From 5f2ae040571f8a8fc5cd0a1244e78adf7eac53ec Mon Sep 17 00:00:00 2001
From: m-1-k-3 <m1k3@s3cur1ty.de>
Date: Mon, 26 Apr 2021 13:38:00 +0200
Subject: [PATCH 1/3] more threading in f19

---
 config/bin_version_strings.cfg |  1 +
 modules/F19_cve_aggregator.sh  | 10 +++++++---
 modules/F50_base_aggregator.sh | 23 +++++++++++++++++++++++
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/config/bin_version_strings.cfg b/config/bin_version_strings.cfg
index 575ce9119..fbcece6ac 100644
--- a/config/bin_version_strings.cfg
+++ b/config/bin_version_strings.cfg
@@ -198,6 +198,7 @@ libc:binary:"GNU\ C\ Library\ \(.*\)\ stable\ release\ version\ [0-9]\.[0-9]+$"
 libcurl:binary:"CLIENT\ libcurl\ [0-9]\.[0-9]+\.[0-9]+"
 libexpat:binary:"expat_[0-9]\.[0-9]+\.[0-9]+$"
 libgcrypt::"[Ll]ibgcrypt\ [0-9]\.[0-9]+\.[0-9]+$"
+libgcrypt::"[Ll]ibgcrypt\ [0-9]\.[0-9]+\.[0-9]+\ "
 libgcrypt::"[Ll]ibgcrypt\ [0-9]\.[0-9]+\.[0-9]+-[a-z]+$"
 liblzma::"liblzma\ [0-9]\.[0-9]+\.[0-9]+$"
 libpcap:binary:"libpcap\ version\ [0-9]\.[0-9]+\.[0-9]+$"
diff --git a/modules/F19_cve_aggregator.sh b/modules/F19_cve_aggregator.sh
index 573fc6d98..193515f08 100755
--- a/modules/F19_cve_aggregator.sh
+++ b/modules/F19_cve_aggregator.sh
@@ -655,8 +655,12 @@ cve_db_lookup() {
 
   { echo ""
     echo "[+] Statistics:$CVE_COUNTER_VERSION|$EXPLOIT_COUNTER_VERSION|$VERSION_SEARCH"
-    echo "[+] Statistics1:$HIGH_CVE_COUNTER|$MEDIUM_CVE_COUNTER|$LOW_CVE_COUNTER"
+    #echo "[+] Statistics1:$HIGH_CVE_COUNTER|$MEDIUM_CVE_COUNTER|$LOW_CVE_COUNTER"
   } >> "$LOG_DIR"/aggregator/"$VERSION_PATH".txt
+  echo "$LOW_CVE_COUNTER" >> "$TMP_DIR"/LOW_CVE_COUNTER.tmp
+  echo "$MEDIUM_CVE_COUNTER" >> "$TMP_DIR"/MEDIUM_CVE_COUNTER.tmp
+  echo "$HIGH_CVE_COUNTER" >> "$TMP_DIR"/HIGH_CVE_COUNTER.tmp
+  echo "$EXPLOIT_COUNTER" >> "$TMP_DIR"/EXPLOIT_COUNTER.tmp
 
   if [[ "$EXPLOIT_COUNTER_VERSION" -gt 0 ]]; then
     print_output ""
@@ -678,7 +682,7 @@ generate_cve_details() {
 
   for VERSION in "${VERSIONS_CLEANED[@]}"; do
     # threading currently not working. This is work in progress
-    if [[ "$THREADED" -eq "X" ]]; then
+    if [[ "$THREADED" -eq 1 ]]; then
       cve_db_lookup &
       WAIT_PIDS_F19+=( "$!" )
       max_pids_protection "${WAIT_PIDS_F19[@]}"
@@ -687,7 +691,7 @@ generate_cve_details() {
     fi
   done
 
-  if [[ "$THREADED" -eq "X" ]]; then
+  if [[ "$THREADED" -eq 1 ]]; then
     wait_for_pid "${WAIT_PIDS_F19[@]}"
   fi
 
diff --git a/modules/F50_base_aggregator.sh b/modules/F50_base_aggregator.sh
index a48692fb4..4069021f7 100755
--- a/modules/F50_base_aggregator.sh
+++ b/modules/F50_base_aggregator.sh
@@ -336,6 +336,29 @@ get_data() {
     export TOTAL_CWE_CNT
     TOTAL_CWE_CNT=$(grep -a "\[\*\]\ Statistics:" "$LOG_DIR"/"$S120_LOG" | cut -d: -f2)
   fi
+  if [[ -f "$TMP_DIR"/HIGH_CVE_COUNTER.tmp ]]; then
+    while read -r COUNTING; do
+      (( HIGH_CVE_COUNTER="$HIGH_CVE_COUNTER"+"$COUNTING" ))
+    done < "$TMP_DIR"/HIGH_CVE_COUNTER.tmp 
+    (( CVE_COUNTER="$CVE_COUNTER"+"$HIGH_CVE_COUNTER" ))
+  fi
+  if [[ -f "$TMP_DIR"/MEDIUM_CVE_COUNTER.tmp ]]; then
+    while read -r COUNTING; do
+      (( MEDIUM_CVE_COUNTER="$MEDIUM_CVE_COUNTER"+"$COUNTING" ))
+    done < "$TMP_DIR"/MEDIUM_CVE_COUNTER.tmp 
+    (( CVE_COUNTER="$CVE_COUNTER"+"$HIGH_CVE_COUNTER" ))
+  fi
+  if [[ -f "$TMP_DIR"/LOW_CVE_COUNTER.tmp ]]; then
+    while read -r COUNTING; do
+      (( LOW_CVE_COUNTER="$LOW_CVE_COUNTER"+"$COUNTING" ))
+    done < "$TMP_DIR"/LOW_CVE_COUNTER.tmp 
+    (( CVE_COUNTER="$CVE_COUNTER"+"$HIGH_CVE_COUNTER" ))
+  fi
+  if [[ -f "$TMP_DIR"/EXPLOIT_COUNTER.tmp ]]; then
+    while read -r COUNTING; do
+      (( EXPLOIT_COUNTER="$EXPLOIT_COUNTER"+"$COUNTING" ))
+    done < "$TMP_DIR"/EXPLOIT_COUNTER.tmp 
+  fi
 }
 
 os_detector() {

From 46368d62b128fb89a0d448698af93789fd49dbb5 Mon Sep 17 00:00:00 2001
From: m-1-k-3 <m1k3@s3cur1ty.de>
Date: Mon, 26 Apr 2021 15:23:20 +0200
Subject: [PATCH 2/3] calculate the right stuff

---
 modules/F50_base_aggregator.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/F50_base_aggregator.sh b/modules/F50_base_aggregator.sh
index 4069021f7..dfed49168 100755
--- a/modules/F50_base_aggregator.sh
+++ b/modules/F50_base_aggregator.sh
@@ -346,13 +346,13 @@ get_data() {
     while read -r COUNTING; do
       (( MEDIUM_CVE_COUNTER="$MEDIUM_CVE_COUNTER"+"$COUNTING" ))
     done < "$TMP_DIR"/MEDIUM_CVE_COUNTER.tmp 
-    (( CVE_COUNTER="$CVE_COUNTER"+"$HIGH_CVE_COUNTER" ))
+    (( CVE_COUNTER="$CVE_COUNTER"+"$MEDIUM_CVE_COUNTER" ))
   fi
   if [[ -f "$TMP_DIR"/LOW_CVE_COUNTER.tmp ]]; then
     while read -r COUNTING; do
       (( LOW_CVE_COUNTER="$LOW_CVE_COUNTER"+"$COUNTING" ))
     done < "$TMP_DIR"/LOW_CVE_COUNTER.tmp 
-    (( CVE_COUNTER="$CVE_COUNTER"+"$HIGH_CVE_COUNTER" ))
+    (( CVE_COUNTER="$CVE_COUNTER"+"$LOW_CVE_COUNTER" ))
   fi
   if [[ -f "$TMP_DIR"/EXPLOIT_COUNTER.tmp ]]; then
     while read -r COUNTING; do

From effb90fc31299b252b49d844a07d0861b48c0eff Mon Sep 17 00:00:00 2001
From: m-1-k-3 <m1k3@s3cur1ty.de>
Date: Tue, 27 Apr 2021 09:42:16 +0200
Subject: [PATCH 3/3] r09 threading

---
 modules/R09_firmware_base_version_check.sh | 74 ++++++++++++----------
 1 file changed, 42 insertions(+), 32 deletions(-)

diff --git a/modules/R09_firmware_base_version_check.sh b/modules/R09_firmware_base_version_check.sh
index 057dd77d1..7f0b41d2a 100755
--- a/modules/R09_firmware_base_version_check.sh
+++ b/modules/R09_firmware_base_version_check.sh
@@ -21,15 +21,10 @@ R09_firmware_base_version_check() {
   module_log_init "${FUNCNAME[0]}"
   module_title "Binary firmware versions detection"
 
-  detect_binary_versions
-}
-
-detect_binary_versions() { 
   echo -e "\n"
   print_output "[*] Initial version detection running on all firmware files ..." | tr -d "\n"
 
   EXTRACTOR_LOG="$LOG_DIR"/p05_firmware_bin_extractor.txt
-  declare -a VERSIONS_DETECTED
 
   while read -r VERSION_LINE; do
     echo "." | tr -d "\n"
@@ -38,44 +33,59 @@ detect_binary_versions() {
 
     # as we do not have a typical linux executable we can't use strict version details
     if [[ $STRICT != "strict" ]]; then
+
       #print_output "[*] $VERSION_LINE"
       VERSION_IDENTIFIER="$(echo "$VERSION_LINE" | cut -d: -f3- | sed s/^\"// | sed s/\"$//)"
       echo "." | tr -d "\n"
 
-      # currently we only have binwalk files but sometimes we can find kernel version information or something else in it
-      VERSION_FINDER=$(grep -o -a -E "$VERSION_IDENTIFIER" "$EXTRACTOR_LOG" 2>/dev/null | head -1 2>/dev/null)
-
-      if [[ -n $VERSION_FINDER ]]; then
-        echo ""
-        print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in extraction logs."
-        VERSIONS_DETECTED+=("$VERSION_FINDER")
+      if [[ "$THREADED" -eq 1 ]]; then
+        R09_bin_string_checker &
+        WAIT_PIDS_R09+=( "$!" )
+      else
+        R09_bin_string_checker
       fi
+    fi
 
-      echo "." | tr -d "\n"
+  done  < "$CONFIG_DIR"/bin_version_strings.cfg
+  echo "." | tr -d "\n"
 
-      if [[ -f $FIRMWARE_PATH ]]; then
-        VERSION_FINDER=$(find "$FIRMWARE_PATH" -type f -print0 2>/dev/null | xargs -0 strings | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2>/dev/null)
+  if [[ "$THREADED" -eq 1 ]]; then
+    wait_for_pid "${WAIT_PIDS_R09[@]}"
+  fi
 
-        if [[ -n $VERSION_FINDER ]]; then
-          echo ""
-          print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in original firmware file (static)."
-          VERSIONS_DETECTED+=("$VERSION_FINDER")
-        fi
-        echo "." | tr -d "\n"
-      fi
+  VERSIONS_DETECTED=$(grep -c "Version information found" "$( get_log_file )")
 
-      VERSION_FINDER=$(find "$OUTPUT_DIR" -type f -print0 2> /dev/null | xargs -0 strings | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2> /dev/null)
+  module_end_log "${FUNCNAME[0]}" "$VERSIONS_DETECTED"
+}
 
-      if [[ -n $VERSION_FINDER ]]; then
-        echo ""
-        print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in extracted firmware files (static)."
-        VERSIONS_DETECTED+=("$VERSION_FINDER")
-      fi
-      echo "." | tr -d "\n"
-    fi
+R09_bin_string_checker() {
+
+  # currently we only have binwalk files but sometimes we can find kernel version information or something else in it
+  VERSION_FINDER=$(grep -o -a -E "$VERSION_IDENTIFIER" "$EXTRACTOR_LOG" 2>/dev/null | head -1 2>/dev/null)
+
+  if [[ -n $VERSION_FINDER ]]; then
+    echo ""
+    print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in extraction logs."
+  fi
 
-  done  < "$CONFIG_DIR"/bin_version_strings.cfg
   echo "." | tr -d "\n"
 
-  module_end_log "${FUNCNAME[0]}" "${#VERSIONS_DETECTED[@]}"
+  if [[ -f $FIRMWARE_PATH ]]; then
+    VERSION_FINDER=$(find "$FIRMWARE_PATH" -type f -print0 2>/dev/null | xargs -0 strings | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2>/dev/null)
+
+    if [[ -n $VERSION_FINDER ]]; then
+      echo ""
+      print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in original firmware file (static)."
+    fi
+    echo "." | tr -d "\n"
+  fi
+
+  VERSION_FINDER=$(find "$OUTPUT_DIR" -type f -print0 2> /dev/null | xargs -0 strings | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2> /dev/null)
+
+  if [[ -n $VERSION_FINDER ]]; then
+    echo ""
+    print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in extracted firmware files (static)."
+  fi
+  echo "." | tr -d "\n"
 }
+