WIP for Triangulation post-processing module

Add missing iOS build numbers
Merge pull request #347 from mvt-project/auto/add-new-ios-releases
2026-02-15 10:02:43 +00:00 · 2023-06-28 21:46:18 +02:00 · 2023-05-21 17:11:07 +01:00 · 2023-05-21 17:54:25 +02:00 · 2023-05-21 15:53:45 +00:00 · 2023-05-21 16:52:47 +01:00
27 changed files with 1506 additions and 324 deletions
--- a/.github/workflows/scripts/update-ios-releases.py
+++ b/.github/workflows/scripts/update-ios-releases.py
@@ -0,0 +1,80 @@
+"""
+Python script to download the Apple RSS feed and parse it.
+"""
+
+import os
+import json
+import urllib.request
+from xml.dom.minidom import parseString
+
+from packaging import version
+
+
+def download_apple_rss(feed_url):
+    with urllib.request.urlopen(feed_url) as f:
+        rss_feed = f.read().decode('utf-8')
+    print("Downloaded RSS feed from Apple.")
+    return rss_feed
+
+
+def parse_latest_ios_versions(rss_feed_text):
+    latest_ios_versions = []
+
+    parsed_feed = parseString(rss_feed_text)
+    for item in parsed_feed.getElementsByTagName("item"):
+        title = item.getElementsByTagName("title")[0].firstChild.data
+        if not title.startswith("iOS"):
+            continue
+
+        import re
+        build_match = re.match(r"iOS (?P<version>[\d\.]+) (?P<beta>beta )?(\S*)?\((?P<build>.*)\)", title)
+        if not build_match:
+            print("Could not parse iOS build:", title)
+            continue
+
+        release_info = build_match.groupdict()
+        if release_info["beta"]:
+            print("Skipping beta release:", title)
+            continue
+
+        release_info.pop("beta")
+        latest_ios_versions.append(release_info)
+
+    return latest_ios_versions
+
+
+def update_mvt(mvt_checkout_path, latest_ios_versions):
+    version_path = os.path.join(mvt_checkout_path, "mvt/ios/data/ios_versions.json")
+    with open(version_path, "r") as version_file:
+        current_versions = json.load(version_file)
+
+    new_entry_count = 0
+    for new_version in latest_ios_versions:
+        for current_version in current_versions:
+            if new_version["build"] == current_version["build"]:
+                break
+        else:
+            # New version that does not exist in current data
+            current_versions.append(new_version)
+            new_entry_count += 1
+
+    if not new_entry_count:
+        print("No new iOS versions found.")
+    else:
+        print("Found {} new iOS versions.".format(new_entry_count))
+        new_version_list = sorted(current_versions, key=lambda x: version.Version(x["version"]))
+        with open(version_path, "w") as version_file:
+            json.dump(new_version_list, version_file, indent=4)
+
+
+def main():
+    print("Downloading RSS feed...")
+    mvt_checkout_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../"))
+
+    rss_feed = download_apple_rss("https://developer.apple.com/news/releases/rss/releases.rss")
+    latest_ios_version = parse_latest_ios_versions(rss_feed)
+    update_mvt(mvt_checkout_path, latest_ios_version)
+
+
+if __name__ == "__main__":
+    main()
--- a/.github/workflows/update-ios-data.yml
+++ b/.github/workflows/update-ios-data.yml
@@ -0,0 +1,29 @@
+name: Update iOS releases and version numbers
+run-name: ${{ github.actor }} is finding the latest iOS release version and build numbers
+on:
+  workflow_dispatch:
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    - cron:  '0 */6 * * *'
+
+
+jobs:
+  update-ios-version:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-python@v4
+      - name: Run script to fetch latest iOS releases from Apple RSS feed.
+        run: python3 .github/workflows/scripts/update-ios-releases.py
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v5
+        with:
+          title: '[auto] Update iOS releases and versions'
+          commit-message: Add new iOS versions and build numbers
+          branch: auto/add-new-ios-releases
+          body: |
+            This is an automated pull request to update the iOS releases and version numbers.
+          add-paths: |
+            *.json
+          labels: |
+            automated pr
--- a/docs/iocs.md
+++ b/docs/iocs.md
@@ -39,7 +39,9 @@ export MVT_STIX2="/home/user/IOC1.stix2:/home/user/IOC2.stix2"
 - The [Amnesty International investigations repository](https://github.com/AmnestyTech/investigations) contains STIX-formatted IOCs for:
    - [Pegasus](https://en.wikipedia.org/wiki/Pegasus_(spyware)) ([STIX2](https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/pegasus.stix2))
    - [Predator from Cytrox](https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/) ([STIX2](https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-12-16_cytrox/cytrox.stix2))
+    - [An Android Spyware Campaign Linked to a Mercenary Company](https://github.com/AmnestyTech/investigations/tree/master/2023-03-29_android_campaign) ([STIX2](https://github.com/AmnestyTech/investigations/blob/master/2023-03-29_android_campaign/malware.stix2))
 - [This repository](https://github.com/Te-k/stalkerware-indicators) contains IOCs for Android stalkerware including [a STIX MVT-compatible file](https://raw.githubusercontent.com/Te-k/stalkerware-indicators/master/generated/stalkerware.stix2).
+- We are also maintaining [a list of IOCs](https://github.com/mvt-project/mvt-indicators) in STIX format from public spyware campaigns.

 You can automaticallly download the latest public indicator files with the command `mvt-ios download-iocs` or `mvt-android download-iocs`. These commands download the list of indicators listed [here](https://github.com/mvt-project/mvt/blob/main/public_indicators.json) and store them in the [appdir](https://pypi.org/project/appdirs/) folder. They are then loaded automatically by MVT.

--- a/docs/ios/records.md
+++ b/docs/ios/records.md
@@ -16,6 +16,18 @@ If indicators are provided through the command-line, processes and domains are c

 ---

+### `applications.json`
+
+!!! info "Availability"
+    Backup: :material-check:
+    Full filesystem dump: :material-check:
+
+This JSON file is created by mvt-ios' `Applications` module. The module extracts the list of applications installed on the device from the `Info.plist` file in backup, or from the `iTunesMetadata.plist` files in a file system dump. These records contains detailed information on the source and installation of the app.
+
+If indicators are provided through the command-line, processes and application ids are checked against the app name of each application. It also flags any applications not installed from the AppStore. Any matches are stored in *applications_detected.json*.
+
+---
+
 ### `backup_info.json`

 !!! info "Availability"
@@ -38,6 +50,18 @@ If indicators are provided through the command-line, they are checked against th

 ---

+### `calendar.json`
+
+!!! info "Availability"
+    Backup: :material-check:
+    Full filesystem dump: :material-check:
+
+This JSON file is created by mvt-ios' `Calendar` module. This module extracts all CalendarItems from the `Calendar.sqlitedb` database. This database contains all calendar entries from the different calendars installed on the phone.
+
+If indicators are provided through the command-line, email addresses are checked against the inviter's email of the different events. Any matches are stored in *calendar_detected.json*.
+
+---
+
 ### `calls.json`

 !!! info "Availability"
--- a/mvt/android/cli.py
+++ b/mvt/android/cli.py
@@ -6,14 +6,15 @@
 import logging

 import click
-from rich.logging import RichHandler

 from mvt.common.cmd_check_iocs import CmdCheckIOCS
 from mvt.common.help import (HELP_MSG_FAST, HELP_MSG_HASHES, HELP_MSG_IOC,
                             HELP_MSG_LIST_MODULES, HELP_MSG_MODULE,
-                             HELP_MSG_OUTPUT, HELP_MSG_SERIAL)
+                             HELP_MSG_OUTPUT, HELP_MSG_SERIAL,
+                             HELP_MSG_VERBOSE)
 from mvt.common.logo import logo
 from mvt.common.updates import IndicatorsUpdates
+from mvt.common.utils import init_logging, set_verbose_logging

 from .cmd_check_adb import CmdAndroidCheckADB
 from .cmd_check_androidqf import CmdAndroidCheckAndroidQF
@@ -25,11 +26,8 @@ from .modules.adb.packages import Packages
 from .modules.backup import BACKUP_MODULES
 from .modules.bugreport import BUGREPORT_MODULES

-# Setup logging using Rich.
-LOG_FORMAT = "[%(name)s] %(message)s"
-logging.basicConfig(level="INFO", format=LOG_FORMAT, handlers=[
-    RichHandler(show_path=False, log_time_format="%X")])
-log = logging.getLogger(__name__)
+init_logging()
+log = logging.getLogger("mvt")
 CONTEXT_SETTINGS = dict(help_option_names=['-h', '--help'])


@@ -63,8 +61,10 @@ def version():
@click.option("--from-file", "-f", type=click.Path(exists=True),
              help="Instead of acquiring from phone, load an existing packages.json file for "
                   "lookups (mainly for debug purposes)")
+@click.option("--verbose", "-v", is_flag=True, help=HELP_MSG_VERBOSE)
@click.pass_context
-def download_apks(ctx, all_apks, virustotal, output, from_file, serial):
+def download_apks(ctx, all_apks, virustotal, output, from_file, serial, verbose):
+    set_verbose_logging(verbose)
    try:
        if from_file:
            download = DownloadAPKs.from_json(from_file)
@@ -112,8 +112,10 @@ def download_apks(ctx, all_apks, virustotal, output, from_file, serial):
@click.option("--fast", "-f", is_flag=True, help=HELP_MSG_FAST)
@click.option("--list-modules", "-l", is_flag=True, help=HELP_MSG_LIST_MODULES)
@click.option("--module", "-m", help=HELP_MSG_MODULE)
+@click.option("--verbose", "-v", is_flag=True, help=HELP_MSG_VERBOSE)
@click.pass_context
-def check_adb(ctx, serial, iocs, output, fast, list_modules, module):
+def check_adb(ctx, serial, iocs, output, fast, list_modules, module, verbose):
+    set_verbose_logging(verbose)
    cmd = CmdAndroidCheckADB(results_path=output, ioc_files=iocs,
                             module_name=module, serial=serial, fast_mode=fast)

@@ -141,9 +143,11 @@ def check_adb(ctx, serial, iocs, output, fast, list_modules, module):
              help=HELP_MSG_OUTPUT)
@click.option("--list-modules", "-l", is_flag=True, help=HELP_MSG_LIST_MODULES)
@click.option("--module", "-m", help=HELP_MSG_MODULE)
+@click.option("--verbose", "-v", is_flag=True, help=HELP_MSG_VERBOSE)
@click.argument("BUGREPORT_PATH", type=click.Path(exists=True))
@click.pass_context
-def check_bugreport(ctx, iocs, output, list_modules, module, bugreport_path):
+def check_bugreport(ctx, iocs, output, list_modules, module, verbose, bugreport_path):
+    set_verbose_logging(verbose)
    # Always generate hashes as bug reports are small.
    cmd = CmdAndroidCheckBugreport(target_path=bugreport_path,
                                   results_path=output, ioc_files=iocs,
@@ -172,9 +176,11 @@ def check_bugreport(ctx, iocs, output, list_modules, module, bugreport_path):
@click.option("--output", "-o", type=click.Path(exists=False),
              help=HELP_MSG_OUTPUT)
@click.option("--list-modules", "-l", is_flag=True, help=HELP_MSG_LIST_MODULES)
+@click.option("--verbose", "-v", is_flag=True, help=HELP_MSG_VERBOSE)
@click.argument("BACKUP_PATH", type=click.Path(exists=True))
@click.pass_context
-def check_backup(ctx, iocs, output, list_modules, backup_path):
+def check_backup(ctx, iocs, output, list_modules, verbose, backup_path):
+    set_verbose_logging(verbose)
    # Always generate hashes as backups are generally small.
    cmd = CmdAndroidCheckBackup(target_path=backup_path, results_path=output,
                                ioc_files=iocs, hashes=True)
@@ -204,9 +210,11 @@ def check_backup(ctx, iocs, output, list_modules, backup_path):
@click.option("--list-modules", "-l", is_flag=True, help=HELP_MSG_LIST_MODULES)
@click.option("--module", "-m", help=HELP_MSG_MODULE)
@click.option("--hashes", "-H", is_flag=True, help=HELP_MSG_HASHES)
+@click.option("--verbose", "-v", is_flag=True, help=HELP_MSG_VERBOSE)
@click.argument("ANDROIDQF_PATH", type=click.Path(exists=True))
@click.pass_context
-def check_androidqf(ctx, iocs, output, list_modules, module, hashes, androidqf_path):
+def check_androidqf(ctx, iocs, output, list_modules, module, hashes, verbose, androidqf_path):
+    set_verbose_logging(verbose)
    cmd = CmdAndroidCheckAndroidQF(target_path=androidqf_path,
                                   results_path=output, ioc_files=iocs,
                                   module_name=module, hashes=hashes)
--- a/mvt/android/cmd_download_apks.py
+++ b/mvt/android/cmd_download_apks.py
@@ -21,15 +21,13 @@ log = logging.getLogger(__name__)
 class DownloadAPKs(AndroidExtraction):
    """DownloadAPKs is the main class operating the download of APKs
    from the device.
-
-
    """

    def __init__(
        self,
        results_path: Optional[str] = None,
        all_apks: Optional[bool] = False,
-        packages: Optional[list] = None
+        packages: Optional[list] = None,
    ) -> None:
        """Initialize module.
        :param results_path: Path to the folder where data should be stored
--- a/mvt/android/modules/androidqf/sms.py
+++ b/mvt/android/modules/androidqf/sms.py
@@ -38,7 +38,7 @@ class SMS(AndroidQFModule):
            if "body" not in message:
                continue

-            if self.indicators.check_domains(message["links"]):
+            if self.indicators.check_domains(message.get("links", [])):
                self.detected.append(message)

    def parse_backup(self, data):
--- a/mvt/android/modules/bugreport/getprop.py
+++ b/mvt/android/modules/bugreport/getprop.py
@@ -39,8 +39,9 @@ class Getprop(BugReportModule):

        lines = []
        in_getprop = False
+
        for line in content.decode(errors="ignore").splitlines():
-            if line.strip() == "------ SYSTEM PROPERTIES (getprop) ------":
+            if line.strip().startswith("------ SYSTEM PROPERTIES"):
                in_getprop = True
                continue

@@ -55,13 +56,14 @@ class Getprop(BugReportModule):
        self.results = parse_getprop("\n".join(lines))

        # Alert if phone is outdated.
-        security_patch = self.results.get("ro.build.version.security_patch", "")
-        if security_patch:
-            patch_date = datetime.strptime(security_patch, "%Y-%m-%d")
-            if (datetime.now() - patch_date) > timedelta(days=6*30):
-                self.log.warning("This phone has not received security updates "
-                                 "for more than six months (last update: %s)",
-                                 security_patch)
+        for entry in self.results:
+            if entry["name"] == "ro.build.version.security_patch":
+                security_patch = entry["value"]
+                patch_date = datetime.strptime(security_patch, "%Y-%m-%d")
+                if (datetime.now() - patch_date) > timedelta(days=6*30):
+                    self.log.warning("This phone has not received security updates "
+                                     "for more than six months (last update: %s)",
+                                     security_patch)

        self.log.info("Extracted %d Android system properties",
                      len(self.results))
--- a/mvt/common/cmd_check_iocs.py
+++ b/mvt/common/cmd_check_iocs.py
@@ -7,6 +7,7 @@ import logging
 import os
 from typing import Optional

+from mvt.common.module import PostAnalysisModule
 from mvt.common.command import Command

 log = logging.getLogger(__name__)
@@ -32,6 +33,7 @@ class CmdCheckIOCS(Command):
    def run(self) -> None:
        assert self.target_path is not None
        all_modules = []
+        post_modules = []
        for entry in self.modules:
            if entry not in all_modules:
                all_modules.append(entry)
@@ -43,18 +45,24 @@ class CmdCheckIOCS(Command):
            name_only, _ = os.path.splitext(file_name)
            file_path = os.path.join(self.target_path, file_name)

-            for iocs_module in all_modules:
-                if self.module_name and iocs_module.__name__ != self.module_name:
+            for module in all_modules:
+                if self.module_name and module.__name__ != self.module_name:
                    continue

-                if iocs_module().get_slug() != name_only:
+                # Handle post-analysis modules at the end
+                if issubclass(module, PostAnalysisModule) and module not in post_modules:
+                    post_modules.append(module)
+                    continue
+
+                # Skip if the current result file does not match the module name
+                if module().get_slug() != name_only:
                    continue

                log.info("Loading results from \"%s\" with module %s",
-                         file_name, iocs_module.__name__)
+                         file_name, module.__name__)

-                m = iocs_module.from_json(file_path,
-                                          log=logging.getLogger(iocs_module.__module__))
+                m = module.from_json(file_path,
+                                     log=logging.getLogger(module.__module__))
                if self.iocs.total_ioc_count > 0:
                    m.indicators = self.iocs
                    m.indicators.log = m.log
@@ -66,6 +74,13 @@ class CmdCheckIOCS(Command):
                else:
                    total_detections += len(m.detected)

+        # Run post-analysis modules at end
+        for post_module in post_modules:
+            m = post_module.from_results(self.target_path, log=log)
+            m.run()
+            total_detections += len(m.detected)
+
+
        if total_detections > 0:
            log.warning("The check of the results produced %d detections!",
                        total_detections)
--- a/mvt/common/command.py
+++ b/mvt/common/command.py
@@ -33,6 +33,7 @@ class Command:
    ) -> None:
        self.name = ""
        self.modules = []
+        self.modules_post = []

        self.target_path = target_path
        self.results_path = results_path
@@ -42,20 +43,21 @@ class Command:
        self.fast_mode = fast_mode
        self.log = log

-        self.iocs = Indicators(log=log)
-        self.iocs.load_indicators_files(self.ioc_files)
-
        # This list will contain all executed modules.
        # We can use this to reference e.g. self.executed[0].results.
        self.executed = []
-
        self.detected_count = 0
-
        self.hashes = hashes
        self.hash_values = []
        self.timeline = []
        self.timeline_detected = []

+        # Load IOCs
+        self._create_storage()
+        self._setup_logging()
+        self.iocs = Indicators(log=log)
+        self.iocs.load_indicators_files(self.ioc_files)
+
    def _create_storage(self) -> None:
        if self.results_path and not os.path.exists(self.results_path):
            try:
@@ -65,10 +67,11 @@ class Command:
                                  self.results_path, exc)
                sys.exit(1)

-    def _add_log_file_handler(self, logger: logging.Logger) -> None:
+    def _setup_logging(self):
        if not self.results_path:
            return

+        logger = logging.getLogger("mvt")
        file_handler = logging.FileHandler(os.path.join(self.results_path,
                                                        "command.log"))
        formatter = logging.Formatter("%(asctime)s - %(name)s - "
@@ -137,7 +140,7 @@ class Command:
    def list_modules(self) -> None:
        self.log.info("Following is the list of available %s modules:",
                      self.name)
-        for module in self.modules:
+        for module in (self.modules + self.modules_post):
            self.log.info(" - %s", module.__name__)

    def init(self) -> None:
@@ -150,8 +153,6 @@ class Command:
        raise NotImplementedError

    def run(self) -> None:
-        self._create_storage()
-        self._add_log_file_handler(self.log)

        try:
            self.init()
@@ -162,8 +163,8 @@ class Command:
            if self.module_name and module.__name__ != self.module_name:
                continue

+            # FIXME: do we need the logger here
            module_logger = logging.getLogger(module.__module__)
-            self._add_log_file_handler(module_logger)

            m = module(target_path=self.target_path,
                       results_path=self.results_path,
--- a/mvt/common/help.py
+++ b/mvt/common/help.py
@@ -10,6 +10,7 @@ HELP_MSG_FAST = "Avoid running time/resource consuming features"
 HELP_MSG_LIST_MODULES = "Print list of available modules and exit"
 HELP_MSG_MODULE = "Name of a single module you would like to run instead of all"
 HELP_MSG_HASHES = "Generate hashes of all the files analyzed"
+HELP_MSG_VERBOSE = "Verbose mode"

 # Android-specific.
 HELP_MSG_SERIAL = "Specify a device serial number or HOST:PORT connection string"
--- a/mvt/common/module.py
+++ b/mvt/common/module.py
@@ -7,6 +7,7 @@ import csv
 import logging
 import os
 import re
+import glob
 from typing import Any, Dict, List, Optional, Union

 import simplejson as json
@@ -198,6 +199,9 @@ def run_module(module: MVTModule) -> None:
            module.to_timeline()
        except NotImplementedError:
            pass
+        except Exception as exc:
+            module.log.exception("Error when serializing data from module %s: %s",
+                                 module.__class__.__name__, exc)

        module.save_to_json()

@@ -211,7 +215,7 @@ def save_timeline(timeline: list, timeline_path: str) -> None:
    """
    with open(timeline_path, "a+", encoding="utf-8") as handle:
        csvoutput = csv.writer(handle, delimiter=",", quotechar="\"",
-                               quoting=csv.QUOTE_ALL)
+                               quoting=csv.QUOTE_ALL, escapechar='\\')
        csvoutput.writerow(["UTC Timestamp", "Plugin", "Event", "Description"])

        for event in sorted(timeline, key=lambda x: x["timestamp"]
@@ -222,3 +226,51 @@ def save_timeline(timeline: list, timeline_path: str) -> None:
                event.get("event"),
                event.get("data"),
            ])
+
+
+class PostAnalysisModule(MVTModule):
+    """
+    Base module for implementing post-processing rules against the output of
+    multiple MVT modules
+    """
+    @classmethod
+    def from_results(cls, results_path: str, log: logging.Logger):
+        results = cls.load_results(results_path, log=log)
+        return cls(results=results, log=log)
+
+    @classmethod
+    def load_results(cls, results_path: str, log: logging.Logger):
+        """Load the results from a directory of json file."""
+        # TODO: Move this to run once before loading all post-processing modules
+        module_results = {}
+        for json_path in glob.glob(os.path.join(results_path, "*.json")):
+            module_name, _ = os.path.splitext(os.path.basename(json_path))
+            with open(json_path, "r", encoding="utf-8") as handle:
+                try:
+                    module_results[module_name] = json.load(handle)
+                except Exception as exc:
+                    log.error("Unable to load results from file %s: %s",
+                              json_path, exc)
+
+        if not module_results:
+            log.error("Did not find any MVT results at %s", results_path)
+
+        return module_results
+
+    def load_timeline(self):
+        """Load timeline from CSV file"""
+        timeline = []
+        timeline_path = os.path.join(self.results_path, "timeline.csv")
+        with open(timeline_path, "r", encoding="utf-8") as handle:
+            csvinput = csv.reader(handle, delimiter=",", quotechar="\"",
+                                  quoting=csv.QUOTE_ALL, escapechar='\\')
+            for row in csvinput:
+                if row[0] == "UTC Timestamp":
+                    continue
+                timeline.append({
+                    "timestamp": row[0],
+                    "module": row[1],
+                    "event": row[2],
+                    "data": row[3],
+                })
+        return timeline
--- a/mvt/common/utils.py
+++ b/mvt/common/utils.py
@@ -5,10 +5,13 @@

 import datetime
 import hashlib
+import logging
 import os
 import re
 from typing import Any, Iterator, Union

+from rich.logging import RichHandler
+

 def convert_chrometime_to_datetime(timestamp: int) -> datetime.datetime:
    """Converts Chrome timestamp to a datetime.
@@ -197,3 +200,28 @@ def generate_hashes_from_path(path: str, log) -> Iterator[dict]:
                    continue

                yield {"file_path": file_path, "sha256": sha256}
+
+
+def init_logging(verbose: bool = False):
+    """
+    Initialise logging for the MVT module
+    """
+    # Setup logging using Rich.
+    log = logging.getLogger("mvt")
+    log.setLevel(logging.DEBUG)
+    consoleHandler = RichHandler(show_path=False, log_time_format="%X")
+    consoleHandler.setFormatter(logging.Formatter("[%(name)s] %(message)s"))
+    if verbose:
+        consoleHandler.setLevel(logging.DEBUG)
+    else:
+        consoleHandler.setLevel(logging.INFO)
+    log.addHandler(consoleHandler)
+
+
+def set_verbose_logging(verbose: bool = False):
+    log = logging.getLogger("mvt")
+    handler = log.handlers[0]
+    if verbose:
+        handler.setLevel(logging.DEBUG)
+    else:
+        handler.setLevel(logging.INFO)
--- a/mvt/common/version.py
+++ b/mvt/common/version.py
@@ -3,4 +3,4 @@
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/

-MVT_VERSION = "2.2.4"
+MVT_VERSION = "2.2.6"
--- a/mvt/ios/cli.py
+++ b/mvt/ios/cli.py
@@ -8,17 +8,17 @@ import logging
 import os

 import click
-from rich.logging import RichHandler
 from rich.prompt import Prompt

 from mvt.common.cmd_check_iocs import CmdCheckIOCS
 from mvt.common.help import (HELP_MSG_FAST, HELP_MSG_HASHES, HELP_MSG_IOC,
                             HELP_MSG_LIST_MODULES, HELP_MSG_MODULE,
-                             HELP_MSG_OUTPUT)
+                             HELP_MSG_OUTPUT, HELP_MSG_VERBOSE)
 from mvt.common.logo import logo
 from mvt.common.options import MutuallyExclusiveOption
 from mvt.common.updates import IndicatorsUpdates
-from mvt.common.utils import generate_hashes_from_path
+from mvt.common.utils import (generate_hashes_from_path, init_logging,
+                              set_verbose_logging)

 from .cmd_check_backup import CmdIOSCheckBackup
 from .cmd_check_fs import CmdIOSCheckFS
@@ -26,12 +26,10 @@ from .decrypt import DecryptBackup
 from .modules.backup import BACKUP_MODULES
 from .modules.fs import FS_MODULES
 from .modules.mixed import MIXED_MODULES
+from .modules.post_analysis import POST_ANALYSIS_MODULES

-# Setup logging using Rich.
-LOG_FORMAT = "[%(name)s] %(message)s"
-logging.basicConfig(level="INFO", format=LOG_FORMAT, handlers=[
-    RichHandler(show_path=False, log_time_format="%X")])
-log = logging.getLogger(__name__)
+init_logging()
+log = logging.getLogger("mvt")

 # Set this environment variable to a password if needed.
 MVT_IOS_BACKUP_PASSWORD = "MVT_IOS_BACKUP_PASSWORD"
@@ -166,9 +164,12 @@ def extract_key(password, key_file, backup_path):
@click.option("--list-modules", "-l", is_flag=True, help=HELP_MSG_LIST_MODULES)
@click.option("--module", "-m", help=HELP_MSG_MODULE)
@click.option("--hashes", "-H", is_flag=True, help=HELP_MSG_HASHES)
+@click.option("--verbose", "-v", is_flag=True, help=HELP_MSG_VERBOSE)
@click.argument("BACKUP_PATH", type=click.Path(exists=True))
@click.pass_context
-def check_backup(ctx, iocs, output, fast, list_modules, module, hashes, backup_path):
+def check_backup(ctx, iocs, output, fast, list_modules, module, hashes, verbose, backup_path):
+    set_verbose_logging(verbose)
+
    cmd = CmdIOSCheckBackup(target_path=backup_path, results_path=output,
                            ioc_files=iocs, module_name=module, fast_mode=fast,
                            hashes=hashes)
@@ -199,9 +200,11 @@ def check_backup(ctx, iocs, output, fast, list_modules, module, hashes, backup_p
@click.option("--list-modules", "-l", is_flag=True, help=HELP_MSG_LIST_MODULES)
@click.option("--module", "-m", help=HELP_MSG_MODULE)
@click.option("--hashes", "-H", is_flag=True, help=HELP_MSG_HASHES)
+@click.option("--verbose", "-v", is_flag=True, help=HELP_MSG_VERBOSE)
@click.argument("DUMP_PATH", type=click.Path(exists=True))
@click.pass_context
-def check_fs(ctx, iocs, output, fast, list_modules, module, hashes, dump_path):
+def check_fs(ctx, iocs, output, fast, list_modules, module, hashes, verbose, dump_path):
+    set_verbose_logging(verbose)
    cmd = CmdIOSCheckFS(target_path=dump_path, results_path=output,
                        ioc_files=iocs, module_name=module, fast_mode=fast,
                        hashes=hashes)
@@ -232,7 +235,7 @@ def check_fs(ctx, iocs, output, fast, list_modules, module, hashes, dump_path):
@click.pass_context
 def check_iocs(ctx, iocs, list_modules, module, folder):
    cmd = CmdCheckIOCS(target_path=folder, ioc_files=iocs, module_name=module)
-    cmd.modules = BACKUP_MODULES + FS_MODULES + MIXED_MODULES
+    cmd.modules = BACKUP_MODULES + FS_MODULES + MIXED_MODULES + POST_ANALYSIS_MODULES

    if list_modules:
        cmd.list_modules()
--- a/mvt/ios/data/ios_models.json
+++ b/mvt/ios/data/ios_models.json
@@ -0,0 +1,166 @@
+[
+    {
+        "identifier": "iPhone4,1",
+        "description": "iPhone 4S"
+    },
+    {
+        "identifier": "iPhone5,1",
+        "description": "iPhone 5"
+    },
+    {
+        "identifier": "iPhone5,2",
+        "description": "iPhone 5"
+    },
+    {
+        "identifier": "iPhone5,3",
+        "description": "iPhone 5c"
+    },
+    {
+        "identifier": "iPhone5,4",
+        "description": "iPhone 5c"
+    },
+    {
+        "identifier": "iPhone6,1",
+        "description": "iPhone 5s"
+    },
+    {
+        "identifier": "iPhone6,2",
+        "description": "iPhone 5s"
+    },
+    {
+        "identifier": "iPhone7,1",
+        "description": "iPhone 6 Plus"
+    },
+    {
+        "identifier": "iPhone7,2",
+        "description": "iPhone 6"
+    },
+    {
+        "identifier": "iPhone8,1",
+        "description": "iPhone 6s"
+    },
+    {
+        "identifier": "iPhone8,2",
+        "description": "iPhone 6s Plus"
+    },
+    {
+        "identifier": "iPhone8,4",
+        "description": "iPhone SE (1st generation)"
+    },
+    {
+        "identifier": "iPhone9,1",
+        "description": "iPhone 7"
+    },
+    {
+        "identifier": "iPhone9,2",
+        "description": "iPhone 7 Plus"
+    },
+    {
+        "identifier": "iPhone9,3",
+        "description": "iPhone 7"
+    },
+    {
+        "identifier": "iPhone9,4",
+        "description": "iPhone 7 Plus"
+    },
+    {
+        "identifier": "iPhone10,1",
+        "description": "iPhone 8"
+    },
+    {
+        "identifier": "iPhone10,2",
+        "description": "iPhone 8 Plus"
+    },
+    {
+        "identifier": "iPhone10,3",
+        "description": "iPhone X"
+    },
+    {
+        "identifier": "iPhone10,4",
+        "description": "iPhone 8"
+    },
+    {
+        "identifier": "iPhone10,5",
+        "description": "iPhone 8 Plus"
+    },
+    {
+        "identifier": "iPhone10,6",
+        "description": "iPhone X"
+    },
+    {
+        "identifier": "iPhone11,2",
+        "description": "iPhone XS"
+    },
+    {
+        "identifier": "iPhone11,4",
+        "description": "iPhone XS Max"
+    },
+    {
+        "identifier": "iPhone11,6",
+        "description": "iPhone XS Max"
+    },
+    {
+        "identifier": "iPhone11,8",
+        "description": "iPhone XR"
+    },
+    {
+        "identifier": "iPhone12,1",
+        "description": "iPhone 11"
+    },
+    {
+        "identifier": "iPhone12,3",
+        "description": "iPhone 11 Pro"
+    },
+    {
+        "identifier": "iPhone12,5",
+        "description": "iPhone 11 Pro Max"
+    },
+    {
+        "identifier": "iPhone12,8",
+        "description": "iPhone SE (2nd generation)"
+    },
+    {
+        "identifier": "iPhone13,1",
+        "description": "iPhone 12 mini"
+    },
+    {
+        "identifier": "iPhone13,2",
+        "description": "iPhone 12"
+    },
+    {
+        "identifier": "iPhone13,3",
+        "description": "iPhone 12 Pro"
+    },
+    {
+        "identifier": "iPhone13,4",
+        "description": "iPhone 12 Pro Max"
+    },
+    {
+        "identifier": "iPhone14,4",
+        "description": "iPhone 13 Mini"
+    },
+    {
+        "identifier": "iPhone14,5",
+        "description": "iPhone 13"
+    },
+    {
+        "identifier": "iPhone14,2",
+        "description": "iPhone 13 Pro"
+    },
+    {
+        "identifier": "iPhone14,3",
+        "description": "iPhone 13 Pro Max"
+    },
+    {
+        "identifier": "iPhone14,8",
+        "decription": "iPhone 14 Plus"
+    },
+    {
+        "identifier": "iPhone15,2",
+        "description": "iPhone 14 Pro"
+    },
+    {
+        "identifier": "iPhone15,3",
+        "description": "iPhone 14 Pro Max"
+    }
+]
--- a/mvt/ios/data/ios_versions.json
+++ b/mvt/ios/data/ios_versions.json
@@ -0,0 +1,923 @@
+[
+    {
+        "build": "1A543a",
+        "version": "1.0"
+    },
+    {
+        "build": "1C25",
+        "version": "1.0.1"
+    },
+    {
+        "build": "1C28",
+        "version": "1.0.2"
+    },
+    {
+        "build": "3A109a",
+        "version": "1.1.1"
+    },
+    {
+        "build": "3B48b",
+        "version": "1.1.2"
+    },
+    {
+        "build": "4A93",
+        "version": "1.1.3"
+    },
+    {
+        "build": "4A102",
+        "version": "1.1.4"
+    },
+    {
+        "build": "5A347",
+        "version": "2.0"
+    },
+    {
+        "build": "5B108",
+        "version": "2.0.1"
+    },
+    {
+        "build": "5C1",
+        "version": "2.0.2"
+    },
+    {
+        "build": "5F136",
+        "version": "2.1"
+    },
+    {
+        "build": "5G77",
+        "version": "2.2"
+    },
+    {
+        "build": "5H11",
+        "version": "2.2.1"
+    },
+    {
+        "build": "7A341",
+        "version": "3.0"
+    },
+    {
+        "build": "7A400",
+        "version": "3.0.1"
+    },
+    {
+        "build": "7C144",
+        "version": "3.1"
+    },
+    {
+        "build": "7D11",
+        "version": "3.1.2"
+    },
+    {
+        "build": "7E18",
+        "version": "3.1.3"
+    },
+    {
+        "build": "8A293",
+        "version": "4.0"
+    },
+    {
+        "build": "8A306",
+        "version": "4.0.1"
+    },
+    {
+        "build": "8B117",
+        "version": "4.1"
+    },
+    {
+        "build": "8C148",
+        "version": "4.2"
+    },
+    {
+        "build": "8C148a",
+        "version": "4.2.1"
+    },
+    {
+        "build": "8C148",
+        "version": "4.2.1"
+    },
+    {
+        "build": "8E401",
+        "version": "4.2.8"
+    },
+    {
+        "build": "8E501",
+        "version": "4.2.9"
+    },
+    {
+        "build": "8E600",
+        "version": "4.2.10"
+    },
+    {
+        "build": "8F190",
+        "version": "4.3"
+    },
+    {
+        "build": "8J2",
+        "version": "4.3.3"
+    },
+    {
+        "build": "8K2",
+        "version": "4.3.4"
+    },
+    {
+        "build": "8L1",
+        "version": "4.3.5"
+    },
+    {
+        "build": "9A334",
+        "version": "5.0"
+    },
+    {
+        "build": "9A405",
+        "version": "5.0.1"
+    },
+    {
+        "build": "9A406",
+        "version": "5.0.1"
+    },
+    {
+        "build": "9B176",
+        "version": "5.1"
+    },
+    {
+        "build": "9B179",
+        "version": "5.1"
+    },
+    {
+        "build": "9B206",
+        "version": "5.1.1"
+    },
+    {
+        "build": "9B208",
+        "version": "5.1.1"
+    },
+    {
+        "build": "10A403",
+        "version": "6.0"
+    },
+    {
+        "build": "10A405",
+        "version": "6.0"
+    },
+    {
+        "build": "10A523",
+        "version": "6.0.1"
+    },
+    {
+        "build": "10A525",
+        "version": "6.0.1"
+    },
+    {
+        "build": "10A551",
+        "version": "6.0.2"
+    },
+    {
+        "build": "10B141",
+        "version": "6.1"
+    },
+    {
+        "build": "10B144",
+        "version": "6.1"
+    },
+    {
+        "build": "10B142",
+        "version": "6.1"
+    },
+    {
+        "build": "10B143",
+        "version": "6.1"
+    },
+    {
+        "build": "10B145",
+        "version": "6.1.1"
+    },
+    {
+        "build": "10B146",
+        "version": "6.1.2"
+    },
+    {
+        "build": "10B329",
+        "version": "6.1.3"
+    },
+    {
+        "build": "10B350",
+        "version": "6.1.4"
+    },
+    {
+        "build": "10B500",
+        "version": "6.1.6"
+    },
+    {
+        "build": "11B511",
+        "version": "7.0.3"
+    },
+    {
+        "build": "11B554a",
+        "version": "7.0.4"
+    },
+    {
+        "build": "11B601",
+        "version": "7.0.5"
+    },
+    {
+        "build": "11B651",
+        "version": "7.0.6"
+    },
+    {
+        "build": "11D169",
+        "version": "7.1"
+    },
+    {
+        "build": "11D167",
+        "version": "7.1"
+    },
+    {
+        "build": "11D201",
+        "version": "7.1.1"
+    },
+    {
+        "build": "11D257",
+        "version": "7.1.2"
+    },
+    {
+        "build": "12A365",
+        "version": "8.0"
+    },
+    {
+        "build": "12A366",
+        "version": "8.0"
+    },
+    {
+        "build": "12A402",
+        "version": "8.0.1"
+    },
+    {
+        "build": "12A405",
+        "version": "8.0.2"
+    },
+    {
+        "build": "12B411",
+        "version": "8.1"
+    },
+    {
+        "build": "12B435",
+        "version": "8.1.1"
+    },
+    {
+        "build": "12B436",
+        "version": "8.1.1"
+    },
+    {
+        "build": "12B440",
+        "version": "8.1.2"
+    },
+    {
+        "build": "12B466",
+        "version": "8.1.3"
+    },
+    {
+        "build": "12D508",
+        "version": "8.2"
+    },
+    {
+        "build": "12F70",
+        "version": "8.3"
+    },
+    {
+        "build": "12H143",
+        "version": "8.4"
+    },
+    {
+        "build": "12H321",
+        "version": "8.4.1"
+    },
+    {
+        "build": "13A344",
+        "version": "9.0"
+    },
+    {
+        "build": "13A342",
+        "version": "9.0"
+    },
+    {
+        "build": "13A343",
+        "version": "9.0"
+    },
+    {
+        "build": "13A404",
+        "version": "9.0.1"
+    },
+    {
+        "build": "13A405",
+        "version": "9.0.1"
+    },
+    {
+        "build": "13A452",
+        "version": "9.0.2"
+    },
+    {
+        "build": "13B143",
+        "version": "9.1"
+    },
+    {
+        "build": "13C75",
+        "version": "9.2"
+    },
+    {
+        "build": "13D15",
+        "version": "9.2.1"
+    },
+    {
+        "build": "13D20",
+        "version": "9.2.1"
+    },
+    {
+        "build": "13E237",
+        "version": "9.3"
+    },
+    {
+        "build": "13E233",
+        "version": "9.3"
+    },
+    {
+        "build": "13E234",
+        "version": "9.3"
+    },
+    {
+        "build": "13E238",
+        "version": "9.3.1"
+    },
+    {
+        "build": "13F69",
+        "version": "9.3.2"
+    },
+    {
+        "build": "13G34",
+        "version": "9.3.3"
+    },
+    {
+        "build": "13G35",
+        "version": "9.3.4"
+    },
+    {
+        "build": "13G36",
+        "version": "9.3.5"
+    },
+    {
+        "build": "13G37",
+        "version": "9.3.6"
+    },
+    {
+        "build": "14A403",
+        "version": "10.0.1"
+    },
+    {
+        "build": "14A456",
+        "version": "10.0.2"
+    },
+    {
+        "build": "14A551",
+        "version": "10.0.3"
+    },
+    {
+        "build": "14B72",
+        "version": "10.1"
+    },
+    {
+        "build": "14B72c",
+        "version": "10.1"
+    },
+    {
+        "build": "14B150",
+        "version": "10.1.1"
+    },
+    {
+        "build": "14B100",
+        "version": "10.1.1"
+    },
+    {
+        "build": "14C92",
+        "version": "10.2"
+    },
+    {
+        "build": "14D27",
+        "version": "10.2.1"
+    },
+    {
+        "build": "14E277",
+        "version": "10.3"
+    },
+    {
+        "build": "14E304",
+        "version": "10.3.1"
+    },
+    {
+        "build": "14F89",
+        "version": "10.3.2"
+    },
+    {
+        "build": "14G60",
+        "version": "10.3.3"
+    },
+    {
+        "build": "14G61",
+        "version": "10.3.4"
+    },
+    {
+        "build": "15A372",
+        "version": "11.0"
+    },
+    {
+        "build": "15A402",
+        "version": "11.0.1"
+    },
+    {
+        "version": "11.0.1",
+        "build": "15A403"
+    },
+    {
+        "build": "15A421",
+        "version": "11.0.2"
+    },
+    {
+        "build": "15A432",
+        "version": "11.0.3"
+    },
+    {
+        "build": "15B93",
+        "version": "11.1"
+    },
+    {
+        "build": "15B150",
+        "version": "11.1.1"
+    },
+    {
+        "build": "15B202",
+        "version": "11.1.2"
+    },
+    {
+        "build": "15C114",
+        "version": "11.2"
+    },
+    {
+        "build": "15C153",
+        "version": "11.2.1"
+    },
+    {
+        "build": "15C202",
+        "version": "11.2.2"
+    },
+    {
+        "build": "15D60",
+        "version": "11.2.5"
+    },
+    {
+        "build": "15D100",
+        "version": "11.2.6"
+    },
+    {
+        "build": "15E216",
+        "version": "11.3"
+    },
+    {
+        "build": "15E302",
+        "version": "11.3.1"
+    },
+    {
+        "build": "15F79",
+        "version": "11.4"
+    },
+    {
+        "build": "15G77",
+        "version": "11.4.1"
+    },
+    {
+        "build": "16A366",
+        "version": "12.0"
+    },
+    {
+        "build": "16A367",
+        "version": "12.0"
+    },
+    {
+        "build": "16A404",
+        "version": "12.0.1"
+    },
+    {
+        "build": "16A405",
+        "version": "12.0.1"
+    },
+    {
+        "build": "16B92",
+        "version": "12.1"
+    },
+    {
+        "build": "16B94",
+        "version": "12.1"
+    },
+    {
+        "build": "16B93",
+        "version": "12.1"
+    },
+    {
+        "build": "16C50",
+        "version": "12.1.1"
+    },
+    {
+        "build": "16C104",
+        "version": "12.1.2"
+    },
+    {
+        "build": "16C101",
+        "version": "12.1.2"
+    },
+    {
+        "build": "16D39",
+        "version": "12.1.3"
+    },
+    {
+        "build": "16D40",
+        "version": "12.1.3"
+    },
+    {
+        "build": "16D57",
+        "version": "12.1.4"
+    },
+    {
+        "build": "16E227",
+        "version": "12.2"
+    },
+    {
+        "build": "16F156",
+        "version": "12.3"
+    },
+    {
+        "build": "16F203",
+        "version": "12.3.1"
+    },
+    {
+        "build": "16F250",
+        "version": "12.3.2"
+    },
+    {
+        "build": "16G77",
+        "version": "12.4"
+    },
+    {
+        "build": "16G102",
+        "version": "12.4.1"
+    },
+    {
+        "build": "16G114",
+        "version": "12.4.2"
+    },
+    {
+        "build": "16G130",
+        "version": "12.4.3"
+    },
+    {
+        "build": "16G140",
+        "version": "12.4.4"
+    },
+    {
+        "build": "16G161",
+        "version": "12.4.5"
+    },
+    {
+        "build": "16G183",
+        "version": "12.4.6"
+    },
+    {
+        "build": "16G192",
+        "version": "12.4.7"
+    },
+    {
+        "build": "16G201",
+        "version": "12.4.8"
+    },
+    {
+        "build": "16H5",
+        "version": "12.4.9"
+    },
+    {
+        "build": "16H20",
+        "version": "12.5"
+    },
+    {
+        "build": "16H22",
+        "version": "12.5.1"
+    },
+    {
+        "build": "16H30",
+        "version": "12.5.2"
+    },
+    {
+        "build": "16H41",
+        "version": "12.5.3"
+    },
+    {
+        "build": "16H50",
+        "version": "12.5.4"
+    },
+    {
+        "build": "16H62",
+        "version": "12.5.5"
+    },
+    {
+        "build": "16H71",
+        "version": "12.5.6"
+    },
+    {
+        "build": "16H81",
+        "version": "12.5.7"
+    },
+    {
+        "build": "17A577",
+        "version": "13.0"
+    },
+    {
+        "build": "17A844",
+        "version": "13.1"
+    },
+    {
+        "build": "17A854",
+        "version": "13.1.1"
+    },
+    {
+        "build": "17A860",
+        "version": "13.1.2"
+    },
+    {
+        "build": "17A861",
+        "version": "13.1.2"
+    },
+    {
+        "build": "17A878",
+        "version": "13.1.3"
+    },
+    {
+        "build": "17B84",
+        "version": "13.2"
+    },
+    {
+        "build": "17B102",
+        "version": "13.2.2"
+    },
+    {
+        "build": "17B111",
+        "version": "13.2.3"
+    },
+    {
+        "build": "17C54",
+        "version": "13.3"
+    },
+    {
+        "build": "17D50",
+        "version": "13.3.1"
+    },
+    {
+        "build": "17E255",
+        "version": "13.4"
+    },
+    {
+        "build": "17E8255",
+        "version": "13.4"
+    },
+    {
+        "build": "17E262",
+        "version": "13.4.1"
+    },
+    {
+        "build": "17E8258",
+        "version": "13.4.1"
+    },
+    {
+        "build": "17F75",
+        "version": "13.5"
+    },
+    {
+        "build": "17F80",
+        "version": "13.5.1"
+    },
+    {
+        "build": "17G68",
+        "version": "13.6"
+    },
+    {
+        "build": "17G80",
+        "version": "13.6.1"
+    },
+    {
+        "build": "17H35",
+        "version": "13.7"
+    },
+    {
+        "build": "18A373",
+        "version": "14.0"
+    },
+    {
+        "build": "18A393",
+        "version": "14.0.1"
+    },
+    {
+        "build": "18A8395",
+        "version": "14.1"
+    },
+    {
+        "build": "18B92",
+        "version": "14.2"
+    },
+    {
+        "version": "14.2",
+        "build": "18B111"
+    },
+    {
+        "version": "14.2.1",
+        "build": "18B121"
+    },
+    {
+        "build": "18C66",
+        "version": "14.3"
+    },
+    {
+        "build": "18D52",
+        "version": "14.4"
+    },
+    {
+        "build": "18D61",
+        "version": "14.4.1"
+    },
+    {
+        "build": "18D70",
+        "version": "14.4.2"
+    },
+    {
+        "build": "18E199",
+        "version": "14.5"
+    },
+    {
+        "build": "18E212",
+        "version": "14.5.1"
+    },
+    {
+        "build": "18F72",
+        "version": "14.6"
+    },
+    {
+        "build": "18G69",
+        "version": "14.7"
+    },
+    {
+        "build": "18G82",
+        "version": "14.7.1"
+    },
+    {
+        "build": "18H17",
+        "version": "14.8"
+    },
+    {
+        "build": "18H107",
+        "version": "14.8.1"
+    },
+    {
+        "build": "19A341",
+        "version": "15.0"
+    },
+    {
+        "build": "19A346",
+        "version": "15.0"
+    },
+    {
+        "build": "19A348",
+        "version": "15.0.1"
+    },
+    {
+        "build": "19A404",
+        "version": "15.0.2"
+    },
+    {
+        "build": "19B74",
+        "version": "15.1"
+    },
+    {
+        "build": "19B81",
+        "version": "15.1.1"
+    },
+    {
+        "build": "19C56",
+        "version": "15.2"
+    },
+    {
+        "build": "19C63",
+        "version": "15.2.1"
+    },
+    {
+        "build": "19D50",
+        "version": "15.3"
+    },
+    {
+        "build": "19D52",
+        "version": "15.3.1"
+    },
+    {
+        "build": "19E241",
+        "version": "15.4"
+    },
+    {
+        "build": "19E258",
+        "version": "15.4.1"
+    },
+    {
+        "build": "19F77",
+        "version": "15.5"
+    },
+    {
+        "build": "19G71",
+        "version": "15.6"
+    },
+    {
+        "build": "19G82",
+        "version": "15.6.1"
+    },
+    {
+        "build": "19H12",
+        "version": "15.7"
+    },
+    {
+        "build": "19H117",
+        "version": "15.7.1"
+    },
+    {
+        "build": "19H218",
+        "version": "15.7.2"
+    },
+    {
+        "version": "15.7.3",
+        "build": "19H307"
+    },
+    {
+        "version": "15.7.4",
+        "build": "19H321"
+    },
+    {
+        "version": "15.7.5",
+        "build": "19H332"
+    },
+    {
+        "version": "15.7.6",
+        "build": "19H349"
+    },
+    {
+        "build": "20A362",
+        "version": "16.0"
+    },
+    {
+        "build": "20A371",
+        "version": "16.0.1"
+    },
+    {
+        "build": "20A380",
+        "version": "16.0.2"
+    },
+    {
+        "build": "20A392",
+        "version": "16.0.3"
+    },
+    {
+        "build": "20B82",
+        "version": "16.1"
+    },
+    {
+        "build": "20B101",
+        "version": "16.1.1"
+    },
+    {
+        "build": "20B110",
+        "version": "16.1.2"
+    },
+    {
+        "build": "20C65",
+        "version": "16.2"
+    },
+    {
+        "build": "20D47",
+        "version": "16.3"
+    },
+    {
+        "build": "20D67",
+        "version": "16.3.1"
+    },
+    {
+        "build": "20E247",
+        "version": "16.4"
+    },
+    {
+        "build": "20E252",
+        "version": "16.4.1"
+    },
+    {
+        "version": "16.5",
+        "beta": null,
+        "build": "20F66"
+    }
+]
--- a/mvt/ios/modules/backup/manifest.py
+++ b/mvt/ios/modules/backup/manifest.py
@@ -158,6 +158,7 @@ class Manifest(IOSExtraction):
                        "mode": oct(self._get_key(file_metadata, "Mode")),
                        "owner": self._get_key(file_metadata, "UserID"),
                        "size": self._get_key(file_metadata, "Size"),
+                        "type": "file" if file_data["flags"] == 1 else "directory",
                    })
                except Exception:
                    self.log.exception("Error reading manifest file metadata for file with ID %s "
--- a/mvt/ios/modules/mixed/applications.py
+++ b/mvt/ios/modules/mixed/applications.py
@@ -61,8 +61,8 @@ class Applications(IOSExtraction):
                    self.detected.append(result)
                    continue

-            if result.get("sourceApp", "com.apple.AppStore") != "com.apple.AppStore":
-                self.log.warning("Suspicious app not installed from the App Store: %s", result["softwareVersionBundleId"])
+            if result.get("sourceApp", "com.apple.AppStore") not in ["com.apple.AppStore", "com.apple.dmd", "dmd"]:
+                self.log.warning("Suspicious app not installed from the App Store or MDM: %s", result["softwareVersionBundleId"])
                self.detected.append(result)

    def _parse_itunes_timestamp(self, entry: Dict[str, Any]) -> None:
--- a/mvt/ios/modules/mixed/calendar.py
+++ b/mvt/ios/modules/mixed/calendar.py
@@ -59,7 +59,7 @@ class Calendar(IOSExtraction):

    def check_indicators(self) -> None:
        for result in self.results:
-            if result["participant_email"]:
+            if result["participant_email"] and self.indicators:
                ioc = self.indicators.check_email(result["participant_email"])
                if ioc:
                    result["matched_indicator"] = ioc
--- a/mvt/ios/modules/mixed/whatsapp.py
+++ b/mvt/ios/modules/mixed/whatsapp.py
@@ -38,7 +38,7 @@ class Whatsapp(IOSExtraction):
    def serialize(self, record: dict) -> Union[dict, list]:
        text = record.get("ZTEXT", "").replace("\n", "\\n")
        links_text = ""
-        if record["links"]:
+        if record.get("links"):
            links_text = " - Embedded links: " + ", ".join(record["links"])

        return {
--- a/mvt/ios/modules/post_analysis/init.py
+++ b/mvt/ios/modules/post_analysis/init.py
@@ -0,0 +1,3 @@
+from .attachment_deletion import PostAttachmentDeletion
+
+POST_ANALYSIS_MODULES = [PostAttachmentDeletion]
--- a/mvt/ios/modules/post_analysis/attachment_deletion.py
+++ b/mvt/ios/modules/post_analysis/attachment_deletion.py
@@ -0,0 +1,101 @@
+import logging
+import datetime
+from typing import Optional
+
+from mvt.common.module import PostAnalysisModule
+
+
+class PostAttachmentDeletion(PostAnalysisModule):
+    """
+    Heuristic detection for attachment deletion in a cert time period.
+
+
+    This module implements a hueuristic detection for a multiple iOS SMS attachmemt being deleted
+    in a short period of time. This is a similar concept to the following script used
+    by Kaspersky Labs to detect infections with the Triangulation iOS malware:
+    https://github.com/KasperskyLab/triangle_check/blob/main/triangle_check/__init__.py
+    """
+    def __init__(
+        self,
+        file_path: Optional[str] = None,
+        target_path: Optional[str] = None,
+        results_path: Optional[str] = None,
+        fast_mode: Optional[bool] = False,
+        log: logging.Logger = logging.getLogger(__name__),
+        results: Optional[list] = None
+    ) -> None:
+        super().__init__(file_path=file_path, target_path=target_path,
+                         results_path=results_path, fast_mode=fast_mode,
+                         log=log, results=results)
+
+        self.required_modules = ["manifest"]
+
+
+    def load_locationd_events(self):
+        locationd_clients = self.results["locationd_clients"]
+        locations_stopped_event = [event for event in locationd_clients if "LocationTimeStopped" in event]
+        return locations_stopped_event
+
+    def run(self) -> None:
+        """
+        Run the post-processing module.
+
+        The logical is to look for all SMS attachment directories which were recently created
+        shortly before their last modified time, but which have no contained files.
+        """
+        for module in self.required_modules:
+            if module not in self.results:
+                raise Exception(f"Required module {module} was not found in results. Did you run the required modules?")
+
+        locationd_events = []
+        locationd_client_iocs = [
+            "com.apple.locationd.bundle-/System/Library/LocationBundles/IonosphereHarvest.bundle",
+            "com.apple.locationd.bundle-/System/Library/LocationBundles/WRMLinkSelection.bundle"
+        ]
+        for event in self.load_locationd_events():
+            for ioc in locationd_client_iocs:
+                if ioc in event["Registered"]:
+                    locationd_events.append(event)
+                    print(event)
+
+
+
+        # Filter the relevant events from the manifest:
+        events_by_time = {}
+        sms_files = [event for event in self.results["manifest"] if event["relative_path"].startswith("Library/SMS/Attachments/")]
+        attachment_folders = {}
+        for record in sorted(sms_files, key=lambda x: x["relative_path"]):
+            num_path_segments = record["relative_path"].count('/')
+            # Skip entries with a full-path
+            # if not (num_path_segments == 3 or num_path_segments == 4):
+            #     continue
+
+            attachment_root = "/".join(record["relative_path"].split('/', 5)[:5])
+            attachment_folder = attachment_folders.get(attachment_root, [])
+            attachment_folder.append(record)
+            attachment_folders[attachment_root] = attachment_folder
+
+        # Look for directories containing no files, which had a short lifespan
+        for key, items in attachment_folders.items():
+            has_files = any([item["flags"] == 1 for item in items])
+            if has_files:
+                continue
+
+            for item in sorted(items, key=lambda x: x["created"]):
+                # item_created = datetime.datetime.strptime(item["created"], "%Y-%m-%d %H:%M:%S.%f")
+                item_modified = datetime.datetime.strptime(item["modified"], "%Y-%m-%d %H:%M:%S.%f") # M
+                status_changed = datetime.datetime.strptime(item["status_changed"], "%Y-%m-%d %H:%M:%S.%f") # C
+
+                # self.append_timeline(fs_stat['LastModified'], ('M', relativePath))
+                # self.append_timeline(fs_stat['LastStatusChange'], ('C', relativePath))
+                # self.append_timeline(fs_stat['Birth'], ('B', relativePath))
+
+
+                # Skip items which were created and modified at the same time, likely never had files.
+                # print(item["relative_path"], status_changed, item_modified)
+                if item_modified == status_changed:
+                    print("changed == modified", item["relative_path"], status_changed, item_modified)
+                    continue
+
+                if (item_modified - status_changed): # < datetime.timedelta(minutes=10):
+                     self.log.info(f"Possible attachment deletion. Attachment folder '{key}' with no files, created and modified within 10 minutes. '{item['relative_path']}' created {item_created}, modified {item_modified})")
--- a/mvt/ios/versions.py
+++ b/mvt/ios/versions.py
@@ -2,279 +2,16 @@
 # Copyright (c) 2021-2023 Claudio Guarnieri.
 # Use of this software is governed by the MVT License 1.1 that can be found at
 #   https://license.mvt.re/1.1/
+import json
 from logging import Logger
 from typing import Dict, Optional

 import packaging
+import pkgutil

-IPHONE_MODELS = [
-    {"identifier": "iPhone4,1", "description": "iPhone 4S"},
-    {"identifier": "iPhone5,1", "description": "iPhone 5"},
-    {"identifier": "iPhone5,2", "description": "iPhone 5"},
-    {"identifier": "iPhone5,3", "description": "iPhone 5c"},
-    {"identifier": "iPhone5,4", "description": "iPhone 5c"},
-    {"identifier": "iPhone6,1", "description": "iPhone 5s"},
-    {"identifier": "iPhone6,2", "description": "iPhone 5s"},
-    {"identifier": "iPhone7,1", "description": "iPhone 6 Plus"},
-    {"identifier": "iPhone7,2", "description": "iPhone 6"},
-    {"identifier": "iPhone8,1", "description": "iPhone 6s"},
-    {"identifier": "iPhone8,2", "description": "iPhone 6s Plus"},
-    {"identifier": "iPhone8,4", "description": "iPhone SE (1st generation)"},
-    {"identifier": "iPhone9,1", "description": "iPhone 7"},
-    {"identifier": "iPhone9,2", "description": "iPhone 7 Plus"},
-    {"identifier": "iPhone9,3", "description": "iPhone 7"},
-    {"identifier": "iPhone9,4", "description": "iPhone 7 Plus"},
-    {"identifier": "iPhone10,1", "description": "iPhone 8"},
-    {"identifier": "iPhone10,2", "description": "iPhone 8 Plus"},
-    {"identifier": "iPhone10,3", "description": "iPhone X"},
-    {"identifier": "iPhone10,4", "description": "iPhone 8"},
-    {"identifier": "iPhone10,5", "description": "iPhone 8 Plus"},
-    {"identifier": "iPhone10,6", "description": "iPhone X"},
-    {"identifier": "iPhone11,2", "description": "iPhone XS"},
-    {"identifier": "iPhone11,4", "description": "iPhone XS Max"},
-    {"identifier": "iPhone11,6", "description": "iPhone XS Max"},
-    {"identifier": "iPhone11,8", "description": "iPhone XR"},
-    {"identifier": "iPhone12,1", "description": "iPhone 11"},
-    {"identifier": "iPhone12,3", "description": "iPhone 11 Pro"},
-    {"identifier": "iPhone12,5", "description": "iPhone 11 Pro Max"},
-    {"identifier": "iPhone12,8", "description": "iPhone SE (2nd generation)"},
-    {"identifier": "iPhone13,1", "description": "iPhone 12 mini"},
-    {"identifier": "iPhone13,2", "description": "iPhone 12"},
-    {"identifier": "iPhone13,3", "description": "iPhone 12 Pro"},
-    {"identifier": "iPhone13,4", "description": "iPhone 12 Pro Max"},
-    {"identifier": "iPhone14,4", "description": "iPhone 13 Mini"},
-    {"identifier": "iPhone14,5", "description": "iPhone 13"},
-    {"identifier": "iPhone14,2", "description": "iPhone 13 Pro"},
-    {"identifier": "iPhone14,3", "description": "iPhone 13 Pro Max"},
-    {"identifier": "iPhone14,8", "decription": "iPhone 14 Plus"},
-    {"identifier": "iPhone15,2", "description": "iPhone 14 Pro"},
-    {"identifier": "iPhone15,3", "description": "iPhone 14 Pro Max"}
-]

-IPHONE_IOS_VERSIONS = [
-    {"build": "1A543a", "version": "1.0"},
-    {"build": "1C25", "version": "1.0.1"},
-    {"build": "1C28", "version": "1.0.2"},
-    {"build": "3A109a", "version": "1.1.1"},
-    {"build": "3B48b", "version": "1.1.2"},
-    {"build": "4A93", "version": "1.1.3"},
-    {"build": "4A102", "version": "1.1.4"},
-    {"build": "5A347", "version": "2.0"},
-    {"build": "5B108", "version": "2.0.1"},
-    {"build": "5C1", "version": "2.0.2"},
-    {"build": "5F136", "version": "2.1"},
-    {"build": "5G77", "version": "2.2"},
-    {"build": "5H11", "version": "2.2.1"},
-    {"build": "7A341", "version": "3.0"},
-    {"build": "7A400", "version": "3.0.1"},
-    {"build": "7C144", "version": "3.1"},
-    {"build": "7D11", "version": "3.1.2"},
-    {"build": "7E18", "version": "3.1.3"},
-    {"build": "8A293", "version": "4.0"},
-    {"build": "8A306", "version": "4.0.1"},
-    {"build": "8B117", "version": "4.1"},
-    {"build": "8C148", "version": "4.2"},
-    {"build": "8C148a", "version": "4.2.1"},
-    {"build": "8C148", "version": "4.2.1"},
-    {"build": "8E600", "version": "4.2.10"},
-    {"build": "8E401", "version": "4.2.8"},
-    {"build": "8E501", "version": "4.2.9"},
-    {"build": "8F190", "version": "4.3"},
-    {"build": "8J2", "version": "4.3.3"},
-    {"build": "8K2", "version": "4.3.4"},
-    {"build": "8L1", "version": "4.3.5"},
-    {"build": "9A334", "version": "5.0"},
-    {"build": "9A405", "version": "5.0.1"},
-    {"build": "9A406", "version": "5.0.1"},
-    {"build": "9B176", "version": "5.1"},
-    {"build": "9B179", "version": "5.1"},
-    {"build": "9B206", "version": "5.1.1"},
-    {"build": "9B208", "version": "5.1.1"},
-    {"build": "10A403", "version": "6.0"},
-    {"build": "10A405", "version": "6.0"},
-    {"build": "10A523", "version": "6.0.1"},
-    {"build": "10A525", "version": "6.0.1"},
-    {"build": "10A551", "version": "6.0.2"},
-    {"build": "10B141", "version": "6.1"},
-    {"build": "10B144", "version": "6.1"},
-    {"build": "10B142", "version": "6.1"},
-    {"build": "10B143", "version": "6.1"},
-    {"build": "10B145", "version": "6.1.1"},
-    {"build": "10B146", "version": "6.1.2"},
-    {"build": "10B329", "version": "6.1.3"},
-    {"build": "10B350", "version": "6.1.4"},
-    {"build": "10B500", "version": "6.1.6"},
-    {"build": "11B511", "version": "7.0.3"},
-    {"build": "11B554a", "version": "7.0.4"},
-    {"build": "11B601", "version": "7.0.5"},
-    {"build": "11B651", "version": "7.0.6"},
-    {"build": "11D169", "version": "7.1"},
-    {"build": "11D167", "version": "7.1"},
-    {"build": "11D201", "version": "7.1.1"},
-    {"build": "11D257", "version": "7.1.2"},
-    {"build": "12A365", "version": "8.0"},
-    {"build": "12A366", "version": "8.0"},
-    {"build": "12A402", "version": "8.0.1"},
-    {"build": "12A405", "version": "8.0.2"},
-    {"build": "12B411", "version": "8.1"},
-    {"build": "12B435", "version": "8.1.1"},
-    {"build": "12B436", "version": "8.1.1"},
-    {"build": "12B440", "version": "8.1.2"},
-    {"build": "12B466", "version": "8.1.3"},
-    {"build": "12D508", "version": "8.2"},
-    {"build": "12F70", "version": "8.3"},
-    {"build": "12H143", "version": "8.4"},
-    {"build": "12H321", "version": "8.4.1"},
-    {"build": "13A344", "version": "9.0"},
-    {"build": "13A342", "version": "9.0"},
-    {"build": "13A343", "version": "9.0"},
-    {"build": "13A404", "version": "9.0.1"},
-    {"build": "13A405", "version": "9.0.1"},
-    {"build": "13A452", "version": "9.0.2"},
-    {"build": "13B143", "version": "9.1"},
-    {"build": "13C75", "version": "9.2"},
-    {"build": "13D15", "version": "9.2.1"},
-    {"build": "13D20", "version": "9.2.1"},
-    {"build": "13E237", "version": "9.3"},
-    {"build": "13E233", "version": "9.3"},
-    {"build": "13E234", "version": "9.3"},
-    {"build": "13E238", "version": "9.3.1"},
-    {"build": "13F69", "version": "9.3.2"},
-    {"build": "13G34", "version": "9.3.3"},
-    {"build": "13G35", "version": "9.3.4"},
-    {"build": "13G36", "version": "9.3.5"},
-    {"build": "13G37", "version": "9.3.6"},
-    {"build": "14A403", "version": "10.0.1"},
-    {"build": "14A456", "version": "10.0.2"},
-    {"build": "14A551", "version": "10.0.3"},
-    {"build": "14B72", "version": "10.1"},
-    {"build": "14B72c", "version": "10.1"},
-    {"build": "14B150", "version": "10.1.1"},
-    {"build": "14B100", "version": "10.1.1"},
-    {"build": "14C92", "version": "10.2"},
-    {"build": "14D27", "version": "10.2.1"},
-    {"build": "14E277", "version": "10.3"},
-    {"build": "14E304", "version": "10.3.1"},
-    {"build": "14F89", "version": "10.3.2"},
-    {"build": "14G60", "version": "10.3.3"},
-    {"build": "14G61", "version": "10.3.4"},
-    {"build": "15A372", "version": "11.0"},
-    {"build": "15A402", "version": "11.0.1"},
-    {"build": "15A421", "version": "11.0.2"},
-    {"build": "15A432", "version": "11.0.3"},
-    {"build": "15B93", "version": "11.1"},
-    {"build": "15B150", "version": "11.1.1"},
-    {"build": "15B202", "version": "11.1.2"},
-    {"build": "15C114", "version": "11.2"},
-    {"build": "15C153", "version": "11.2.1"},
-    {"build": "15C202", "version": "11.2.2"},
-    {"build": "15D60", "version": "11.2.5"},
-    {"build": "15D100", "version": "11.2.6"},
-    {"build": "15E216", "version": "11.3"},
-    {"build": "15E302", "version": "11.3.1"},
-    {"build": "15F79", "version": "11.4"},
-    {"build": "15G77", "version": "11.4.1"},
-    {"build": "16A366", "version": "12.0"},
-    {"build": "16A367", "version": "12.0"},
-    {"build": "16A404", "version": "12.0.1"},
-    {"build": "16A405", "version": "12.0.1"},
-    {"build": "16B92", "version": "12.1"},
-    {"build": "16B94", "version": "12.1"},
-    {"build": "16B93", "version": "12.1"},
-    {"build": "16C50", "version": "12.1.1"},
-    {"build": "16C104", "version": "12.1.2"},
-    {"build": "16C101", "version": "12.1.2"},
-    {"build": "16D39", "version": "12.1.3"},
-    {"build": "16D40", "version": "12.1.3"},
-    {"build": "16D57", "version": "12.1.4"},
-    {"build": "16E227", "version": "12.2"},
-    {"build": "16F156", "version": "12.3"},
-    {"build": "16F203", "version": "12.3.1"},
-    {"build": "16F250", "version": "12.3.2"},
-    {"build": "16G77", "version": "12.4"},
-    {"build": "16G102", "version": "12.4.1"},
-    {"build": "16G114", "version": "12.4.2"},
-    {"build": "16G130", "version": "12.4.3"},
-    {"build": "16G140", "version": "12.4.4"},
-    {"build": "16G161", "version": "12.4.5"},
-    {"build": "16G183", "version": "12.4.6"},
-    {"build": "16G192", "version": "12.4.7"},
-    {"build": "16G201", "version": "12.4.8"},
-    {"build": "16H5", "version": "12.4.9"},
-    {"build": "16H20", "version": "12.5"},
-    {"build": "16H22", "version": "12.5.1"},
-    {"build": "16H30", "version": "12.5.2"},
-    {"build": "16H41", "version": "12.5.3"},
-    {"build": "16H50", "version": "12.5.4"},
-    {"build": "16H62", "version": "12.5.5"},
-    {"build": "16H71", "version": "12.5.6"},
-    {"build": "16H81", "version": "12.5.7"},
-    {"build": "17A577", "version": "13.0"},
-    {"build": "17A844", "version": "13.1"},
-    {"build": "17A854", "version": "13.1.1"},
-    {"build": "17A860", "version": "13.1.2"},
-    {"build": "17A861", "version": "13.1.2"},
-    {"build": "17A878", "version": "13.1.3"},
-    {"build": "17B84", "version": "13.2"},
-    {"build": "17B102", "version": "13.2.2"},
-    {"build": "17B111", "version": "13.2.3"},
-    {"build": "17C54", "version": "13.3"},
-    {"build": "17D50", "version": "13.3.1"},
-    {"build": "17E255", "version": "13.4"},
-    {"build": "17E8255", "version": "13.4"},
-    {"build": "17E262", "version": "13.4.1"},
-    {"build": "17E8258", "version": "13.4.1"},
-    {"build": "17F75", "version": "13.5"},
-    {"build": "17F80", "version": "13.5.1"},
-    {"build": "17G68", "version": "13.6"},
-    {"build": "17G80", "version": "13.6.1"},
-    {"build": "17H35", "version": "13.7"},
-    {"build": "18A373", "version": "14.0"},
-    {"build": "18A393", "version": "14.0.1"},
-    {"build": "18A8395", "version": "14.1"},
-    {"build": "18B92", "version": "14.2"},
-    {"build": "18C66", "version": "14.3"},
-    {"build": "18D52", "version": "14.4"},
-    {"build": "18D61", "version": "14.4.1"},
-    {"build": "18D70", "version": "14.4.2"},
-    {"build": "18E199", "version": "14.5"},
-    {"build": "18E212", "version": "14.5.1"},
-    {"build": "18F72", "version": "14.6"},
-    {"build": "18G69", "version": "14.7"},
-    {"build": "18G82", "version": "14.7.1"},
-    {"build": "18H17", "version": "14.8"},
-    {"build": "18H107", "version": "14.8.1"},
-    {"build": "19A341", "version": "15.0"},
-    {"build": "19A346", "version": "15.0"},
-    {"build": "19A348", "version": "15.0.1"},
-    {"build": "19A404", "version": "15.0.2"},
-    {"build": "19B74", "version": "15.1"},
-    {"build": "19B81", "version": "15.1.1"},
-    {"build": "19C56", "version": "15.2"},
-    {"build": "19C63", "version": "15.2.1"},
-    {"build": "19D50", "version": "15.3"},
-    {"build": "19D52", "version": "15.3.1"},
-    {"build": "19E241", "version": "15.4"},
-    {"build": "19E258", "version": "15.4.1"},
-    {"build": "19F77", "version": "15.5"},
-    {"build": "19G71", "version": "15.6"},
-    {"build": "19G82", "version": "15.6.1"},
-    {"build": "19H12", "version": "15.7"},
-    {"build": "19H117", "version": "15.7.1"},
-    {"build": "19H218", "version": "15.7.2"},
-    {"build": "20A362", "version": "16.0"},
-    {"build": "20A371", "version": "16.0.1"},
-    {"build": "20A380", "version": "16.0.2"},
-    {"build": "20A392", "version": "16.0.3"},
-    {"build": "20B82", "version": "16.1"},
-    {"build": "20B101", "version": "16.1.1"},
-    {"build": "20B110", "version": "16.1.2"},
-    {"build": "20C65", "version": "16.2"},
-    {"build": "20D47", "version": "16.3"},
-    {"build": "20D67", "version": "16.3.1"},
-    {"build": "20E247", "version": "16.4"},
-    {"build": "20E252", "version": "16.4.1"}
-]
+IPHONE_MODELS = json.loads(pkgutil.get_data("mvt", "ios/data/ios_models.json"))
+IPHONE_IOS_VERSIONS = json.loads(pkgutil.get_data("mvt", "ios/data/ios_versions.json"))


 def get_device_desc_from_id(identifier: str,
--- a/setup.cfg
+++ b/setup.cfg
@@ -42,6 +42,9 @@ console_scripts =
    mvt-ios = mvt.ios:cli
    mvt-android = mvt.android:cli

+[options.package_data]
+mvt = ios/data/*.json
+
 [flake8]
 max-complexity = 10
 max-line-length = 1000
--- a/tests/android_bugreport/init.py
+++ b/tests/android_bugreport/init.py
--- a/tests/android_bugreport/test_bugreport.py
+++ b/tests/android_bugreport/test_bugreport.py
@@ -8,6 +8,7 @@ from pathlib import Path

 from mvt.android.modules.bugreport.appops import Appops
 from mvt.android.modules.bugreport.packages import Packages
+from mvt.android.modules.bugreport.getprop import Getprop
 from mvt.common.module import run_module

 from ..utils import get_artifact_folder
@@ -40,3 +41,7 @@ class TestBugreportAnalysis:
        assert m.results[1]["package_name"] == "com.instagram.android"
        assert len(m.results[0]["permissions"]) == 4
        assert len(m.results[1]["permissions"]) == 32
+
+    def test_getprop_module(self):
+        m = self.launch_bug_report_module(Getprop)
+        assert len(m.results) == 0
Author	SHA1	Message	Date
Donncha Ó Cearbhaill	95b2f04db6	WIP for Triangulation post-processing module	2023-06-28 21:46:18 +02:00
Donncha Ó Cearbhaill	289b7efdeb	Add missing iOS build numbers	2023-05-21 17:11:07 +01:00
Donncha Ó Cearbhaill	166a63e14c	Merge pull request #347 from mvt-project/auto/add-new-ios-releases [auto] Update iOS releases and versions	2023-05-21 17:54:25 +02:00
DonnchaC	1b933fdb12	Add new iOS versions and build numbers	2023-05-21 15:53:45 +00:00
Donncha Ó Cearbhaill	0c0ff7012b	Set branch number for auto-generated pull request	2023-05-21 16:52:47 +01:00
Donncha Ó Cearbhaill	f9b0d07a81	Don't include information beta's in the version JSON	2023-05-21 16:49:14 +01:00
Donncha Ó Cearbhaill	d14bcdd05f	Update title used in auto PR for new iOS versions	2023-05-21 16:47:56 +01:00
Donncha Ó Cearbhaill	e026bb0a76	Fix path to script in workflow	2023-05-21 16:44:17 +01:00
Donncha Ó Cearbhaill	253b4f031a	Allow workflow to be triggered manually	2023-05-21 16:42:54 +01:00
Donncha Ó Cearbhaill	ec14297643	Merge pull request #345 from mvt-project/feature/auto-update-version-info Add workflow to auto-update iOS builds and version numbers	2023-05-21 17:38:46 +02:00
Donncha Ó Cearbhaill	3142d86edd	Fix path to include version JSON files in built package	2023-05-21 16:37:36 +01:00
Donncha Ó Cearbhaill	c18998d771	Add version 16.5 to resolve merge conflict from main	2023-05-21 16:26:12 +01:00
Donncha Ó Cearbhaill	22fd794fb8	Fix python style and setup.cfg syntax	2023-05-21 16:15:49 +01:00
Donncha Ó Cearbhaill	27c5c76dc2	Add script and worker to auto-update build and version info	2023-05-21 16:09:50 +01:00
Donncha Ó Cearbhaill	fafbac3545	Fix sorting of version numbers	2023-05-20 21:49:27 +01:00
Donncha Ó Cearbhaill	bbfaadd297	Load iOS device and build information from a JSON file.	2023-05-20 21:24:14 +01:00
tek	85abed55b6	Merge branch 'main' of github.com:mvt-project/mvt	2023-05-20 00:14:01 +02:00
tek	2fbd7607ef	Adds latest iOS version	2023-05-20 00:11:16 +02:00
Donncha Ó Cearbhaill	3787dc48cd	Fix bug where getprop sections where missing due to non-standard section header	2023-05-18 11:28:10 +02:00
tek	f814244ff8	Fixes bug in bugreport getprop module	2023-05-06 11:20:10 -04:00
tek	11730f164f	Fixes an issue in androidqf SMS module	2023-05-06 11:04:42 -04:00
Sebastian Pederiva	912fb060cb	Fix error when creating report: csv.Error (#341 )	2023-05-02 17:09:16 +02:00
tek	a9edf4a9fe	Bumps version	2023-04-25 12:20:45 +02:00
tek	ea7b9066ba	Improves iOS app detection	2023-04-25 11:21:55 +02:00
tek	fd81e3aa13	Adds verbose mode	2023-04-25 11:13:46 +02:00
tek	15477cc187	Bumps version	2023-04-13 17:59:05 +02:00
tek	551b95b38b	Improves documentation	2023-04-13 16:11:55 +02:00
tek	d767abb912	Fixes a bug in the calendar plugin	2023-04-13 13:21:33 +02:00
tek	8a507b0a0b	Fixes a bug in WhatsApp iOS module	2023-04-13 09:26:52 +02:00