e-m-b-a · p4cx · May 11, 2021 · May 7, 2021 · May 9, 2021 · May 10, 2021
diff --git a/helpers/print.sh b/helpers/print.sh
@@ -468,6 +468,7 @@ module_end_log() {
   run_web_reporter_mod_name "$MODULE_MAIN_NAME"
 
   print_output "[*] $(date) - $MODULE_MAIN_NAME finished" "main"
+  print_output "[*] $(date) - $MODULE_MAIN_NAME finished"
   ((MOD_RUNNING--))
   #print_output "[*] $(date) - Number of running modules: $MOD_RUNNING ... " "main"
 }

diff --git a/modules/F19_cve_aggregator.sh b/modules/F19_cve_aggregator.sh
@@ -108,6 +108,7 @@ prepare_version_data() {
     VERSION_lower="${VERSION_lower//\ in\ original\ firmware\ file\ (static)\./\ }"
     VERSION_lower="${VERSION_lower//\ in\ extraction\ logs\ (static)\./\ }"
     VERSION_lower="${VERSION_lower//\ in\ binwalk\ logs\ (static)\./\ }"
+    VERSION_lower="${VERSION_lower//\ in\ binwalk\ logs./\ }"
     VERSION_lower="${VERSION_lower//\ in\ qemu\ log\ file\ (emulation)\./\ }"
     # shellcheck disable=SC2001
     VERSION_lower="$(echo "$VERSION_lower" | sed -e 's/\ in\ binary\ .*\./\ /g')"
@@ -152,6 +153,8 @@ prepare_version_data() {
     VERSION_lower="${VERSION_lower//sqlite3/sqlite}"
     # dnsmasq- -> dnsmasq 
     VERSION_lower="${VERSION_lower//dnsmasq-/dnsmasq\ }"
+    # lighttpd- -> lighttpd\ 
+    VERSION_lower="${VERSION_lower//lighttpd-/lighttpd\ }"
     # Compiled\ with\ U-Boot -> u-boot
     VERSION_lower="${VERSION_lower//compiled\ with\ u-boot/u-boot }"
     #tcpdump.4.6.2 version
@@ -783,7 +786,7 @@ get_firmware_base_version_check() {
   if [[ -f "$LOG_DIR"/"$FW_VER_CHECK_LOG" ]]; then
     # if we have already kernel information:
     if [[ "$KERNELV" -eq 1 ]]; then
-      readarray -t VERSIONS_STAT_CHECK < <(grep "Version information found" "$LOG_DIR"/"$FW_VER_CHECK_LOG" | cut -d\  -f5- | sed -e 's/ in firmware blob.//' | sort -u | grep -v "Linux kernel")
+      readarray -t VERSIONS_STAT_CHECK < <(grep "Version information found" "$LOG_DIR"/"$FW_VER_CHECK_LOG" | cut -d\  -f5- | sed -e 's/ in firmware blob.//' | sort -u | grep -v "Linux kernel\|Linux-")
     else
       readarray -t VERSIONS_STAT_CHECK < <(grep "Version information found" "$LOG_DIR"/"$FW_VER_CHECK_LOG" | cut -d\  -f5- | sed -e 's/ in firmware blob.//' | sort -u)
     fi

diff --git a/modules/P05_firmware_bin_extractor.sh b/modules/P05_firmware_bin_extractor.sh
@@ -51,8 +51,11 @@ P05_firmware_bin_extractor() {
   detect_root_dir_helper "$FIRMWARE_PATH_CP"
 
   FILES_EXT=$(find "$FIRMWARE_PATH_CP" -xdev -type f | wc -l )
-  deb_extractor
-  ipk_extractor
+
+  if [[ "${#ROOT_PATH[@]}" -gt 0 ]]; then
+    deb_extractor
+    ipk_extractor
+  fi
 
   BINS=$(find "$FIRMWARE_PATH_CP" "${EXCL_FIND[@]}" -xdev -type f -executable | wc -l )
   UNIQUE_BINS=$(find "$FIRMWARE_PATH_CP" "${EXCL_FIND[@]}" -xdev -type f -executable -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\  -f3 | wc -l )
@@ -159,16 +162,10 @@ deep_extractor() {
   print_output "[*] Deep extraction with binwalk - 1st round"
 
   FILES_BEFORE_DEEP=$(find "$FIRMWARE_PATH_CP" -xdev -type f | wc -l )
-  find "$FIRMWARE_PATH_CP" -xdev -type f ! -name "*.deb" ! -name "*.ipk" -exec binwalk -e -M {} \; &
-  WAIT_PIDS+=( "$!" )
-  wait_for_extractor
-  WAIT_PIDS=( )
+  find "$FIRMWARE_PATH_CP" -xdev -type f ! -name "*.deb" ! -name "*.ipk" -exec binwalk -e -M -C "$FIRMWARE_PATH_CP" {} \;
 
   print_output "[*] Deep extraction with binwalk - 2nd round"
-  find "$FIRMWARE_PATH_CP" -xdev -type f ! -name "*.deb" ! -name "*.ipk" -exec binwalk -e -M {} \; &
-  WAIT_PIDS+=( "$!" )
-  wait_for_extractor
-  WAIT_PIDS=( )
+  find "$FIRMWARE_PATH_CP" -xdev -type f ! -name "*.deb" ! -name "*.ipk" -exec binwalk -e -M -C "$FIRMWARE_PATH_CP" {} \;
 
   FILES_AFTER_DEEP=$(find "$FIRMWARE_PATH_CP" -xdev -type f | wc -l )
 

diff --git a/modules/S05_firmware_details.sh b/modules/S05_firmware_details.sh
@@ -30,6 +30,26 @@ S05_firmware_details()
 
   print_output "[*] ""${#FILE_ARR[@]}"" files and ""$DETECTED_DIR"" directories detected."
 
+  if [[ "$THREADED" -eq 1 ]]; then
+    filesystem_tree &
+    WAIT_PIDS_S05+=( "$!" )
+    release_info &
+    WAIT_PIDS_S05+=( "$!" )
+  else
+    filesystem_tree
+    release_info
+  fi
+
+  if [[ "$THREADED" -eq 1 ]]; then
+    wait_for_pid "${WAIT_PIDS_S05[@]}"
+  fi
+
+  echo -e "\\n[*] Statistics:${#FILE_ARR[@]}:$DETECTED_DIR" >> "$LOG_FILE"
+
+  module_end_log "${FUNCNAME[0]}" "${#FILE_ARR[@]}"
+}
+
+filesystem_tree() {
   # excluded paths will be also printed
   if command -v tree > /dev/null 2>&1 ; then
     if [[ $FORMAT_LOG -eq 1 ]] ; then
@@ -44,11 +64,7 @@ S05_firmware_details()
       ls -laR --color=never "$FIRMWARE_PATH" >> "$LOG_FILE"
     fi
   fi
-  release_info
 
-  echo -e "\\n[*] Statistics:${#FILE_ARR[@]}:$DETECTED_DIR" >> "$LOG_FILE"
-
-  module_end_log "${FUNCNAME[0]}" "${#FILE_ARR[@]}"
 }
 
 # Test source: http://linuxmafia.com/faq/Admin/release-files.html

diff --git a/modules/S30_version_vulnerability_check.sh b/modules/S30_version_vulnerability_check.sh
@@ -21,14 +21,18 @@ S30_version_vulnerability_check() {
   module_title "Binary Vulnerability Check"
 
   LOG_FILE="$( get_log_file )"
-
-  # collect all vulns for aggregator
   S30_VUL_COUNTER=0
 
+  # just run this module if: 
+  #     * VUL_FEED_CB is available
+  #     * CVE-database check from cve-search is not available
+  # otherwise we will run cve-search which gives us better results
+
   VUL_FEED_DB="$EXT_DIR""/allitems.csv"
-  VUL_FEED_CVSS_DB="$EXT_DIR""/allitemscvss.csv"
+  if [[ -f "$VUL_FEED_DB" && $(netstat -ant | grep -c 27017) -eq 0 ]]; then
+
+    VUL_FEED_CVSS_DB="$EXT_DIR""/allitemscvss.csv"
 
-  if [[ -f "$VUL_FEED_DB" ]]; then
     print_output "[*] Vulnerability database found!"
     echo
 
@@ -53,7 +57,7 @@ S30_version_vulnerability_check() {
     LOG_FILE="$( get_log_file )"
     echo -e "\\n[*] Statistics:$S30_VUL_COUNTER" >> "$LOG_FILE"
   else
-    print_output "[!] No vulnerability database found!"
+    print_output "[!] No vulnerability check on binary area was running!"
   fi
 
   module_end_log "${FUNCNAME[0]}" "$S30_VUL_COUNTER"

diff --git a/modules/S50_authentication_check.sh b/modules/S50_authentication_check.sh
@@ -25,19 +25,55 @@ S50_authentication_check() {
   LOG_FILE="$( get_log_file )"
   AUTH_ISSUES=0
 
-  user_zero
-  non_unique_acc
-  non_unique_group_id
-  non_unique_group_name
-  query_user_acc
-  query_nis_plus_auth_supp
-  check_sudoers
-  check_owner_perm_sudo_config
-  search_pam_testing_libs
-  scan_pam_conf
-  search_pam_configs
-  search_pam_files
+  if [[ "$THREADED" -eq 1 ]]; then
+    user_zero &
+    WAIT_PIDS_S50+=( "$!" )
+    non_unique_acc &
+    WAIT_PIDS_S50+=( "$!" )
+    non_unique_group_id &
+    WAIT_PIDS_S50+=( "$!" )
+    non_unique_group_name &
+    WAIT_PIDS_S50+=( "$!" )
+    query_user_acc &
+    WAIT_PIDS_S50+=( "$!" )
+    query_nis_plus_auth_supp &
+    WAIT_PIDS_S50+=( "$!" )
+    check_sudoers &
+    WAIT_PIDS_S50+=( "$!" )
+    check_owner_perm_sudo_config &
+    WAIT_PIDS_S50+=( "$!" )
+    search_pam_testing_libs &
+    WAIT_PIDS_S50+=( "$!" )
+    scan_pam_conf &
+    WAIT_PIDS_S50+=( "$!" )
+    search_pam_configs &
+    WAIT_PIDS_S50+=( "$!" )
+    search_pam_files &
+    WAIT_PIDS_S50+=( "$!" )
+  else
+    user_zero
+    non_unique_acc
+    non_unique_group_id
+    non_unique_group_name
+    query_user_acc
+    query_nis_plus_auth_supp
+    check_sudoers
+    check_owner_perm_sudo_config
+    search_pam_testing_libs
+    scan_pam_conf
+    search_pam_configs
+    search_pam_files
+  fi
+
+  if [[ "$THREADED" -eq 1 ]]; then
+    wait_for_pid "${WAIT_PIDS_S50[@]}"
+  fi
 
+  if [[ -f "$TMP_DIR"/S50_AUTH_ISSUES.tmp ]]; then
+    while read -r ISSUES; do
+      (( AUTH_ISSUES="$AUTH_ISSUES"+"$ISSUES" ))
+    done < "$TMP_DIR"/S50_AUTH_ISSUES.tmp
+  fi
   echo -e "\\n[*] Statistics:$AUTH_ISSUES" >> "$LOG_FILE"
 
   module_end_log "${FUNCNAME[0]}" "$AUTH_ISSUES"
@@ -48,6 +84,7 @@ user_zero() {
 
   print_output "[*] Searching accounts with UID 0"
   local CHECK=0
+  local AUTH_ISSUES=0
   local PASSWD_FILE_PATHS
   mapfile -t PASSWD_FILE_PATHS < <(mod_path "/ETC_PATHS/passwd")
 
@@ -68,13 +105,15 @@ user_zero() {
   if [[ $CHECK -eq 0 ]] ; then
     print_output "[-] /etc/passwd not available"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 non_unique_acc() {
   sub_module_title "Non-unique accounts"
 
   print_output "[*] Searching non-unique accounts"
   local CHECK=0
+  local AUTH_ISSUES=0
   local PASSWD_FILE_PATHS
   mapfile -t PASSWD_FILE_PATHS < <(mod_path "/ETC_PATHS/passwd")
 
@@ -95,13 +134,15 @@ non_unique_acc() {
   if [[ $CHECK -eq 0 ]] ; then
     print_output "[-] /etc/passwd not available"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 non_unique_group_id() {
   sub_module_title "Unique group IDs"
 
   print_output "[*] Searching non-unique group ID's"
   local CHECK=0
+  local AUTH_ISSUES=0
   local GROUP_PATHS
   mapfile -t GROUP_PATHS < <(mod_path "/ETC_PATHS/group")
 
@@ -122,13 +163,15 @@ non_unique_group_id() {
   if [[ $CHECK -eq 0 ]] ; then
     print_output "[-] /etc/group not available"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 non_unique_group_name() {
   sub_module_title "Unique group name"
 
   print_output "[*] Searching non-unique group names"
   local CHECK=0
+  local AUTH_ISSUES=0
   local GROUP_PATHS
   mapfile -t GROUP_PATHS < <(mod_path "/ETC_PATHS/group")
 
@@ -149,13 +192,15 @@ non_unique_group_name() {
   if [[ $CHECK -eq 0 ]] ; then
     print_output "[-] /etc/group not available"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 query_user_acc() {
   sub_module_title "Query user accounts"
 
   print_output "[*] Reading system users"
   local CHECK=0
+  local AUTH_ISSUES=0
   local PASSWD_FILE_PATHS
   mapfile -t PASSWD_FILE_PATHS < <(mod_path "/ETC_PATHS/passwd")
 
@@ -188,13 +233,15 @@ query_user_acc() {
   if [[ $CHECK -eq 0 ]] ; then
     print_output "[-] /etc/passwd not available"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 query_nis_plus_auth_supp() {
   sub_module_title "Query NIS and NIS+ authentication support"
 
   print_output "[*] Check nsswitch.conf"
   local CHECK=0
+  local AUTH_ISSUES=0
   local NSS_PATH_L
   mapfile -t NSS_PATH_L < <(mod_path "/ETC_PATHS/nsswitch.conf")
   for NSS_PATH in "${NSS_PATH_L[@]}"; do
@@ -227,11 +274,13 @@ query_nis_plus_auth_supp() {
   if [[ $CHECK -eq 0 ]] ; then
     print_output "[-] /etc/nsswitch.conf not available"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 check_sudoers() {
   sub_module_title "Scan and test sudoers files"
   local SUDOERS_ISSUES
+  local AUTH_ISSUES=0
   local S_ISSUE
 
   for R_PATH in "${ROOT_PATH[@]}"; do
@@ -253,11 +302,13 @@ check_sudoers() {
       print_output "[-] No sudoers files found in $R_PATH"
     fi
   done
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 check_owner_perm_sudo_config() {
   sub_module_title "Ownership and permissions for sudo configuration files"
 
+  local AUTH_ISSUES=0
   if [[ "${#SUDOERS_FILES_ARR[@]}" -gt 0 ]]; then
     for FILE in "${SUDOERS_FILES_ARR[@]}"; do
       local SUDOERS_D
@@ -322,6 +373,7 @@ check_owner_perm_sudo_config() {
   else
     print_output "[-] No sudoers files found - no check possible"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 search_pam_testing_libs() {
@@ -330,6 +382,7 @@ search_pam_testing_libs() {
   print_output "[*] Searching PAM password testing modules (cracklib, passwdqc, pwquality)"
 
   local FILE_PATH FOUND FOUND_CRACKLIB FOUND_PASSWDQC FOUND_PWQUALITY
+  local AUTH_ISSUES=0
   mapfile -t FILE_PATH < <(mod_path_array "$(config_list "$CONFIG_DIR""/pam_files.cfg" "")")
 
   if [[ "${FILE_PATH[0]}" == "C_N_F" ]] ; then
@@ -400,13 +453,14 @@ search_pam_testing_libs() {
   else
     print_output "[-] No pam files found"
   fi
-
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 scan_pam_conf() {
   sub_module_title "Scan PAM configuration file"
 
   local CHECK=0
+  local AUTH_ISSUES=0
   local PAM_PATH_L
   mapfile -t PAM_PATH_L < <(mod_path "/ETC_PATHS/pam.conf")
   for PAM_PATH in "${PAM_PATH_L[@]}"; do
@@ -429,12 +483,14 @@ scan_pam_conf() {
   if [[ $CHECK -eq 0 ]] ; then
     print_output "[-] /etc/pam.conf not available"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 search_pam_configs() {
   sub_module_title "Searching PAM configurations and LDAP support in PAM files"
 
   local CHECK
+  local AUTH_ISSUES=0
   CHECK=0
   local PAM_PATH_L
   mapfile -t PAM_PATH_L < <(mod_path "/ETC_PATHS/pam.d")
@@ -472,12 +528,14 @@ search_pam_configs() {
   if [[ $CHECK -eq 0 ]] ; then
     print_output "[-] /etc/pam.d not available"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }
 
 search_pam_files() {
   sub_module_title "Searching available PAM files"
 
   local CHECK=0
+  local AUTH_ISSUES=0
   local PAM_FILES
   readarray -t PAM_FILES < <(config_find "$CONFIG_DIR""/pam_files.cfg")
 
@@ -507,4 +565,5 @@ search_pam_files() {
   else
     print_output "[-] Nothing found"
   fi
+  echo "$AUTH_ISSUES" >> "$TMP_DIR"/S50_AUTH_ISSUES.tmp
 }