Skip to content
TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
config Updated Oct 19, 2017
lib Updated Oct 19, 2017
.gitignore Quick Info Apr 23, 2019 Update Apr 23, 2019 Updated Dependency Apr 23, 2019 Update Apr 23, 2019 Update Apr 23, 2019 Minor Updates Dec 6, 2018 Updated Dependency Apr 23, 2019 Updated Dependency Apr 23, 2019


MAJOR UPDATES Coming Soon!!!

TROMMEL sifts through embedded device files to identify potential vulnerable indicators.

TROMMEL identifies the following indicators related to:

  • Secure Shell (SSH) key files
  • Secure Socket Layer (SSL) key files
  • Internet Protocol (IP) addresses
  • Uniform Resource Locator (URL)
  • email addresses
  • shell scripts
  • web server binaries
  • configuration files
  • database files
  • specific binaries files (i.e. Dropbear, BusyBox, etc.)
  • shared object library files
  • web application scripting variables, and
  • Android application package (APK) file permissions.


  • Python-Magic - See documentation for instructions for Python3-magic installation


$ --help

Output TROMMEL results to a file based on a given directory. By default, only searches plain text files.

$ -p /directory -o output_file

Output TROMMEL results to a file based on a given directory. Search both binary and plain text files.

$ -p /directory -o output_file -b


  • The intended to assist researchers during firmware analysis to find potential vulnerabilities
  • Network defenders can benefit as well to assess devices on their network or for devices they plan to add to their network
  • Devices can include IoT (web cams, smart devices (light bulbs, plugs, switches, TVs, fridge, coffee maker, etc.)), SCADA/ICS, routers, really anything with an embedded flash chip that boots an OS on startup.
  • TROMMEL has been tested using Python3 on Kali Linux x86_64.



  • Kyle O'Meara - komeara AT cert DOT org and @cool_breeze26
You can’t perform that action at this time.