Skip to content
TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
config Updated Oct 19, 2017
lib Updated Oct 19, 2017
.gitignore Quick Info Apr 23, 2019
Changelog.md Update Changelog.md Apr 23, 2019
Documentation.md Updated Dependency Apr 23, 2019
LICENSE.md Update LICENSE.md Apr 23, 2019
README.md Update README.md Apr 23, 2019
indicator_config.py Minor Updates Dec 6, 2018
indicators.py Updated Dependency Apr 23, 2019
trommel.py Updated Dependency Apr 23, 2019

README.md

TROMMEL

MAJOR UPDATES Coming Soon!!!

TROMMEL sifts through embedded device files to identify potential vulnerable indicators.

TROMMEL identifies the following indicators related to:

  • Secure Shell (SSH) key files
  • Secure Socket Layer (SSL) key files
  • Internet Protocol (IP) addresses
  • Uniform Resource Locator (URL)
  • email addresses
  • shell scripts
  • web server binaries
  • configuration files
  • database files
  • specific binaries files (i.e. Dropbear, BusyBox, etc.)
  • shared object library files
  • web application scripting variables, and
  • Android application package (APK) file permissions.

Dependencies

  • Python-Magic - See documentation for instructions for Python3-magic installation

Usage

$ trommel.py --help

Output TROMMEL results to a file based on a given directory. By default, only searches plain text files.

$ trommel.py -p /directory -o output_file

Output TROMMEL results to a file based on a given directory. Search both binary and plain text files.

$ trommel.py -p /directory -o output_file -b

Notes

  • The intended to assist researchers during firmware analysis to find potential vulnerabilities
  • Network defenders can benefit as well to assess devices on their network or for devices they plan to add to their network
  • Devices can include IoT (web cams, smart devices (light bulbs, plugs, switches, TVs, fridge, coffee maker, etc.)), SCADA/ICS, routers, really anything with an embedded flash chip that boots an OS on startup.
  • TROMMEL has been tested using Python3 on Kali Linux x86_64.

References

Author

  • Kyle O'Meara - komeara AT cert DOT org and @cool_breeze26
You can’t perform that action at this time.