Ch0pin Medusa Versions Save

This release includes a wide range of improvements and fixes that enhance the functionality and reliability of our tool. Here are the highlights:

Features and Improvements:

• Non-Interactive Mode: Run Medusa in a non-interactive mode for streamlined operations.

• Net_URI Module Improvement: Enhanced the net_uri module for better performance.

• DNS Logger: Introduced a DNS logger for improved network monitoring.

• Dependency Updates: Updated the apktool dependency to address CVE-2024-21633 and made adjustments to the google_trans_new dependency for better stability.

• Command Enhancements: Made significant improvements to the get command for better display of list values.

• Logging and Optimizations: Reduced logs in android_core and optimized logging headers. Also, introduced more efficient logcat improvements.

Fixes:

• Bug Fixes: Addressed a critical bug introduced in a previous commit that affected app deletion from the database. Fixed various issues including typos, variable conflicts, and spacing issues.

• Refactor and Cleanup: Conducted a thorough refactor of the codebase, including the use of local utilities, f-string updates, and PEP-8 compliant spacing for improved readability and maintainability.

• Security and Stability: Made module adjustments and root script touch-ups for enhanced security and application stability.

• Codebase Cleanup: Removed unused imports, updated conditional statements, and simplified expressions for cleaner and more efficient code.

• License Update: Updated the license information to reflect current standards and compliance.

Huge shout-out @jxdv, @alright21 and @giorgosioak for their valuable contributions !!

Release Notes for Version 2.0.0

Excited to announce the release of Medusa version 2.0.0, which includes several important updates, improvements, and bug fixes. Here's what's new:

• Added iOS support

iOS support, allowing you to use Medusa for both Android and iOS app analysis and security testing.

• Mango to report on static evasion tactics

  • Handle APKs that employ static analysis evasion methods,
  • Report, during an import, whether a static analysis evasion method was used or not.

Shout out @erev0s for the contribution !

• Keep notes with mango

Mango supports adding notes for each imported application

• Module Enhancements

Numerous modules have undergone enhancements and new additions. Below is a concise overview of the key updates:

• Improved the screencap module for better performance and usability. Shout out @giorgosioak for contributing to this enhancement.
• New SSL unpinning module, thanks to @Devang-Solanki
• Enabled debug mode during WebView initialization, providing enhanced debugging capabilities when working with WebView components.
• Better intent monitoring
• The agent script was enhanced with additional capabilities.
• Lots of new modules, including cookiemanager hooks to monitor cookie manual set/get

Added features

New modules:

• bundle_trace_get_methods
• fragment_hook_basics

New features:

• Add or remove modules while on active Frida session (by entering suspension mode -sus-)
• Highlight interesting intent extras
• memscan can "attach" to a running process
• support for nuclei templates scan
• hook a process by pid
• import an installed app to mango. Improved the list command in order to filter package ranges

Fixes:

• hook natives fix was causing errors in the final script
• intercept setWebContentsDebuggingEnabled to prevent apps from manually setting it to false
• Bugfix in hook_webviews.med which prevented the webview from loading a page

New Features:

You can now save a subset of modules and load/unload them during your session.

Save:

medusa> session --save module_set_1
medusa> session --save module_set_2

Restore:

medusa> session --load module_set_1

Delete:

medusa> session --del module_set_1

Other Changes: Added many new modules.

Thank you for using Medusa! We hope you find the new version useful and look forward to your continued support and feedback.

This is the first Medusa official release.

First official pre-release