Merge pull request #234 from m-1-k-3/master

Preparation PR for version 1.0
e-m-b-a · Apr 29, 2022 · 35d0d57 · 35d0d57
2 parents 4f10c9e + 79edbfa
commit 35d0d57
Show file tree

Hide file tree

Showing 41 changed files with 838 additions and 1,199 deletions.
diff --git a/.gitignore b/.gitignore
@@ -2,6 +2,7 @@
 log*/
 dir-combined.yara
 external/
+modules_local/
 tools/
 !external/.keep
 config/vt_api_key.txt

diff --git a/check_project.sh b/check_project.sh
@@ -39,15 +39,16 @@ NC='\033[0m' # no color
 INSTALLER_DIR="./installer"
 HELP_DIR="./helpers"
 MOD_DIR="./modules"
+MOD_DIR_LOCAL="./modules_local"
 CONF_DIR="./config"
 REP_DIR="$CONF_DIR/report_templates"
 
 SOURCES=()
 MODULES_TO_CHECK_ARR=()
 
 import_config_scripts() {
-  HELPERS=$(find "$CONF_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $HELPERS; do
+  mapfile -t HELPERS < <(find "$CONF_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in "${HELPERS[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")
@@ -56,8 +57,8 @@ import_config_scripts() {
 }
 
 import_helper() {
-  HELPERS=$(find "$HELP_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $HELPERS; do
+  mapfile -t HELPERS < <(find "$HELP_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in "${HELPERS[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")
@@ -66,8 +67,8 @@ import_helper() {
 }
 
 import_reporting_templates() {
-  REP_TEMP=$(find "$REP_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $REP_TEMP; do
+  mapfile -t REP_TEMP < <(find "$REP_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in "${REP_TEMP[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")
@@ -76,8 +77,11 @@ import_reporting_templates() {
 }
 
 import_module() {
-  MODULES=$(find "$MOD_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $MODULES; do
+  MODULES=()
+  mapfile -t MODULES_ < <(find "$MOD_DIR" -iname "*.sh" 2>/dev/null)
+  mapfile -t MODULES_LOCAL < <(find "$MOD_DIR_LOCAL" -iname "*.sh" 2>/dev/null)
+  MODULES=( "${MODULES_[@]}" "${MODULES_LOCAL[@]}")
+  for LINE in "${MODULES[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")
@@ -86,8 +90,9 @@ import_module() {
 }
 
 import_installer() {
-  MODULES=$(find "$INSTALLER_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $MODULES; do
+  MODULES=()
+  mapfile -t MODULES < <(find "$INSTALLER_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in "${MODULES[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")

diff --git a/config/msf_cve-db.txt b/config/msf_cve-db.txt
@@ -77,6 +77,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb:CVE-2015-2673
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_gdpr_compliance_privesc.rb:CVE-2018-19207
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_google_maps_sqli.rb:CVE-2019-10692
+/usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_masterstudy_privesc.rb:CVE-2022-0441
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_symposium_sql_injection.rb:CVE-2015-6522
 /usr/share/metasploit-framework/modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb:CVE-2014-6324
 /usr/share/metasploit-framework/modules/auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass.rb:CVE-2020-3952
@@ -189,6 +190,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb:CVE-2008-5666
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb:CVE-2008-5626
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb:CVE-2008-5626
+/usr/share/metasploit-framework/modules/auxiliary/dos/windows/http/http_sys_accept_encoding_dos_cve_2021_31166.rb:CVE-2021-31166
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb:CVE-2010-1899
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/http/pi3web_isapi.rb:CVE-2008-6938
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb:CVE-2011-0657
@@ -331,6 +333,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb:CVE-2019-0724
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/fortimail_login_bypass_detection.rb:CVE-2020-9294
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/gavazzi_em_login_loot.rb:CVE-2017-5146
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/gitlab_graphql_user_enum.rb:CVE-2021-4191
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/glassfish_login.rb:CVE-2011-0807
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/glassfish_traversal.rb:CVE-2017-1000028
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/goahead_traversal.rb:CVE-2014-9707
@@ -432,7 +435,9 @@
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_email_sub_news_sqli.rb:CVE-2019-20361
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_learnpress_sqli.rb:CVE-2020-6010
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_loginizer_log_sqli.rb:CVE-2020-27615
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_modern_events_calendar_sqli.rb:CVE-2021-24946
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_registrationmagic_sqli.rb:CVE-2021-24862
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_secure_copy_content_protection_sqli.rb:CVE-2021-24931
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_wps_hide_login_revealer.rb:CVE-2021-24917
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/yaws_traversal.rb:CVE-2011-4350
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/zenworks_assetmanagement_fileaccess.rb:CVE-2012-4933
@@ -684,6 +689,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/grandstream_ucm62xx_sendemail_rce.rb:CVE-2020-5722
 /usr/share/metasploit-framework/modules/exploits/linux/http/gravcms_exec.rb:CVE-2021-21425
 /usr/share/metasploit-framework/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb:CVE-2013-3502
+/usr/share/metasploit-framework/modules/exploits/linux/http/hikvision_cve_2021_36260_blind.rb:CVE-2021-36260
 /usr/share/metasploit-framework/modules/exploits/linux/http/ibm_drm_rce.rb:CVE-2020-4427
 /usr/share/metasploit-framework/modules/exploits/linux/http/ibm_drm_rce.rb:CVE-2020-4428
 /usr/share/metasploit-framework/modules/exploits/linux/http/ibm_drm_rce.rb:CVE-2020-4429
@@ -827,6 +833,8 @@
 /usr/share/metasploit-framework/modules/exploits/linux/local/cve_2021_3490_ebpf_alu32_bounds_check_lpe.rb:CVE-2021-3490
 /usr/share/metasploit-framework/modules/exploits/linux/local/cve_2021_3493_overlayfs.rb:CVE-2021-3493
 /usr/share/metasploit-framework/modules/exploits/linux/local/cve_2021_38648_omigod.rb:CVE-2021-38648
+/usr/share/metasploit-framework/modules/exploits/linux/local/cve_2021_4034_pwnkit_lpe_pkexec.rb:CVE-2021-4034
+/usr/share/metasploit-framework/modules/exploits/linux/local/cve_2022_0847_dirtypipe.rb:CVE-2022-0847
 /usr/share/metasploit-framework/modules/exploits/linux/local/docker_runc_escape.rb:CVE-2019-5736
 /usr/share/metasploit-framework/modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb:CVE-2019-10149
 /usr/share/metasploit-framework/modules/exploits/linux/local/glibc_ld_audit_dso_load_priv_esc.rb:CVE-2010-3847
@@ -943,6 +951,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/browser/chrome_object_create.rb:CVE-2018-17463
 /usr/share/metasploit-framework/modules/exploits/multi/browser/chrome_simplifiedlowering_overflow.rb:CVE-2020-16040
 /usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_escape_retval.rb:CVE-2009-2477
+/usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_jit_use_after_free.rb:CVE-2020-26950
 /usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb:CVE-2015-0802
 /usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb:CVE-2015-0816
 /usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb:CVE-2012-3993
@@ -989,6 +998,8 @@
 /usr/share/metasploit-framework/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb:CVE-2000-0573
 /usr/share/metasploit-framework/modules/exploits/multi/http/activecollab_chat.rb:CVE-2012-6554
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_activemq_upload_jsp.rb:CVE-2016-3088
+/usr/share/metasploit-framework/modules/exploits/multi/http/apache_apisix_api_default_token_rce.rb:CVE-2020-13945
+/usr/share/metasploit-framework/modules/exploits/multi/http/apache_apisix_api_default_token_rce.rb:CVE-2022-24112
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_jetspeed_file_upload.rb:CVE-2016-0709
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_jetspeed_file_upload.rb:CVE-2016-0710
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb:CVE-2014-6271
@@ -1140,6 +1151,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/sonicwall_gms_upload.rb:CVE-2013-1359
 /usr/share/metasploit-framework/modules/exploits/multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb:CVE-2014-4977
 /usr/share/metasploit-framework/modules/exploits/multi/http/splunk_mappy_exec.rb:CVE-2011-4642
+/usr/share/metasploit-framework/modules/exploits/multi/http/spring_cloud_function_spel_injection.rb:CVE-2022-22963
 /usr/share/metasploit-framework/modules/exploits/multi/http/struts2_code_exec_showcase.rb:CVE-2017-9791
 /usr/share/metasploit-framework/modules/exploits/multi/http/struts2_content_type_ognl.rb:CVE-2017-5638
 /usr/share/metasploit-framework/modules/exploits/multi/http/struts2_multi_eval_ognl.rb:CVE-2019-0230
@@ -1258,6 +1270,7 @@
 /usr/share/metasploit-framework/modules/exploits/osx/arkeia/type77.rb:CVE-2005-0491
 /usr/share/metasploit-framework/modules/exploits/osx/browser/adobe_flash_delete_range_tl_op.rb:CVE-2016-4117
 /usr/share/metasploit-framework/modules/exploits/osx/browser/osx_gatekeeper_bypass.rb:CVE-2021-30657
+/usr/share/metasploit-framework/modules/exploits/osx/browser/osx_gatekeeper_bypass.rb:CVE-2022-22616
 /usr/share/metasploit-framework/modules/exploits/osx/browser/safari_file_policy.rb:CVE-2011-3230
 /usr/share/metasploit-framework/modules/exploits/osx/browser/safari_in_operator_side_effect.rb:CVE-2020-9801
 /usr/share/metasploit-framework/modules/exploits/osx/browser/safari_in_operator_side_effect.rb:CVE-2020-9850
@@ -1320,6 +1333,7 @@
 /usr/share/metasploit-framework/modules/exploits/unix/http/laravel_token_unserialize_exec.rb:CVE-2018-15133
 /usr/share/metasploit-framework/modules/exploits/unix/http/lifesize_room.rb:CVE-2011-2763
 /usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_clickjacking.rb:CVE-2017-1000479
+/usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_diag_routes_webshell.rb:CVE-2021-41282
 /usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_graph_injection_exec.rb:CVE-2016-10709
 /usr/share/metasploit-framework/modules/exploits/unix/http/pihole_blocklist_exec.rb:CVE-2020-11108
 /usr/share/metasploit-framework/modules/exploits/unix/http/pihole_dhcp_mac_exec.rb:CVE-2020-8816
@@ -1926,6 +1940,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec.rb:CVE-2012-5357
 /usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec_ws.rb:CVE-2015-0923
 /usr/share/metasploit-framework/modules/exploits/windows/http/ericom_access_now_bof.rb:CVE-2014-3913
+/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_denylist_typo_rce.rb:CVE-2021-42321
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-16875
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-17132
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_viewstate.rb:CVE-2020-0688
@@ -2108,9 +2123,12 @@
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2020_1313_system_orchestrator.rb:CVE-2020-1313
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2020_1337_printerdemon.rb:CVE-2020-1337
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2020_17136.rb:CVE-2020-17136
-/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2021_1732_win32k.rb:CVE-2021-1732
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2021_21551_dbutil_memmove.rb:CVE-2021-21551
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2021_40449.rb:CVE-2021-40449
+/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2022_21882_win32k.rb:CVE-2021-1732
+/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2022_21882_win32k.rb:CVE-2022-21882
+/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2022_21999_spoolfool_privesc.rb:CVE-2022-21999
+/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2022_26904_superprofile.rb:CVE-2022-26904
 /usr/share/metasploit-framework/modules/exploits/windows/local/docker_credential_wincred.rb:CVE-2019-15752
 /usr/share/metasploit-framework/modules/exploits/windows/local/druva_insync_insynccphwnet64_rcp_type_5_priv_esc.rb:CVE-2019-3999
 /usr/share/metasploit-framework/modules/exploits/windows/local/druva_insync_insynccphwnet64_rcp_type_5_priv_esc.rb:CVE-2020-5752
@@ -2186,6 +2204,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/misc/cloudme_sync.rb:CVE-2018-6892
 /usr/share/metasploit-framework/modules/exploits/windows/misc/commvault_cmd_exec.rb:CVE-2017-18044
 /usr/share/metasploit-framework/modules/exploits/windows/misc/crosschex_device_bof.rb:CVE-2019-12518
+/usr/share/metasploit-framework/modules/exploits/windows/misc/cve_2022_28381_allmediaserver_bof.rb:CVE-2022-28381
 /usr/share/metasploit-framework/modules/exploits/windows/misc/disk_savvy_adm.rb:CVE-2018-6481
 /usr/share/metasploit-framework/modules/exploits/windows/misc/doubletake.rb:CVE-2008-1661
 /usr/share/metasploit-framework/modules/exploits/windows/misc/eiqnetworks_esa.rb:CVE-2006-3838

diff --git a/config/report_templates/F20_vul_aggregator-post.sh b/config/report_templates/F20_vul_aggregator-post.sh
@@ -5,3 +5,6 @@ print_output "$(indent "${ORANGE}R$NC - remote exploits")"
 print_output "$(indent "${ORANGE}L$NC - local exploits")"
 print_output "$(indent "${ORANGE}D$NC - DoS exploits")"
 print_output "$(indent "${ORANGE}G$NC - PoC code found on Github (unknown exploit vector)")"
+write_link "https://github.com/trickest/cve"
+print_output "$(indent "${ORANGE}X$NC - Vulnerability is known as exploited")"
+write_link "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -2,14 +2,29 @@ version: "3"
 services:
   emba:
     image: embeddedanalyzer/emba:latest
-    build: .
+    read_only: true
+    # all pre-checker mount modules need privileged mode
     privileged: true
+    # /root is needed for binwalk
+    # /tmp is needed for FACT extractor
+    # /run is needed for postgresql (currently only working with rw) and others
+    # /external/FirmAE_orig/scratch is needed for FirmAE - this is temp and will be removed in the future
+    tmpfs:
+      - /tmp
+      - /root
+      - /run
+      - /var/run
+      - /external/FirmAE_orig/scratch
+      - /external/firmadyne_orig/scratch
+    build: .
+    # dev is needed for the system emulator (L10)
     volumes:
         - ${FIRMWARE}/:/firmware:ro
         - ${LOG}/:/log
         - ${EMBA}/:/emba:ro
         - /etc/timezone:/etc/timezone:ro
         - /etc/localtime:/etc/localtime:ro
+        - /dev:/dev
     environment:
         - USER
     devices: