TROMMEL - Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities.
TROMMEL identifies the following indicators related to:
- Secure Shell (SSH) key files
- Secure Socket Layer (SSL) key files
- Internet Protocol (IP) addresses
- Uniform Resource Locator (URL)
- email addresses
- shell scripts
- web server binaries
- configuration files
- database files
- specific binaries files (i.e. Dropbear, BusyBox, etc.)
- shared object library files
- web application scripting variables, and
- Android application package (APK) file permissions.
Dependencies
- Python-Magic
- vFeed Database - For non-commercial use, register and download the Community Edition database
Usage
$ trommel.py --help
Output TROMMEL results to a file based on a given directory$ trommel.py -p /directory -o output_file
Notes
- TROMMEL has been tested using Python 2.7 on macOS Sierra and Kali Linux x86_64.
- TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices.
References
- vFeed
- Firmwalker
- Lua Code: Security Overview and Practical Approaches to Static Analysis by Andrei Costin
TROMMEL - Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities
Reviewed by Zion3R
on
6:28 PM
Rating: