TROMMEL - Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators
TROMMEL sifts through embedded device files to identify potential vulnerable indicators.
TROMMEL identifies the following indicators related to:
- Secure Shell (SSH) key files
- Secure Socket Layer (SSL) key files
- Internet Protocol (IP) addresses
- Uniform Resource Locator (URL)
- email addresses
- shell scripts
- web server binaries
- configuration files
- database files
- specific binaries files (i.e. Dropbear, BusyBox, etc.)
- shared object library files
- web application scripting variables, and
- Android application package (APK) file permissions.
Dependencies
- Python-Magic - See documentation for instructions for Python3-magic installation
- vFeed Database - For non-commercial use, register and download the Community Edition database
Usage
$ trommel.py --help
Output TROMMEL results to a file based on a given directory. By default, only searches plain text files.$ trommel.py -p /directory -o output_file
Output TROMMEL results to a file based on a given directory. Search both binary and plain text files.$ trommel.py -p /directory -o output_file -b
Notes
- The intended use of TROMMEL is to assist researchers during firmware analysis.
- TROMMEL has been tested using Python3 on Kali Linux x86_64.
- TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices.
References
- vFeed
- Firmwalker
- Lua Code: Security Overview and Practical Approaches to Static Analysis by Andrei Costin
Author
- Kyle O'Meara - komeara AT cert DOT org
Source: feedproxy.google.com
TROMMEL - Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators
Reviewed by Anonymous
on
4:50 AM
Rating: