)) diff --git a/mvt/ios/modules/backup/manifest.py b/mvt/ios/modules/backup/manifest.py index 3e0f640..3960834 100644 --- a/mvt/ios/modules/backup/manifest.py +++ b/mvt/ios/modules/backup/manifest.py @@ -102,7 +102,7 @@ class Manifest(IOSExtraction): names = [description[0] for description in cur.description] for file_entry in cur: - file_data = dict() + file_data = {} for index, value in enumerate(file_entry): file_data[names[index]] = value diff --git a/mvt/ios/modules/fs/cache_files.py b/mvt/ios/modules/fs/cache_files.py index 8156bc1..e0e3683 100644 --- a/mvt/ios/modules/fs/cache_files.py +++ b/mvt/ios/modules/fs/cache_files.py @@ -58,14 +58,14 @@ class CacheFiles(IOSExtraction): self.results[key_name] = [] for row in cur: - self.results[key_name].append(dict( - entry_id=row[0], - version=row[1], - hash_value=row[2], - storage_policy=row[3], - url=row[4], - isodate=row[5], - )) + self.results[key_name].append({ + "entry_id": row[0], + "version": row[1], + "hash_value": row[2], + "storage_policy": row[3], + "url": row[4], + "isodate": row[5], + }) def run(self): self.results = {} diff --git a/mvt/ios/modules/fs/safari_favicon.py b/mvt/ios/modules/fs/safari_favicon.py index cdf4b4b..e417985 100644 --- a/mvt/ios/modules/fs/safari_favicon.py +++ b/mvt/ios/modules/fs/safari_favicon.py @@ -57,13 +57,13 @@ class SafariFavicon(IOSExtraction): items = [] for item in cur: - items.append(dict( - url=item[0], - icon_url=item[1], - timestamp=item[2], - isodate=convert_timestamp_to_iso(convert_mactime_to_unix(item[2])), - type="valid", - )) + items.append({ + "url": item[0], + "icon_url": item[1], + "timestamp": item[2], + "isodate": convert_timestamp_to_iso(convert_mactime_to_unix(item[2])), + "type": "valid", + }) # Fetch icons from the rejected icons table. cur.execute("""SELECT @@ -73,13 +73,13 @@ class SafariFavicon(IOSExtraction): FROM rejected_resources ORDER BY timestamp;""") for item in cur: - items.append(dict( - url=item[0], - icon_url=item[1], - timestamp=item[2], - isodate=convert_timestamp_to_iso(convert_mactime_to_unix(item[2])), - type="rejected", - )) + items.append({ + "url": item[0], + "icon_url": item[1], + "timestamp": item[2], + "isodate": convert_timestamp_to_iso(convert_mactime_to_unix(item[2])), + "type": "rejected", + }) cur.close() conn.close() diff --git a/mvt/ios/modules/fs/webkit_base.py b/mvt/ios/modules/fs/webkit_base.py index c18a2f5..14d0b32 100644 --- a/mvt/ios/modules/fs/webkit_base.py +++ b/mvt/ios/modules/fs/webkit_base.py @@ -34,8 +34,8 @@ class WebkitBase(IOSExtraction): name = name.replace("https_", "https://") url = name.split("_")[0] - self.results.append(dict( - folder=key, - url=url, - isodate=convert_timestamp_to_iso(datetime.datetime.utcfromtimestamp(os.stat(found_path).st_mtime)), - )) + self.results.append({ + "folder": key, + "url": url, + "isodate": convert_timestamp_to_iso(datetime.datetime.utcfromtimestamp(os.stat(found_path).st_mtime)), + }) diff --git a/mvt/ios/modules/mixed/chrome_favicon.py b/mvt/ios/modules/mixed/chrome_favicon.py index 643aa1d..c24670b 100644 --- a/mvt/ios/modules/mixed/chrome_favicon.py +++ b/mvt/ios/modules/mixed/chrome_favicon.py @@ -65,12 +65,12 @@ class ChromeFavicon(IOSExtraction): items = [] for item in cur: last_timestamp = int(item[2]) or int(item[3]) - items.append(dict( - url=item[0], - icon_url=item[1], - timestamp=last_timestamp, - isodate=convert_timestamp_to_iso(convert_chrometime_to_unix(last_timestamp)), - )) + items.append({ + "url": item[0], + "icon_url": item[1], + "timestamp": last_timestamp, + "isodate": convert_timestamp_to_iso(convert_chrometime_to_unix(last_timestamp)), + }) cur.close() conn.close() diff --git a/mvt/ios/modules/mixed/chrome_history.py b/mvt/ios/modules/mixed/chrome_history.py index 59b99b8..fb98643 100644 --- a/mvt/ios/modules/mixed/chrome_history.py +++ b/mvt/ios/modules/mixed/chrome_history.py @@ -63,14 +63,14 @@ class ChromeHistory(IOSExtraction): """) for item in cur: - self.results.append(dict( - id=item[0], - url=item[1], - visit_id=item[2], - timestamp=item[3], - isodate=convert_timestamp_to_iso(convert_chrometime_to_unix(item[3])), - redirect_source=item[4], - )) + self.results.append({ + "id": item[0], + "url": item[1], + "visit_id": item[2], + "timestamp": item[3], + "isodate": convert_timestamp_to_iso(convert_chrometime_to_unix(item[3])), + "redirect_source": item[4], + }) cur.close() conn.close() diff --git a/mvt/ios/modules/mixed/contacts.py b/mvt/ios/modules/mixed/contacts.py index c640b73..8e0e1d8 100644 --- a/mvt/ios/modules/mixed/contacts.py +++ b/mvt/ios/modules/mixed/contacts.py @@ -40,7 +40,7 @@ class Contacts(IOSExtraction): names = [description[0] for description in cur.description] for entry in cur: - new_contact = dict() + new_contact = {} for index, value in enumerate(entry): new_contact[names[index]] = value diff --git a/mvt/ios/modules/mixed/firefox_favicon.py b/mvt/ios/modules/mixed/firefox_favicon.py index 6aeee9b..d13ed02 100644 --- a/mvt/ios/modules/mixed/firefox_favicon.py +++ b/mvt/ios/modules/mixed/firefox_favicon.py @@ -64,16 +64,16 @@ class FirefoxFavicon(IOSExtraction): """) for item in cur: - self.results.append(dict( - id=item[0], - url=item[1], - width=item[2], - height=item[3], - type=item[4], - isodate=convert_timestamp_to_iso(datetime.utcfromtimestamp(item[5])), - history_id=item[6], - history_url=item[7] - )) + self.results.append({ + "id": item[0], + "url": item[1], + "width": item[2], + "height": item[3], + "type": item[4], + "isodate": convert_timestamp_to_iso(datetime.utcfromtimestamp(item[5])), + "history_id": item[6], + "history_url": item[7] + }) cur.close() conn.close() diff --git a/mvt/ios/modules/mixed/firefox_history.py b/mvt/ios/modules/mixed/firefox_history.py index afa814c..920191d 100644 --- a/mvt/ios/modules/mixed/firefox_history.py +++ b/mvt/ios/modules/mixed/firefox_history.py @@ -62,14 +62,14 @@ class FirefoxHistory(IOSExtraction): """) for item in cur: - self.results.append(dict( - id=item[0], - isodate=convert_timestamp_to_iso(datetime.utcfromtimestamp(item[1])), - url=item[2], - title=item[3], - i1000000s_local=item[4], - type=item[5] - )) + self.results.append({ + "id": item[0], + "isodate": convert_timestamp_to_iso(datetime.utcfromtimestamp(item[1])), + "url": item[2], + "title": item[3], + "i1000000s_local": item[4], + "type": item[5] + }) cur.close() conn.close() diff --git a/mvt/ios/modules/mixed/safari_browserstate.py b/mvt/ios/modules/mixed/safari_browserstate.py index c15cef8..a83b8e8 100644 --- a/mvt/ios/modules/mixed/safari_browserstate.py +++ b/mvt/ios/modules/mixed/safari_browserstate.py @@ -85,19 +85,19 @@ class SafariBrowserState(IOSExtraction): if "SessionHistoryEntries" in session_data["SessionHistory"]: for session_entry in session_data["SessionHistory"]["SessionHistoryEntries"]: session_history_count += 1 - session_entries.append(dict( - entry_title=session_entry["SessionHistoryEntryOriginalURL"], - entry_url=session_entry["SessionHistoryEntryURL"], - data_length=len(session_entry["SessionHistoryEntryData"]) if "SessionHistoryEntryData" in session_entry else 0, - )) + session_entries.append({ + "entry_title": session_entry["SessionHistoryEntryOriginalURL"], + "entry_url": session_entry["SessionHistoryEntryURL"], + "data_length": len(session_entry["SessionHistoryEntryData"]) if "SessionHistoryEntryData" in session_entry else 0, + }) - self.results.append(dict( - tab_title=item[0], - tab_url=item[1], - tab_visible_url=item[2], - last_viewed_timestamp=convert_timestamp_to_iso(convert_mactime_to_unix(item[3])), - session_data=session_entries, - )) + self.results.append({ + "tab_title": item[0], + "tab_url": item[1], + "tab_visible_url": item[2], + "last_viewed_timestamp": convert_timestamp_to_iso(convert_mactime_to_unix(item[3])), + "session_data": session_entries, + }) self.log.info("Extracted a total of %d tab records and %d session history entries", len(self.results), session_history_count) diff --git a/mvt/ios/modules/mixed/safari_history.py b/mvt/ios/modules/mixed/safari_history.py index 94acda5..d04a6bf 100644 --- a/mvt/ios/modules/mixed/safari_history.py +++ b/mvt/ios/modules/mixed/safari_history.py @@ -102,15 +102,15 @@ class SafariHistory(IOSExtraction): items = [] for item in cur: - items.append(dict( - id=item[0], - url=item[1], - visit_id=item[2], - timestamp=item[3], - isodate=convert_timestamp_to_iso(convert_mactime_to_unix(item[3])), - redirect_source=item[4], - redirect_destination=item[5] - )) + items.append({ + "id": item[0], + "url": item[1], + "visit_id": item[2], + "timestamp": item[3], + "isodate": convert_timestamp_to_iso(convert_mactime_to_unix(item[3])), + "redirect_source": item[4], + "redirect_destination": item[5] + }) cur.close() conn.close() diff --git a/mvt/ios/modules/mixed/sms.py b/mvt/ios/modules/mixed/sms.py index 49f4a4c..f439d50 100644 --- a/mvt/ios/modules/mixed/sms.py +++ b/mvt/ios/modules/mixed/sms.py @@ -64,7 +64,7 @@ class SMS(IOSExtraction): names = [description[0] for description in cur.description] for item in cur: - message = dict() + message = {} for index, value in enumerate(item): # We base64 escape some of the attributes that could contain # binary data. diff --git a/mvt/ios/modules/mixed/webkit_session_resource_log.py b/mvt/ios/modules/mixed/webkit_session_resource_log.py index 5bcc50a..c9ce8ed 100644 --- a/mvt/ios/modules/mixed/webkit_session_resource_log.py +++ b/mvt/ios/modules/mixed/webkit_session_resource_log.py @@ -44,16 +44,16 @@ class WebkitSessionResourceLog(IOSExtraction): browsing_stats = file_plist["browsingStatistics"] for item in browsing_stats: - items.append(dict( - origin=item.get("PrevalentResourceOrigin", ""), - redirect_source=item.get("topFrameUniqueRedirectsFrom", ""), - redirect_destination=item.get("topFrameUniqueRedirectsTo", ""), - subframe_under_origin=item.get("subframeUnderTopFrameOrigins", ""), - subresource_under_origin=item.get("subresourceUnderTopFrameOrigins", ""), - user_interaction=item.get("hadUserInteraction"), - most_recent_interaction=convert_timestamp_to_iso(item["mostRecentUserInteraction"]), - last_seen=convert_timestamp_to_iso(item["lastSeen"]), - )) + items.append({ + "origin": item.get("PrevalentResourceOrigin", ""), + "redirect_source": item.get("topFrameUniqueRedirectsFrom", ""), + "redirect_destination": item.get("topFrameUniqueRedirectsTo", ""), + "subframe_under_origin": item.get("subframeUnderTopFrameOrigins", ""), + "subresource_under_origin": item.get("subresourceUnderTopFrameOrigins", ""), + "user_interaction": item.get("hadUserInteraction"), + "most_recent_interaction": convert_timestamp_to_iso(item["mostRecentUserInteraction"]), + "last_seen": convert_timestamp_to_iso(item["lastSeen"]), + }) return items diff --git a/mvt/ios/modules/mixed/whatsapp.py b/mvt/ios/modules/mixed/whatsapp.py index abfebb1..c0bd547 100644 --- a/mvt/ios/modules/mixed/whatsapp.py +++ b/mvt/ios/modules/mixed/whatsapp.py @@ -61,7 +61,7 @@ class Whatsapp(IOSExtraction): names = [description[0] for description in cur.description] for message in cur: - new_message = dict() + new_message = {} for index, value in enumerate(message): new_message[names[index]] = value diff --git a/mvt/ios/modules/net_base.py b/mvt/ios/modules/net_base.py index 4ea60f2..89a8f3c 100644 --- a/mvt/ios/modules/net_base.py +++ b/mvt/ios/modules/net_base.py @@ -55,20 +55,20 @@ class NetBase(IOSExtraction): else: live_timestamp = "" - items.append(dict( - first_isodate=first_isodate, - isodate=isodate, - proc_name=item[2], - bundle_id=item[3], - proc_id=item[4], - wifi_in=item[5], - wifi_out=item[6], - wwan_in=item[7], - wwan_out=item[8], - live_id=item[9], - live_proc_id=item[10], - live_isodate=live_timestamp, - )) + items.append({ + "first_isodate": first_isodate, + "isodate": isodate, + "proc_name": item[2], + "bundle_id": item[3], + "proc_id": item[4], + "wifi_in": item[5], + "wifi_out": item[6], + "wwan_in": item[7], + "wwan_out": item[8], + "live_id": item[9], + "live_proc_id": item[10], + "live_isodate": live_timestamp, + }) cur.close() conn.close() @@ -104,6 +104,7 @@ class NetBase(IOSExtraction): "data": record_data, } ]) + return records def _find_suspicious_processes(self):