Trommel - Sift Through Embedded Device Files To Order Potential Vulnerable Indicators

TROMMEL sifts through embedded device files to position potential vulnerable indicators.
TROMMEL identifies the next indicators related to:

• Secure Shell (SSH) cardinal files
• Secure Socket Layer (SSL) cardinal files
• Internet Protocol (IP) addresses
• Uniform Resource Locator (URL)
• email addresses
• shell scripts
• web server binaries
• configuration files
• database files
• specific binaries files (i.e. Dropbear, BusyBox, etc.)
• shared object library files
• web application scripting variables, and
• Android application packet (APK) file permissions.

TROMMEL has likewise integrated vFeed which allows for farther in-depth vulnerability analysis of identified indicators.

Dependencies

• Python-Magic - See documentation for instructions for Python3-magic installation
• vFeed Database - For non-commercial use, register as well as download the Community Edition database

Usage

$ trommel.py --help

Output TROMMEL results to a file based on a given directory. By default, alone searches manifestly text files.

$ trommel.py -p /directory -o output_file

Output TROMMEL results to a file based on a given directory. Search both binary as well as manifestly text files.

$ trommel.py -p /directory -o output_file -b

Notes

• The intended role of TROMMEL is to assistance researchers during firmware analysis.
• TROMMEL has been tested using Python3 on Kali Linux x86_64.
• TROMMEL was written amongst the intent to aid amongst identifying indicators that may comprise vulnerabilities constitute inwards firmware of embedded devices.

References

• vFeed
• Firmwalker
• Lua Code: Security Overview as well as Practical Approaches to Static Analysis yesteryear Andrei Costin

Author

• Kyle O'Meara - komeara AT cert DOT org

Download Trommel