TROMMEL – Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators

TROMMEL sifts through embedded device files to identify potential vulnerable indicators.
TROMMEL identifies the following indicators related to:

  • Secure Shell (SSH) key files
  • Secure Socket Layer (SSL) key files
  • Internet Protocol (IP) addresses
  • Uniform Resource Locator (URL)
  • email addresses
  • shell scripts
  • web server binaries
  • configuration files
  • database files
  • specific binaries files (i.e. Dropbear, BusyBox, etc.)
  • shared object library files
  • web application scripting variables, and
  • Android application package (APK) file permissions.

TROMMEL has also integrated vFeed ^(https://vfeed.io/) which allows for further in-depth vulnerability analysis ^(http://www.kitploit.com/search/label/Vulnerability%20Analysis) of identified indicators.
Python-Magic ^(https://pypi.python.org/pypi/python-magic) – See documentation for instructions for Python3-magic installation

  • vFeed Database ^(https://vfeed.io/pricing/) – For non-commercial use, register and download the Community Edition database
  • Usage

    $ trommel.py --help

    Output TROMMEL results to a file based on a given directory. By default, only searches plain text files.

    $ trommel.py -p /directory -o output_file

    Output TROMMEL results to a file based on a given directory. Search both binary and plain text files.

    $ trommel.py -p /directory -o output_file -b

    Notes

    • The intended use of TROMMEL is to assist researchers during firmware analysis.
    • TROMMEL has been tested using Python3 on Kali Linux ^(http://www.kitploit.com/search/label/Kali%20Linux) x86_64.
    • TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities ^(http://www.kitploit.com/search/label/vulnerabilities) found in firmware of embedded devices.

    References

    • vFeed ^(https://vfeed.io/)
    • Firmwalker ^(https://github.com/craigz28/firmwalker)
    • Lua Code: Security Overview and Practical Approaches to ^(http://firmware.re/lua/)Static Analysis ^(http://www.kitploit.com/search/label/Static%20Analysis) by Andrei Costin

    Author

    • Kyle O’Meara – komeara AT cert DOT org
    Download Trommel ^(https://github.com/CERTCC/trommel)