Home

Awesome

<img src="https://raw.githubusercontent.com/Ch0pin/medusa/master/libraries/logo.svg" width ="1835" height="508">

Description

MEDUSA is an extensible and modularized framework that automates processes and techniques practiced during the dynamic analysis of Android and iOS Applications.

Installation

  1. Clone this repo
  2. Navigate to the medusa's directory
  3. Run the following command:
$ pip install -r requirements.txt

Using Stheno (Σθενώ) with Medusa

Stheno is a subproject of Medusa, specifically designed for intent monitoring within this framework. Below is a quick guide on how to set up and use Stheno effectively.

<p align="center"> <img src="https://github.com/Ch0pin/stheno/assets/4659186/fd49c39e-865b-4dc3-b2d1-59a0f4594028" alt="monitor" width="400"/> </p>
  1. Include the Intent Module: Add the intents/start_activity module to your Medusa project:

    medusa> add intents/start_activity
    
  2. Run the Socket Server: Start the Medusa socket server to facilitate communication:

    medusa> startserver
    
  3. Launch Stheno: Open Stheno and navigate to the Intent Monitor menu, then click on Start to begin monitoring intents.

Known issues

macOS Installation

During installation on macOS, you might encounter the following issue:

Readline features including tab completion have been disabled because no supported version of readline was found. To resolve this, install pyreadline3 on Windows or gnureadline on Linux/Mac.

To resolve this issue on macOS, install the gnureadline package for Python:

pip install gnureadline

For Python 3.12, use the following command to install gnureadline from a specific commit:

pip install git+https://github.com/ludwigschwardt/python-gnureadline.git@8474e5583d4473f96b42745393c3492e2cb49224

Using docker

You can find the docker file in the medusa/ directory.

  1. Build with
$ docker build -t medusa:tag1 ./
  1. Run with
$ docker run --name medusa --net=host --rm -it medusa:tag1
  1. Run adbd in tcp/ip mode in your physical device or emulator
$ adb tcpip 5555 
  1. Connect to from the image to your device using:
root@docker# adb connect device_ip:5555

System requirements:

Usage

Check our wiki page for usage details.

Demos:

Medusa consists of two main scripts: medusa.py and mango.py:

Using medusa.py

The main idea behind MEDUSA is to be able to add or remove hooks for Java or Native methods in a large scale while keeping the process simple and effective. MEDUSA has more than 90 modules which can be combined, each one of them dedicated to a set of tasks. Indicatively, some of these tasks include:

Furthermore, you can intercept Java or Native methods that belong to 3rd party apps or create complex frida modules with just few simple commands.

Using mango.py

Mango is medusa's twin brother which can be used to:

...and many many more

Updates:

(12/2022) Using the translator script:

  1. Replace the default google_trans_new.py of you google_trans_new python package with the one from the utils/google_trans_new.py
  2. Import it with medusa>use helpers/translator

Contribute by:

Bitcoin (BTC) Address: bc1qhun6a7chkav6mn8fqz3924mr8m3v0wq4r7jchz

Ethereum (ETH) Address: 0x0951D1DD2C9F57a9401BfE7D972D0D5A65e71dA4

Screenshots

- SSL Unpinning

ssl unpinning

- Intent Monitoring

Intent monitoring

- Webview Monitoring

Webview monitoring

- File/Content provider monitoring

File and content providers

- Native Libraries Enumeration

Screenshot 2020-09-22 at 16 41 10

- Memory READ/WRITE/SEARCH (interactive mode):

Screenshot 2020-09-22 at 16 41 10

- Personal information exfiltration monitoring

Hooks api calls which found to be common for this kind of malware, including:

<img src="https://user-images.githubusercontent.com/4659186/87245281-1c4b4c00-c43c-11ea-9cad-195ceb42794a.png" width="450" height="460">

- Translation

Translates the application's UI by hooking 'setText' calls

<img src="https://user-images.githubusercontent.com/4659186/86785673-e59bbd00-c05a-11ea-8fb0-9c3f86043104.png" width="250" height="450"> <img src="https://user-images.githubusercontent.com/4659186/86785688-e9c7da80-c05a-11ea-838f-e4c7568c7c2a.png" width="250" height="450">

<img src="https://user-images.githubusercontent.com/4659186/86785693-eb919e00-c05a-11ea-901e-8cc180d6274a.png" width="550" height="250">

CREDITS: