This repository has been archived by the owner. It is now read-only.
Switch branches/tags
Nothing to show
Clone or download
Pull request Compare This branch is 33 commits behind CERTCC:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


TROMMEL sifts through embedded device files to identify potential vulnerable indicators.

TROMMEL identifies the following indicators related to:

  • Secure Shell (SSH) key files
  • Secure Socket Layer (SSL) key files
  • Internet Protocol (IP) addresses
  • Uniform Resource Locator (URL)
  • email addresses
  • shell scripts
  • web server binaries
  • configuration files
  • database files
  • specific binaries files (i.e. Dropbear, BusyBox, etc.)
  • shared object library files
  • web application scripting variables, and
  • Android application package (APK) file permissions.

TROMMEL has also integrated vFeed which allows for further in-depth vulnerability analysis of identified indicators.



$ --help

Output TROMMEL results to a file based on a given directory

$ -p /directory -o output_file


  • The intended use of TROMMEL is to assist researchers during firmware analysis.
  • TROMMEL has been tested using Python 2.7 on macOS Sierra and Kali Linux x86_64.
  • TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices.