我已按照 mvt-ios 指南使用 pythonSTIX2 运行解密的 JSON 文件。现在我有一个我不明白的输出。任何建议和评论都非常感谢。
a@a:~/Peg$ mvt-ios check-backup --iocs ~/Peg/+iPhoneSTX ~/Peg/+iPhonejson
11:07:50 INFO [mvt.ios.cli] Checking iTunes backup located at: /home/a/Peg/+iPhonejson
INFO [mvt.ios.cli] Parsing STIX2 indicators file at path /home/a/Peg/+iPhoneSTX
Traceback (most recent call last):
File "/home/a/.local/bin/mvt-ios", line 8, in <module>
sys.exit(cli())
File "/home/a/.local/lib/python3.9/site-packages/click/core.py", line 1137, in __call__
return self.main(*args, **kwargs)
File "/home/a/.local/lib/python3.9/site-packages/click/core.py", line 1062, in main
rv = self.invoke(ctx)
File "/home/a/.local/lib/python3.9/site-packages/click/core.py", line 1668, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/home/a/.local/lib/python3.9/site-packages/click/core.py", line 1404, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/home/a/.local/lib/python3.9/site-packages/click/core.py", line 763, in invoke
return __callback(*args, **kwargs)
File "/home/a/.local/lib/python3.9/site-packages/click/decorators.py", line 26, in new_func
return f(get_current_context(), *args, **kwargs)
File "/home/a/.local/lib/python3.9/site-packages/mvt/ios/cli.py", line 152, in check_backup
indicators.parse_stix2(ioc_path)
File "/home/a/.local/lib/python3.9/site-packages/mvt/common/indicators.py", line 39, in parse_stix2
with open(file_path, "r") as handle:
IsADirectoryError: [Errno 21] Is a directory: '/home/a/Peg/+iPhoneSTX'
答案1
这里有多个问题 - 似乎(1)您可能需要安装 homebrew 和 MVT 依赖项,以及(2)STIX2 文件必须是文件,而不是目录。
我建议通过检查此处的 MVT 文档来确保所有依赖项都已设置: