Releases: Ch0pin/medusa
Medusa Version 2.9.0
Summary
This version brings significant enhancements, particularly to Mango, which now includes device assessment capabilities. Specifically, Mango can process a batch of APKs within a specified directory by importing them, displaying a summary of their exposure levels, showing special permissions, and more. Many thanks to @alright21 for contributions to this release, including features related to installing, pulling, and patching multiple APKs.
Features and Improvements
Mango
- Exposure Summary: Display existing applications based on their exported components, indicating the exposure level of each app.
- Permission Display: Show potential permissions when an exported component is protected.
- Split APK Support: Added capability to pull split APKs in addition to the base APK.
- Debug Flag Modification: Modify the debug flag for APK bundles.
- Bulk APK Installation: Install multiple APKs simultaneously.
Medusa
- Module Enhancements: Improved various modules for better clarity and performance.
Bug Fixes
- Manifest Parsing: Fixed multiple issues that caused Mango to abort during manifest parsing.
Medusa Version 2.8.6
Features and Improvements:
- Module Improvements: Improved various modules for better performance and reliability.
- Socket Server Support: Introduced support for socket server.
- Logging and Configuration: Adjusted
mango
logging configuration, improved logging details, such as device ID display in prompts. - Permission and Activity Reporting: Enhanced reporting for application permissions, added reporting for root activity and development frameworks (Xamarin, ReactNative, Ionic, Flutter).
- Intent Redirection: Enhanced functionality to redirect intent to a new activity.
- Keyword and Filter Updates: Added and refined keywords for better filtering and reporting.
- Module Output and Interaction: Improved output of modules, including handling for
jetpack
internal fragment exposure.
Bug Fixes:
- Fixed multiple bugs, including typos, string format issues, and residual code removal.
- Resolved issues with
search
command and module crashes. - Addressed issues in non-interactive mode to prevent session hang.
Medusa Version 2.4.6
This release includes a wide range of improvements and fixes that enhance the functionality and reliability of our tool. Here are the highlights:
Features and Improvements:
-
Non-Interactive Mode: Run Medusa in a non-interactive mode for streamlined operations.
-
Net_URI Module Improvement: Enhanced the net_uri module for better performance.
-
DNS Logger: Introduced a DNS logger for improved network monitoring.
-
Dependency Updates: Updated the apktool dependency to address CVE-2024-21633 and made adjustments to the google_trans_new dependency for better stability.
-
Command Enhancements: Made significant improvements to the get command for better display of list values.
-
Logging and Optimizations: Reduced logs in android_core and optimized logging headers. Also, introduced more efficient logcat improvements.
Fixes:
-
Bug Fixes: Addressed a critical bug introduced in a previous commit that affected app deletion from the database. Fixed various issues including typos, variable conflicts, and spacing issues.
-
Refactor and Cleanup: Conducted a thorough refactor of the codebase, including the use of local utilities, f-string updates, and PEP-8 compliant spacing for improved readability and maintainability.
-
Security and Stability: Made module adjustments and root script touch-ups for enhanced security and application stability.
-
Codebase Cleanup: Removed unused imports, updated conditional statements, and simplified expressions for cleaner and more efficient code.
-
License Update: Updated the license information to reflect current standards and compliance.
Huge shout-out @jxdv, @alright21 and @giorgosioak for their valuable contributions !!
Medusa Version 2.0.0
Release Notes for Version 2.0.0
Excited to announce the release of Medusa version 2.0.0, which includes several important updates, improvements, and bug fixes. Here's what's new:
-
Added iOS support
iOS support, allowing you to use Medusa for both Android and iOS app analysis and security testing.
-
Mango to report on static evasion tactics
- Handle APKs that employ static analysis evasion methods,
- Report, during an import, whether a static analysis evasion method was used or not.
Shout out @erev0s for the contribution !
-
Keep notes with mango
Mango supports adding notes for each imported application
-
Module Enhancements
Numerous modules have undergone enhancements and new additions. Below is a concise overview of the key updates:
- Improved the screencap module for better performance and usability. Shout out @giorgosioak for contributing to this enhancement.
- New SSL unpinning module, thanks to @Devang-Solanki
- Enabled debug mode during WebView initialization, providing enhanced debugging capabilities when working with WebView components.
- Better intent monitoring
- The agent script was enhanced with additional capabilities.
- Lots of new modules, including cookiemanager hooks to monitor cookie manual set/get
Medusa 1.2.4
Added features
New modules:
- bundle_trace_get_methods
- fragment_hook_basics
New features:
- Add or remove modules while on active Frida session (by entering suspension mode -sus-)
- Highlight interesting intent extras
- memscan can "attach" to a running process
- support for nuclei templates scan
- hook a process by pid
- import an installed app to mango. Improved the list command in order to filter package ranges
Fixes:
- hook natives fix was causing errors in the final script
- intercept setWebContentsDebuggingEnabled to prevent apps from manually setting it to false
- Bugfix in hook_webviews.med which prevented the webview from loading a page
Medusa 1.1.0
New Features:
You can now save a subset of modules and load/unload them during your session.
Save:
medusa> session --save module_set_1
medusa> session --save module_set_2
Restore:
medusa> session --load module_set_1
Delete:
medusa> session --del module_set_1
Other Changes:
Added many new modules.
Thank you for using Medusa! We hope you find the new version useful and look forward to your continued support and feedback.
First official release
This is the first Medusa official release.
Initial Release
First official pre-release