Home

Awesome

alt text

ELEGANTBOUNCER

ELEGANTBOUNCER is a detection tool for file-based mobile exploits.

It employs an innovative approach for advanced file-based threat identification, eliminating the need for in-the-wild samples and outperforming traditional methods based on regular expressions or IOCs. At present, it primarily targets the identification of mobile vulnerabilities such as FORCEDENTRY (CVE-2021-30860), BLASTPASS (CVE-2023-4863, CVE-2023-41064), and TRIANGULATION (CVE-2023-41990).

Support Table

Threat NameCVEsSupported
FORCEDENTRYCVE-2021-30860:white_check_mark:
BLASTDOORCVE-2023-4863, CVE-2023-41064:white_check_mark:
TRIANGULATIONCVE-2023-41990:white_check_mark:

output of the detection tool

Learn more

Getting started

elegant-bouncer v0.2
ELEGANTBOUNCER Detection Tool
Detection tool for file-based mobile exploits.

A utility designed to detect the presence of known mobile APTs in commonly distributed files.

Usage: elegant-bouncer [OPTIONS] <Input file>

Arguments:
  <Input file>
          Path to the input file

Options:
  -v, --verbose
          Print extra output while parsing

  -s, --scan
          Assess a given file, checking for known vulnerabilities

  -c, --create-forcedentry
          Create a FORCEDENTRY-like PDF

  -h, --help
          Print help information (use `-h` for a summary)

  -V, --version
          Print version information

scan

Use --scan to assess a given file, checking for known vulnerabilities.

create-forcedentry

Use --create-forcedentry to generate a PDF from the ground up designed to exploit CVE-2021-30860. Work in progress.

Note: Pre-made samples can be found in the samples/ directory.

Recommendations

Use Lockdown Mode to decrease your attack surface if you think you are a person of interest.

Acknowledgements

References