diff --git a/.gitignore b/.gitignore
index 79b78b290..07d3971d8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,6 +2,7 @@
 log*/
 dir-combined.yara
 external/
+modules_local/
 tools/
 !external/.keep
 config/vt_api_key.txt
diff --git a/check_project.sh b/check_project.sh
index 0f452b04e..579847aa7 100755
--- a/check_project.sh
+++ b/check_project.sh
@@ -39,6 +39,7 @@ NC='\033[0m' # no color
 INSTALLER_DIR="./installer"
 HELP_DIR="./helpers"
 MOD_DIR="./modules"
+MOD_DIR_LOCAL="./modules_local"
 CONF_DIR="./config"
 REP_DIR="$CONF_DIR/report_templates"
 
@@ -46,8 +47,8 @@ SOURCES=()
 MODULES_TO_CHECK_ARR=()
 
 import_config_scripts() {
-  HELPERS=$(find "$CONF_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $HELPERS; do
+  mapfile -t HELPERS < <(find "$CONF_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in "${HELPERS[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")
@@ -56,8 +57,8 @@ import_config_scripts() {
 }
 
 import_helper() {
-  HELPERS=$(find "$HELP_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $HELPERS; do
+  mapfile -t HELPERS < <(find "$HELP_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in "${HELPERS[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")
@@ -66,8 +67,8 @@ import_helper() {
 }
 
 import_reporting_templates() {
-  REP_TEMP=$(find "$REP_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $REP_TEMP; do
+  mapfile -t REP_TEMP < <(find "$REP_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in "${REP_TEMP[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")
@@ -76,8 +77,11 @@ import_reporting_templates() {
 }
 
 import_module() {
-  MODULES=$(find "$MOD_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $MODULES; do
+  MODULES=()
+  mapfile -t MODULES_ < <(find "$MOD_DIR" -iname "*.sh" 2>/dev/null)
+  mapfile -t MODULES_LOCAL < <(find "$MOD_DIR_LOCAL" -iname "*.sh" 2>/dev/null)
+  MODULES=( "${MODULES_[@]}" "${MODULES_LOCAL[@]}")
+  for LINE in "${MODULES[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")
@@ -86,8 +90,9 @@ import_module() {
 }
 
 import_installer() {
-  MODULES=$(find "$INSTALLER_DIR" -iname "*.sh" 2>/dev/null)
-  for LINE in $MODULES; do
+  MODULES=()
+  mapfile -t MODULES < <(find "$INSTALLER_DIR" -iname "*.sh" 2>/dev/null)
+  for LINE in "${MODULES[@]}"; do
     if (file "$LINE" | grep -q "shell script"); then
       echo "$LINE"
       SOURCES+=("$LINE")
diff --git a/config/msf_cve-db.txt b/config/msf_cve-db.txt
index 6eb306d60..138a93960 100644
--- a/config/msf_cve-db.txt
+++ b/config/msf_cve-db.txt
@@ -77,6 +77,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_easycart_privilege_escalation.rb:CVE-2015-2673
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_gdpr_compliance_privesc.rb:CVE-2018-19207
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_google_maps_sqli.rb:CVE-2019-10692
+/usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_masterstudy_privesc.rb:CVE-2022-0441
 /usr/share/metasploit-framework/modules/auxiliary/admin/http/wp_symposium_sql_injection.rb:CVE-2015-6522
 /usr/share/metasploit-framework/modules/auxiliary/admin/kerberos/ms14_068_kerberos_checksum.rb:CVE-2014-6324
 /usr/share/metasploit-framework/modules/auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass.rb:CVE-2020-3952
@@ -189,6 +190,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/ftp/winftp230_nlst.rb:CVE-2008-5666
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/ftp/xmeasy560_nlst.rb:CVE-2008-5626
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/ftp/xmeasy570_nlst.rb:CVE-2008-5626
+/usr/share/metasploit-framework/modules/auxiliary/dos/windows/http/http_sys_accept_encoding_dos_cve_2021_31166.rb:CVE-2021-31166
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/http/ms10_065_ii6_asp_dos.rb:CVE-2010-1899
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/http/pi3web_isapi.rb:CVE-2008-6938
 /usr/share/metasploit-framework/modules/auxiliary/dos/windows/llmnr/ms11_030_dnsapi.rb:CVE-2011-0657
@@ -331,6 +333,7 @@
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/exchange_web_server_pushsubscription.rb:CVE-2019-0724
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/fortimail_login_bypass_detection.rb:CVE-2020-9294
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/gavazzi_em_login_loot.rb:CVE-2017-5146
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/gitlab_graphql_user_enum.rb:CVE-2021-4191
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/glassfish_login.rb:CVE-2011-0807
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/glassfish_traversal.rb:CVE-2017-1000028
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/goahead_traversal.rb:CVE-2014-9707
@@ -432,7 +435,9 @@
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_email_sub_news_sqli.rb:CVE-2019-20361
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_learnpress_sqli.rb:CVE-2020-6010
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_loginizer_log_sqli.rb:CVE-2020-27615
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_modern_events_calendar_sqli.rb:CVE-2021-24946
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_registrationmagic_sqli.rb:CVE-2021-24862
+/usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_secure_copy_content_protection_sqli.rb:CVE-2021-24931
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/wp_wps_hide_login_revealer.rb:CVE-2021-24917
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/yaws_traversal.rb:CVE-2011-4350
 /usr/share/metasploit-framework/modules/auxiliary/scanner/http/zenworks_assetmanagement_fileaccess.rb:CVE-2012-4933
@@ -684,6 +689,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/grandstream_ucm62xx_sendemail_rce.rb:CVE-2020-5722
 /usr/share/metasploit-framework/modules/exploits/linux/http/gravcms_exec.rb:CVE-2021-21425
 /usr/share/metasploit-framework/modules/exploits/linux/http/groundwork_monarch_cmd_exec.rb:CVE-2013-3502
+/usr/share/metasploit-framework/modules/exploits/linux/http/hikvision_cve_2021_36260_blind.rb:CVE-2021-36260
 /usr/share/metasploit-framework/modules/exploits/linux/http/ibm_drm_rce.rb:CVE-2020-4427
 /usr/share/metasploit-framework/modules/exploits/linux/http/ibm_drm_rce.rb:CVE-2020-4428
 /usr/share/metasploit-framework/modules/exploits/linux/http/ibm_drm_rce.rb:CVE-2020-4429
@@ -827,6 +833,8 @@
 /usr/share/metasploit-framework/modules/exploits/linux/local/cve_2021_3490_ebpf_alu32_bounds_check_lpe.rb:CVE-2021-3490
 /usr/share/metasploit-framework/modules/exploits/linux/local/cve_2021_3493_overlayfs.rb:CVE-2021-3493
 /usr/share/metasploit-framework/modules/exploits/linux/local/cve_2021_38648_omigod.rb:CVE-2021-38648
+/usr/share/metasploit-framework/modules/exploits/linux/local/cve_2021_4034_pwnkit_lpe_pkexec.rb:CVE-2021-4034
+/usr/share/metasploit-framework/modules/exploits/linux/local/cve_2022_0847_dirtypipe.rb:CVE-2022-0847
 /usr/share/metasploit-framework/modules/exploits/linux/local/docker_runc_escape.rb:CVE-2019-5736
 /usr/share/metasploit-framework/modules/exploits/linux/local/exim4_deliver_message_priv_esc.rb:CVE-2019-10149
 /usr/share/metasploit-framework/modules/exploits/linux/local/glibc_ld_audit_dso_load_priv_esc.rb:CVE-2010-3847
@@ -943,6 +951,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/browser/chrome_object_create.rb:CVE-2018-17463
 /usr/share/metasploit-framework/modules/exploits/multi/browser/chrome_simplifiedlowering_overflow.rb:CVE-2020-16040
 /usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_escape_retval.rb:CVE-2009-2477
+/usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_jit_use_after_free.rb:CVE-2020-26950
 /usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb:CVE-2015-0802
 /usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_pdfjs_privilege_escalation.rb:CVE-2015-0816
 /usr/share/metasploit-framework/modules/exploits/multi/browser/firefox_proto_crmfrequest.rb:CVE-2012-3993
@@ -989,6 +998,8 @@
 /usr/share/metasploit-framework/modules/exploits/multi/ftp/wuftpd_site_exec_format.rb:CVE-2000-0573
 /usr/share/metasploit-framework/modules/exploits/multi/http/activecollab_chat.rb:CVE-2012-6554
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_activemq_upload_jsp.rb:CVE-2016-3088
+/usr/share/metasploit-framework/modules/exploits/multi/http/apache_apisix_api_default_token_rce.rb:CVE-2020-13945
+/usr/share/metasploit-framework/modules/exploits/multi/http/apache_apisix_api_default_token_rce.rb:CVE-2022-24112
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_jetspeed_file_upload.rb:CVE-2016-0709
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_jetspeed_file_upload.rb:CVE-2016-0710
 /usr/share/metasploit-framework/modules/exploits/multi/http/apache_mod_cgi_bash_env_exec.rb:CVE-2014-6271
@@ -1140,6 +1151,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/sonicwall_gms_upload.rb:CVE-2013-1359
 /usr/share/metasploit-framework/modules/exploits/multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb:CVE-2014-4977
 /usr/share/metasploit-framework/modules/exploits/multi/http/splunk_mappy_exec.rb:CVE-2011-4642
+/usr/share/metasploit-framework/modules/exploits/multi/http/spring_cloud_function_spel_injection.rb:CVE-2022-22963
 /usr/share/metasploit-framework/modules/exploits/multi/http/struts2_code_exec_showcase.rb:CVE-2017-9791
 /usr/share/metasploit-framework/modules/exploits/multi/http/struts2_content_type_ognl.rb:CVE-2017-5638
 /usr/share/metasploit-framework/modules/exploits/multi/http/struts2_multi_eval_ognl.rb:CVE-2019-0230
@@ -1258,6 +1270,7 @@
 /usr/share/metasploit-framework/modules/exploits/osx/arkeia/type77.rb:CVE-2005-0491
 /usr/share/metasploit-framework/modules/exploits/osx/browser/adobe_flash_delete_range_tl_op.rb:CVE-2016-4117
 /usr/share/metasploit-framework/modules/exploits/osx/browser/osx_gatekeeper_bypass.rb:CVE-2021-30657
+/usr/share/metasploit-framework/modules/exploits/osx/browser/osx_gatekeeper_bypass.rb:CVE-2022-22616
 /usr/share/metasploit-framework/modules/exploits/osx/browser/safari_file_policy.rb:CVE-2011-3230
 /usr/share/metasploit-framework/modules/exploits/osx/browser/safari_in_operator_side_effect.rb:CVE-2020-9801
 /usr/share/metasploit-framework/modules/exploits/osx/browser/safari_in_operator_side_effect.rb:CVE-2020-9850
@@ -1320,6 +1333,7 @@
 /usr/share/metasploit-framework/modules/exploits/unix/http/laravel_token_unserialize_exec.rb:CVE-2018-15133
 /usr/share/metasploit-framework/modules/exploits/unix/http/lifesize_room.rb:CVE-2011-2763
 /usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_clickjacking.rb:CVE-2017-1000479
+/usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_diag_routes_webshell.rb:CVE-2021-41282
 /usr/share/metasploit-framework/modules/exploits/unix/http/pfsense_graph_injection_exec.rb:CVE-2016-10709
 /usr/share/metasploit-framework/modules/exploits/unix/http/pihole_blocklist_exec.rb:CVE-2020-11108
 /usr/share/metasploit-framework/modules/exploits/unix/http/pihole_dhcp_mac_exec.rb:CVE-2020-8816
@@ -1926,6 +1940,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec.rb:CVE-2012-5357
 /usr/share/metasploit-framework/modules/exploits/windows/http/ektron_xslt_exec_ws.rb:CVE-2015-0923
 /usr/share/metasploit-framework/modules/exploits/windows/http/ericom_access_now_bof.rb:CVE-2014-3913
+/usr/share/metasploit-framework/modules/exploits/windows/http/exchange_chainedserializationbinder_denylist_typo_rce.rb:CVE-2021-42321
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-16875
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_dlp_policy.rb:CVE-2020-17132
 /usr/share/metasploit-framework/modules/exploits/windows/http/exchange_ecp_viewstate.rb:CVE-2020-0688
@@ -2108,9 +2123,12 @@
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2020_1313_system_orchestrator.rb:CVE-2020-1313
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2020_1337_printerdemon.rb:CVE-2020-1337
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2020_17136.rb:CVE-2020-17136
-/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2021_1732_win32k.rb:CVE-2021-1732
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2021_21551_dbutil_memmove.rb:CVE-2021-21551
 /usr/share/metasploit-framework/modules/exploits/windows/local/cve_2021_40449.rb:CVE-2021-40449
+/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2022_21882_win32k.rb:CVE-2021-1732
+/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2022_21882_win32k.rb:CVE-2022-21882
+/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2022_21999_spoolfool_privesc.rb:CVE-2022-21999
+/usr/share/metasploit-framework/modules/exploits/windows/local/cve_2022_26904_superprofile.rb:CVE-2022-26904
 /usr/share/metasploit-framework/modules/exploits/windows/local/docker_credential_wincred.rb:CVE-2019-15752
 /usr/share/metasploit-framework/modules/exploits/windows/local/druva_insync_insynccphwnet64_rcp_type_5_priv_esc.rb:CVE-2019-3999
 /usr/share/metasploit-framework/modules/exploits/windows/local/druva_insync_insynccphwnet64_rcp_type_5_priv_esc.rb:CVE-2020-5752
@@ -2186,6 +2204,7 @@
 /usr/share/metasploit-framework/modules/exploits/windows/misc/cloudme_sync.rb:CVE-2018-6892
 /usr/share/metasploit-framework/modules/exploits/windows/misc/commvault_cmd_exec.rb:CVE-2017-18044
 /usr/share/metasploit-framework/modules/exploits/windows/misc/crosschex_device_bof.rb:CVE-2019-12518
+/usr/share/metasploit-framework/modules/exploits/windows/misc/cve_2022_28381_allmediaserver_bof.rb:CVE-2022-28381
 /usr/share/metasploit-framework/modules/exploits/windows/misc/disk_savvy_adm.rb:CVE-2018-6481
 /usr/share/metasploit-framework/modules/exploits/windows/misc/doubletake.rb:CVE-2008-1661
 /usr/share/metasploit-framework/modules/exploits/windows/misc/eiqnetworks_esa.rb:CVE-2006-3838
diff --git a/config/report_templates/F20_vul_aggregator-post.sh b/config/report_templates/F20_vul_aggregator-post.sh
index 09211d6b1..7d2b1cd46 100644
--- a/config/report_templates/F20_vul_aggregator-post.sh
+++ b/config/report_templates/F20_vul_aggregator-post.sh
@@ -5,3 +5,6 @@ print_output "$(indent "${ORANGE}R$NC - remote exploits")"
 print_output "$(indent "${ORANGE}L$NC - local exploits")"
 print_output "$(indent "${ORANGE}D$NC - DoS exploits")"
 print_output "$(indent "${ORANGE}G$NC - PoC code found on Github (unknown exploit vector)")"
+write_link "https://github.com/trickest/cve"
+print_output "$(indent "${ORANGE}X$NC - Vulnerability is known as exploited")"
+write_link "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
diff --git a/docker-compose.yml b/docker-compose.yml
index 42d72fb27..aba13889b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,14 +2,29 @@ version: "3"
 services:
   emba:
     image: embeddedanalyzer/emba:latest
-    build: .
+    read_only: true
+    # all pre-checker mount modules need privileged mode
     privileged: true
+    # /root is needed for binwalk
+    # /tmp is needed for FACT extractor
+    # /run is needed for postgresql (currently only working with rw) and others
+    # /external/FirmAE_orig/scratch is needed for FirmAE - this is temp and will be removed in the future
+    tmpfs:
+      - /tmp
+      - /root
+      - /run
+      - /var/run
+      - /external/FirmAE_orig/scratch
+      - /external/firmadyne_orig/scratch
+    build: .
+    # dev is needed for the system emulator (L10)
     volumes:
         - ${FIRMWARE}/:/firmware:ro
         - ${LOG}/:/log
         - ${EMBA}/:/emba:ro
         - /etc/timezone:/etc/timezone:ro
         - /etc/localtime:/etc/localtime:ro
+        - /dev:/dev
     environment:
         - USER
     devices:
diff --git a/emba.sh b/emba.sh
index e564b8e90..8172cda0f 100755
--- a/emba.sh
+++ b/emba.sh
@@ -37,8 +37,14 @@ import_helper()
 import_module()
 {
   local MODULES=()
+  local MODULES_LOCAL=()
+  local MODULES_EMBA=()
   local MODULE_COUNT=0
-  mapfile -t MODULES < <(find "$MOD_DIR" -name "*.sh" | sort -V 2> /dev/null)
+  mapfile -t MODULES_EMBA < <(find "$MOD_DIR" -name "*.sh" | sort -V 2> /dev/null)
+  if [[ -d "${MOD_DIR_LOCAL}" ]]; then
+    mapfile -t MODULES_LOCAL < <(find "${MOD_DIR_LOCAL}" -name "*.sh" 2>/dev/null | sort -V 2> /dev/null)
+  fi
+  MODULES=( "${MODULES_EMBA[@]}" "${MODULES_LOCAL[@]}" )
   for MODULE_FILE in "${MODULES[@]}" ; do
     if ( file "$MODULE_FILE" | grep -q "shell script" ) && ! [[ "$MODULE_FILE" =~ \ |\' ]] ; then
       # https://github.com/koalaman/shellcheck/wiki/SC1090
@@ -107,7 +113,13 @@ run_modules()
 
   if [[ ${#SELECT_MODULES[@]} -eq 0 ]] || [[ $SELECT_PRE_MODULES_COUNT -eq 0 ]]; then
     local MODULES=()
-    mapfile -t MODULES < <(find "$MOD_DIR" -name "${MODULE_GROUP^^}""*_*.sh" | sort -V 2> /dev/null)
+    local MODULES_LOCAL=()
+    local MODULES_EMBA=()
+    mapfile -t MODULES_EMBA < <(find "$MOD_DIR" -name "${MODULE_GROUP^^}""*_*.sh" | sort -V 2> /dev/null)
+    if [[ -d "${MOD_DIR_LOCAL}" ]]; then
+      mapfile -t MODULES_LOCAL < <(find "${MOD_DIR_LOCAL}" -name "${MODULE_GROUP^^}""*.sh" 2>/dev/null | sort -V 2> /dev/null)
+    fi
+    MODULES=( "${MODULES_EMBA[@]}" "${MODULES_LOCAL[@]}" )
     if [[ $THREADING_SET -eq 1 && "${MODULE_GROUP^^}" != "P" ]] ; then
       sort_modules
     fi
@@ -158,7 +170,13 @@ run_modules()
         fi
       elif [[ "$SELECT_NUM" =~ ^["${MODULE_GROUP,,}","${MODULE_GROUP^^}"]{1} ]]; then
         local MODULES=()
-        mapfile -t MODULES < <(find "$MOD_DIR" -name "${MODULE_GROUP^^}""*_*.sh" | sort -V 2> /dev/null)
+        local MODULES_LOCAL=()
+        local MODULES_EMBA=()
+        mapfile -t MODULES_EMBA < <(find "$MOD_DIR" -name "${MODULE_GROUP^^}""*_*.sh" | sort -V 2> /dev/null)
+        if [[ -d "${MOD_DIR_LOCAL}" ]]; then
+          mapfile -t MODULES_LOCAL < <(find "${MOD_DIR_LOCAL}" -name "${MODULE_GROUP^^}""*.sh" 2>/dev/null | sort -V 2> /dev/null)
+        fi
+        MODULES=( "${MODULES_EMBA[@]}" "${MODULES_LOCAL[@]}" )
         if [[ $THREADING_SET -eq 1 ]] ; then
           sort_modules
         fi
@@ -211,6 +229,7 @@ main()
   export ARCH_CHECK=1
   export RTOS=0                 # Testing RTOS based OS
   export CWE_CHECKER=0
+  export CONTAINER_EXTRACT=0
   export DEEP_EXTRACTOR=0
   export FACT_EXTRACTOR=0
   export FIRMWARE=0
@@ -257,6 +276,7 @@ main()
   export EXT_DIR="$INVOCATION_PATH""/external"
   export HELP_DIR="$INVOCATION_PATH""/helpers"
   export MOD_DIR="$INVOCATION_PATH""/modules"
+  export MOD_DIR_LOCAL="$INVOCATION_PATH""/modules_local"
   export BASE_LINUX_FILES="$CONFIG_DIR""/linux_common_files.txt"
   export PATH_CVE_SEARCH="$EXT_DIR""/cve-search/bin/search.py"
   export MSF_PATH="/usr/share/metasploit-framework/modules/"
@@ -282,7 +302,7 @@ main()
   export EMBA_COMMAND
   EMBA_COMMAND="$(dirname "$0")""/emba.sh ""$*"
 
-  while getopts a:bA:cdDe:Ef:Fghik:l:m:MN:op:QrsStUxX:Y:WzZ: OPT ; do
+  while getopts a:bA:cC:dDe:Ef:Fghik:l:m:MN:op:QrsStUxX:Y:WzZ: OPT ; do
     case $OPT in
       a)
         export ARCH="$OPTARG"
@@ -295,6 +315,12 @@ main()
         banner_printer
         exit 0
         ;;
+      C)
+        # container extract only works outside the docker container
+        # lets extract it outside and afterwards start the EMBA docker
+        export CONTAINER_ID="$OPTARG"
+        export CONTAINER_EXTRACT=1
+        ;;
       c)
         export CWE_CHECKER=1
         ;;
@@ -408,10 +434,7 @@ main()
   fi
 
   if [[ "$UPDATE" -eq 1 ]]; then
-    print_output "[*] EMBA update starting ..." "no_log"
-    git pull
-    EMBA="$INVOCATION_PATH" FIRMWARE="$FIRMWARE_PATH" LOG="$LOG_DIR" docker pull embeddedanalyzer/emba
-    print_output "[*] Please restart your EMBA scan to apply the updates ..." "no_log"
+    emba_updater
     exit 0
   fi
 
@@ -483,7 +506,7 @@ main()
 
   # Print additional information about the firmware (-Y, -X, -Z, -N)
   print_firmware_info "$FW_VENDOR" "$FW_VERSION" "$FW_DEVICE" "$FW_NOTES"
-  if [[ "$KERNEL" -ne 1 ]]; then
+  if [[ "$KERNEL" -ne 1 && "$CONTAINER_EXTRACT" -ne 1 ]]; then
     check_init_size
   fi
 
@@ -511,6 +534,13 @@ main()
       # need to set it as fallback:
       export OUTPUT_DIR="$FIRMWARE_PATH"
     fi
+  elif [[ "$CONTAINER_EXTRACT" -eq 1 ]]; then
+    PRE_CHECK=1
+    print_output "[*] Firmware analysis of docker image starting." "no_log"
+    print_output "    EMBA starts with extracting the docker image $ORANGE$CONTAINER_ID$NC." "no_log"
+    export FIRMWARE_PATH="$LOG_DIR"/firmware/firmware_docker_extracted.tar
+    export OUTPUT_DIR="$FIRMWARE_PATH"
+    export FIRMWARE=1
   elif [[ -f "$FIRMWARE_PATH" ]]; then
     PRE_CHECK=1
     print_output "[*] Firmware binary detected." "no_log"
@@ -572,6 +602,7 @@ main()
         mkdir "$LOG_DIR" || true
       fi
       S25_kernel_check
+      exit 0
     fi
   fi
 
@@ -588,6 +619,13 @@ main()
     generate_trickest_db &
   fi
 
+  # we update the known_exploited_vulnerabilities.csv file on the host - if the file is here
+  export KNOWN_EXP_CSV="$TMP_DIR"/known_exploited_vulnerabilities.csv
+  if [[ -f "$EXT_DIR/known_exploited_vulnerabilities.csv" && "$IN_DOCKER" -eq 0 ]]; then
+    # we update the known_exploited_vulnerabilities.csv file on every scan and store the database in the tmp directory
+    update_known_exploitable &
+  fi
+
   if [[ $IN_DOCKER -eq 0 ]] ; then
     check_cve_search_job "$EMBA_PID" &
   fi
@@ -596,6 +634,13 @@ main()
     matrix_mode &
   fi
 
+  # if $CONTAINER_EXTRACT is set we extract the docker container with id $CONTAINER_ID outside of the
+  # EMBA container into log directory
+  # we do this only outside of the EMBA container - otherwise we will not reach the docker environment
+  if [[ "$CONTAINER_EXTRACT" -eq 1 && "$IN_DOCKER" -eq 0 ]] ; then
+    docker_container_extractor "$CONTAINER_ID"
+  fi
+
   #######################################################################################
   # Docker
   #######################################################################################
@@ -613,7 +658,7 @@ main()
 
     OPTIND=1
     ARGUMENTS=()
-    while getopts a:A:cdDe:Ef:Fghik:l:m:MN:op:QrsStUX:Y:WxzZ: OPT ; do
+    while getopts a:A:cC:dDe:Ef:Fghik:l:m:MN:op:QrsStUX:Y:WxzZ: OPT ; do
       case $OPT in
         D|f|i|l)
           ;;
@@ -645,8 +690,16 @@ main()
       if [[ "$STRICT_MODE" -eq 1 ]]; then
         set +e
       fi
-      EMBA="$INVOCATION_PATH" FIRMWARE="$FIRMWARE_PATH" LOG="$LOG_DIR" docker-compose run --rm emba -c './emba.sh -l /log -f /firmware -i "$@"' _ "${ARGUMENTS[@]}"
-      D_RETURN=$?
+      if [[ "$FULL_EMULATION" -eq 1 && -f ./docker-compose-insecure.yml ]]; then
+        # in full system emulation we currently need rw filesystem for FirmAE and firmadyne
+        # we will remove this in final system emulation mode
+        print_output "[!] Warning: Starting docker environment with insecure settings (Full system emulation)!" "no_log"
+        EMBA="$INVOCATION_PATH" FIRMWARE="$FIRMWARE_PATH" LOG="$LOG_DIR" docker-compose -f ./docker-compose-insecure.yml run --rm emba -c './emba.sh -l /log -f /firmware -i "$@"' _ "${ARGUMENTS[@]}"
+        D_RETURN=$?
+      else
+        EMBA="$INVOCATION_PATH" FIRMWARE="$FIRMWARE_PATH" LOG="$LOG_DIR" docker-compose run --rm emba -c './emba.sh -l /log -f /firmware -i "$@"' _ "${ARGUMENTS[@]}"
+        D_RETURN=$?
+      fi
       if [[ "$STRICT_MODE" -eq 1 ]]; then
         set -e
       fi
diff --git a/helpers/helpers_emba_dependency_check.sh b/helpers/helpers_emba_dependency_check.sh
index b54278fcc..97ff31d9a 100755
--- a/helpers/helpers_emba_dependency_check.sh
+++ b/helpers/helpers_emba_dependency_check.sh
@@ -304,6 +304,9 @@ dependency_check()
     # EnGenius decryptor - https://gist.github.com/ryancdotorg/914f3ad05bfe0c359b79716f067eaa99
     check_dep_file "EnGenius decryptor" "$EXT_DIR""/engenius-decrypt.py"
 
+    # Android payload.bin extractor
+    check_dep_file "Android payload.bin extractor" "$EXT_DIR""/payload_dumper/payload_dumper.py"
+
     # CVE-search
     # TODO change to portcheck and write one for external hosts
     check_dep_file "cve-search script" "$EXT_DIR""/cve-search/bin/search.py"
@@ -323,16 +326,16 @@ dependency_check()
     # firmadyne / FirmAE
     if [[ $FULL_EMULATION -eq 1 ]]; then
       # check only some of the needed files
-      check_dep_file "console.mipsel" "$EXT_DIR""/firmadyne/binaries/console.mipsel"
-      check_dep_file "vmlinux.mipseb" "$EXT_DIR""/firmadyne/binaries/vmlinux.mipseb"
-      check_dep_file "fixImage.sh" "$EXT_DIR""/firmadyne/scripts/fixImage_firmadyne.sh"
-      check_dep_file "preInit.sh" "$EXT_DIR""/firmadyne/scripts/preInit_firmadyne.sh"
+      check_dep_file "console.mipsel" "$EXT_DIR""/firmae/binaries/console.mipsel"
+      check_dep_file "vmlinux.mipseb" "$EXT_DIR""/firmae/binaries/vmlinux.mipseb.4"
+      check_dep_file "fixImage.sh" "$EXT_DIR""/firmae/scripts/fixImage.sh"
+      check_dep_file "preInit.sh" "$EXT_DIR""/firmae/scripts/preInit.sh"
       check_dep_tool "Qemu system emulator ARM" "qemu-system-arm"
       check_dep_tool "Qemu system emulator MIPS" "qemu-system-mips"
       check_dep_tool "Qemu system emulator MIPSel" "qemu-system-mipsel"
 
       # routersploit for full system emulation
-      #check_dep_file "Routersploit installation" "$EXT_DIR""/routersploit/rsf.py"
+      check_dep_file "Routersploit installation" "$EXT_DIR""/routersploit/rsf.py"
     fi
 
     # CVE searchsploit
@@ -405,6 +408,9 @@ dependency_check()
     # yara
     check_dep_tool "yara"
 
+    # patool extractor - https://wummel.github.io/patool/
+    check_dep_tool "patool"
+
     # stacs - https://github.com/stacscan/stacs
     check_dep_tool "STACS hash detection" "stacs"
 
diff --git a/helpers/helpers_emba_extractors.sh b/helpers/helpers_emba_extractors.sh
new file mode 100755
index 000000000..90ee49cc4
--- /dev/null
+++ b/helpers/helpers_emba_extractors.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2022 Siemens AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+
+# Description: Multiple useful helpers used in the extraction process
+
+docker_container_extractor() {
+  local CONT_ID="${1:-}"
+  LOG_FILE="$LOG_DIR"/p00_docker_extractor.txt
+  if ! [[ -d "$LOG_DIR"/firmware/ ]]; then
+    mkdir "$LOG_DIR"/firmware/
+  fi
+  if docker container ls -a | grep -q "$CONT_ID"; then
+    print_output "[*] Found docker container for extraction:"
+    docker container ls -a | grep "$CONT_ID" | tee -a "$LOG_FILE"
+    print_output ""
+  else
+    print_output "[-] Warning: Docker container with ID $ORANGE$CONT_ID$NC not found"
+    exit 1
+  fi
+
+  docker export -o "$LOG_DIR"/firmware/firmware_docker_extracted.tar "$CONT_ID"
+
+  if [[ -f "$LOG_DIR"/firmware/firmware_docker_extracted.tar ]]; then
+    print_output "[+] Exported docker container to $ORANGE$LOG_DIR/firmware/firmware_docker_extracted.tar$NC"
+  else
+    print_output "[-] Warning: Docker export for container ID $ORANGE$CONT_ID$NC failed"
+    exit 1
+  fi
+}
+
diff --git a/helpers/helpers_emba_helpers.sh b/helpers/helpers_emba_helpers.sh
index 88b20ec1b..bb1b6ac0e 100755
--- a/helpers/helpers_emba_helpers.sh
+++ b/helpers/helpers_emba_helpers.sh
@@ -118,3 +118,40 @@ cleaner() {
   exit 1
 }
 
+emba_updater() {
+  print_output "[*] EMBA update starting ..." "no_log"
+
+  git pull
+
+  EMBA="$INVOCATION_PATH" FIRMWARE="$FIRMWARE_PATH" LOG="$LOG_DIR" docker pull embeddedanalyzer/emba
+
+  if command -v cve_searchsploit > /dev/null ; then
+    print_output "[*] EMBA update - cve_searchsploit update" "no_log"
+    cve_searchsploit -u
+  fi
+
+  print_output "[*] EMBA update - cve-search update" "no_log"
+  /etc/init.d/redis-server start
+  "$EXT_DIR"/cve-search/sbin/db_updater.py -v
+
+  print_output "[*] EMBA update - trickest PoC update" "no_log"
+  if [[ -d "$EXT_DIR"/trickest-cve ]]; then
+    BASE_PATH=$(pwd)
+    cd "$EXT_DIR"/trickest-cve || exit
+    git pull
+    cd "$BASE_PATH" || exit
+  else
+    git clone https://github.com/trickest/cve.git "$EXT_DIR"/trickest-cve
+  fi
+
+  print_output "[*] Please note that this was only a data update and no installed packages were updated." "no_log"
+  print_output "[*] Please restart your EMBA scan to apply the updates ..." "no_log"
+}
+
+# this checks if a function is available
+function_exists() {
+
+  FCT_TO_CHECK="${1:-}"
+  declare -f -F "$FCT_TO_CHECK" > /dev/null
+  return $?
+}
diff --git a/helpers/helpers_emba_prepare.sh b/helpers/helpers_emba_prepare.sh
index d96958d6a..340341361 100755
--- a/helpers/helpers_emba_prepare.sh
+++ b/helpers/helpers_emba_prepare.sh
@@ -328,8 +328,10 @@ detect_root_dir_helper() {
   for R_PATH in "${ROOTx_PATH[@]}"; do
     if [[ -d "$R_PATH" ]]; then
       ROOT_PATH+=( "$R_PATH" )
-      if ! echo "$MECHANISM" | grep -q "file names"; then
-        MECHANISM="$MECHANISM / file names"
+      if ! echo "$MECHANISM" | grep -q "dir names"; then
+        MECHANISM="$MECHANISM / dir names"
+      elif ! echo "$MECHANISM" | grep -q "binary interpreter"; then
+        MECHANISM="dir names"
       fi
     fi
   done
@@ -339,6 +341,8 @@ detect_root_dir_helper() {
       ROOT_PATH+=( "$R_PATH" )
       if ! echo "$MECHANISM" | grep -q "file names"; then
         MECHANISM="$MECHANISM / file names"
+      elif ! echo "$MECHANISM" | grep -q "binary interpreter"; then
+        MECHANISM="file names"
       fi
     fi
   done
@@ -348,6 +352,8 @@ detect_root_dir_helper() {
       ROOT_PATH+=( "$R_PATH" )
       if ! echo "$MECHANISM" | grep -q "file names"; then
         MECHANISM="$MECHANISM / file names"
+      elif ! echo "$MECHANISM" | grep -q "binary interpreter"; then
+        MECHANISM="file names"
       fi
     fi
   done
@@ -393,7 +399,7 @@ generate_msf_db() {
 }
 
 generate_trickest_db() {
-  # only running on host in full installation (with trickest database installed)
+  # only running on host with trickest database installed
   # search all markdown files in the trickest directory and create a temporary file with the module path (including CVE) and github URL to exploit:
 
   if [[ -d "$EXT_DIR"/trickest-cve ]]; then
@@ -411,3 +417,17 @@ generate_trickest_db() {
   fi
 }
 
+update_known_exploitable() {
+  # only running on host with known_exploited_vulnerabilities.csv installed
+
+  if [[ -f "$EXT_DIR"/known_exploited_vulnerabilities.csv ]]; then
+    print_output "[*] Update the known_exploited_vulnerabilities file" "no_log"
+    wget https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv -O "$EXT_DIR"/known_exploited_vulnerabilities.csv || true
+    cp "$EXT_DIR"/known_exploited_vulnerabilities.csv "$KNOWN_EXP_CSV"
+    if [[ -f "$KNOWN_EXP_CSV" ]]; then
+      print_output "[*] Known exploit database now has $ORANGE$(wc -l "$KNOWN_EXP_CSV" | awk '{print $1}')$NC exploit entries." "no_log"
+    fi
+  else
+    print_output "[*] No update of the known_exploited_vulnerabilities.csv file performed." "no_log"
+  fi
+}
diff --git a/helpers/helpers_emba_print.sh b/helpers/helpers_emba_print.sh
index 6d5871073..e3013c64b 100755
--- a/helpers/helpers_emba_print.sh
+++ b/helpers/helpers_emba_print.sh
@@ -99,7 +99,7 @@ print_output()
   if [[ "$TYPE_CHECK" == "[-]" || "$TYPE_CHECK" == "[*]" || "$TYPE_CHECK" == "[!]" || "$TYPE_CHECK" == "[+]" ]] ; then
     local COLOR_OUTPUT_STRING=""
     COLOR_OUTPUT_STRING="$(color_output "$OUTPUT")"
-    echo -e "$COLOR_OUTPUT_STRING"
+    echo -e "$COLOR_OUTPUT_STRING" || true
     if [[ "$LOG_SETTING" == "main" ]] ; then
       echo -e "$(format_log "$COLOR_OUTPUT_STRING")" | tee -a "$MAIN_LOG" >/dev/null
     elif [[ "$LOG_SETTING" != "no_log" ]] ; then
@@ -452,6 +452,7 @@ print_help()
   echo -e "$CYAN""-U""$NC""                Check and apply available updates and exit"
   echo -e "\\nSpecial tests"
   echo -e "$CYAN""-k [./config]""$NC""     Kernel config path"
+  echo -e "$CYAN""-C [container id]""$NC"" Extract and analyze a local docker container via container id"
   echo -e "$CYAN""-x""$NC""                Enable deep extraction - try to extract every file two times with binwalk (WARNING: Uses a lot of disk space)"
   echo -e "$CYAN""-t""$NC""                Activate multi threading (destroys regular console output)"
   echo -e "$CYAN""-o""$NC""                Activate online checks (e.g. upload and test with VirusTotal)"
@@ -535,6 +536,10 @@ module_start_log() {
   MODULE_MAIN_NAME="${1:-}"
   print_output "[*] $(date) - $MODULE_MAIN_NAME starting" "main"
   export LOG_PATH_MODULE
+  if [[ "${LOG_DIR: -1}" == "/" ]]; then
+    #strip final slash from log dir
+    LOG_DIR="${LOG_DIR:: -1}"
+  fi
   LOG_PATH_MODULE="$LOG_DIR""/""$(echo "$MODULE_MAIN_NAME" | tr '[:upper:]' '[:lower:]')"
   if ! [[ -d "$LOG_PATH_MODULE" ]] ; then mkdir "$LOG_PATH_MODULE" || true; fi
 }
diff --git a/installer.sh b/installer.sh
index e1639f881..1b0667bb7 100755
--- a/installer.sh
+++ b/installer.sh
@@ -157,6 +157,8 @@ if [[ "$CVE_SEARCH" -ne 1 ]] || [[ "$DOCKER_SETUP" -ne 1 ]] || [[ "$IN_DOCKER" -
 
   I05_emba_docker_image_dl
 
+  IP00_extractors
+
   IP12_avm_freetz_ng_extract
 
   IP18_qnap_decryptor
@@ -180,8 +182,11 @@ if [[ "$CVE_SEARCH" -ne 1 ]] || [[ "$DOCKER_SETUP" -ne 1 ]] || [[ "$IN_DOCKER" -
   I120_cwe_checker
 
   IL10_system_emulator
-  # for the future
-  # IL20_firmae_system_emulator
+
+  # for testing only:
+  IL21_firmae_system_emulator
+  # for testing only:
+  IL22_firmadyne_system_emulator
 
   IL15_emulated_checks_init
 
diff --git a/installer/I120_cwe_checker.sh b/installer/I120_cwe_checker.sh
index a7b4fea01..d83b19929 100644
--- a/installer/I120_cwe_checker.sh
+++ b/installer/I120_cwe_checker.sh
@@ -24,7 +24,7 @@ I120_cwe_checker() {
     print_git_info "cwe-checker" "fkie-cad/cwe_checker" "cwe_checker is a suite of checks to detect common bug classes such as use of dangerous functions and simple integer overflows."
     echo -e "$ORANGE""cwe-checker will be downloaded.""$NC"
     print_file_info "OpenJDK" "OpenJDK for cwe-checker" "https://github.com/adoptium/temurin11-binaries/releases/download/jdk-11.0.12%2B7/OpenJDK11U-jdk_x64_linux_hotspot_11.0.12_7.tar.gz" "external/jdk.tar.gz"
-    print_file_info "GHIDRA" "Ghidra for cwe-checker" "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.0.2_build/ghidra_10.0.2_PUBLIC_20210804.zip" "external/ghidra.zip"
+    print_file_info "GHIDRA" "Ghidra for cwe-checker" "https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.2_build/ghidra_10.1.2_PUBLIC_20220125.zip" "external/ghidra.zip"
 
     if [[ "$LIST_DEP" -eq 1 ]] || [[ $DOCKER_SETUP -eq 1 ]] ; then
       ANSWER=("n")
@@ -59,17 +59,18 @@ I120_cwe_checker() {
 
           # Ghidra
           if [[ -d ./external/ghidra ]] ; then rm -R ./external/ghidra ; fi
-          curl -L https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.0.2_build/ghidra_10.0.2_PUBLIC_20210804.zip -Sf -o external/ghidra.zip
+          #curl -L https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.2_build/ghidra_10.1.2_PUBLIC_20210804.zip -Sf -o external/ghidra.zip
+          curl -L https://github.com/NationalSecurityAgency/ghidra/releases/download/Ghidra_10.1.2_build/ghidra_10.1.2_PUBLIC_20220125.zip -Sf -o external/ghidra.zip
           mkdir external/ghidra 2>/dev/null
           unzip -qo external/ghidra.zip -d external/ghidra
-          sed -i s@JAVA_HOME_OVERRIDE=@JAVA_HOME_OVERRIDE=external/jdk@g external/ghidra/ghidra_10.0.2_PUBLIC/support/launch.properties
+          sed -i s@JAVA_HOME_OVERRIDE=@JAVA_HOME_OVERRIDE=external/jdk@g external/ghidra/ghidra_10.1.2_PUBLIC/support/launch.properties
           rm external/ghidra.zip
 
           if [[ -d ./external/cwe_checker ]] ; then rm -R ./external/cwe_checker ; fi
           mkdir external/cwe_checker 2>/dev/null
           git clone https://github.com/fkie-cad/cwe_checker.git external/cwe_checker
           cd external/cwe_checker || exit 1
-          make all GHIDRA_PATH=external/ghidra/ghidra_10.0.2_PUBLIC
+          make all GHIDRA_PATH=external/ghidra/ghidra_10.1.2_PUBLIC
           cd "$HOME_PATH" || exit 1
 
           mv "$HOME""/.cargo/bin" "external/cwe_checker/bin"
diff --git a/installer/IF20_cve_search.sh b/installer/IF20_cve_search.sh
index 4cb33f95f..ad4e33cef 100644
--- a/installer/IF20_cve_search.sh
+++ b/installer/IF20_cve_search.sh
@@ -142,4 +142,26 @@ IF20_cve_search() {
       ;;
     esac
   fi
+
+  if [[ "$LIST_DEP" -eq 1 ]] || [[ $IN_DOCKER -eq 1 ]] || [[ $DOCKER_SETUP -eq 1 ]] || [[ $FULL -eq 1 ]]; then
+    cd "$HOME_PATH" || exit 1
+
+    # see https://www.cisa.gov/known-exploited-vulnerabilities-catalog
+    print_file_info "known_exploited_vulnerabilities.csv" "CISA.gov list of known_exploited_vulnerabilities.csv" "https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv" "external/known_exploited_vulnerabilities.csv"
+
+    if [[ "$LIST_DEP" -eq 1 ]] ; then
+      ANSWER=("n")
+    else
+      echo -e "\\n""$MAGENTA""$BOLD""These rules (if not already on the system) will be downloaded!""$NC"
+      ANSWER=("y")
+    fi
+
+    case ${ANSWER:0:1} in
+      y|Y )
+
+        download_file "known_exploited_vulnerabilities.csv" "https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv" "external/known_exploited_vulnerabilities.csv"
+
+      ;;
+    esac
+  fi
 } 
diff --git a/installer/IL10_system_emulator.sh b/installer/IL10_system_emulator.sh
index 524c14ebf..e17d113a6 100644
--- a/installer/IL10_system_emulator.sh
+++ b/installer/IL10_system_emulator.sh
@@ -2,8 +2,8 @@
 
 # EMBA - EMBEDDED LINUX ANALYZER
 #
-# Copyright 2020-2022 Siemens AG
 # Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2022 Siemens AG
 #
 # EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.
@@ -12,9 +12,9 @@
 # EMBA is licensed under GPLv3
 #
 # Author(s): Michael Messner, Pascal Eckmann
-# Contributor(s): Stefan Haboeck, Nikolas Papaioannou
 
-# Description:  Installs firmadyne / full system emulation
+# Description:  Installs full system emulation dependencies
+#               Module is based on FirmAE and firmadyne
 
 IL10_system_emulator() {
   module_title "${FUNCNAME[0]}"
@@ -36,96 +36,87 @@ IL10_system_emulator() {
     print_tool_info "qemu-system-mips" 1
     print_tool_info "qemu-system-x86" 1
     print_tool_info "qemu-utils" 1
-
-    print_file_info "vmlinux.mipsel" "Firmadyne - Linux kernel 2.6 - MIPSel" "https://github.com/firmadyne/kernel-v2.6/releases/download/v1.1/vmlinux.mipsel" "external/firmadyne/binaries/vmlinux.mipsel"
-    print_file_info "vmlinux.mipseb" "Firmadyne - Linux kernel 2.6 - MIPSeb" "https://github.com/firmadyne/kernel-v2.6/releases/download/v1.1/vmlinux.mipseb" "external/firmadyne/binaries/vmlinux.mipseb"
-    print_file_info "zImage.armel" "Firmadyne - Linux kernel 4.1 - ARMel" "https://github.com/firmadyne/kernel-v4.1/releases/download/v1.1/zImage.armel" "external/firmadyne/binaries/zImage.armel"
-    print_file_info "console.armel" "Firmadyne - Console - ARMel" "https://github.com/firmadyne/console/releases/download/v1.0/console.armel" "external/firmadyne/binaries/console.armel"
-    print_file_info "console.mipseb" "Firmadyne - Console - MIPSeb" "https://github.com/firmadyne/console/releases/download/v1.0/console.mipseb" "external/firmadyne/binaries/console.mipseb"
-    print_file_info "console.mipsel" "Firmadyne - Console - MIPSel" "https://github.com/firmadyne/console/releases/download/v1.0/console.mipsel" "external/firmadyne/binaries/console.mipsel"
-    print_file_info "libnvram.so.armel" "Firmadyne - libnvram - ARMel" "https://github.com/firmadyne/libnvram/releases/download/v1.0c/libnvram.so.armel" "external/firmadyne/binaries/libnvram.so.armel"
-    print_file_info "libnvram.so.mipseb" "Firmadyne - libnvram - MIPSeb" "https://github.com/firmadyne/libnvram/releases/download/v1.0c/libnvram.so.mipseb" "external/firmadyne/binaries/libnvram.so.mipseb"
-    print_file_info "libnvram.so.mipsel" "Firmadyne - libnvram - MIPSel" "https://github.com/firmadyne/libnvram/releases/download/v1.0c/libnvram.so.mipsel" "external/firmadyne/binaries/libnvram.so.mipsel"
-    print_file_info "fixImage.sh" "Firmadyne fixImage script" "https://raw.githubusercontent.com/firmadyne/firmadyne/master/scripts/fixImage.sh" "external/firmadyne/scripts/"
-    print_file_info "preInit.sh" "Firmadyne preInit script" "https://raw.githubusercontent.com/firmadyne/firmadyne/master/scripts/preInit.sh" "external/firmadyne/scripts/"
+    print_tool_info "hping3" 1
+
+    # future use:
+    print_file_info "vmlinux.mipsel.2" "FirmAE - Linux kernel 2.6 - MIPSel" "https://github.com/pr0v3rbs/FirmAE_kernel-v2.6/releases/download/v1.0/vmlinux.mipsel.2" "external/firmae/binaries/vmlinux.mipsel.2"
+    print_file_info "vmlinux.mipseb.2" "FirmAE - Linux kernel 2.6 - MIPSeb" "https://github.com/pr0v3rbs/FirmAE_kernel-v2.6/releases/download/v1.0/vmlinux.mipseb.2" "external/firmae/binaries/vmlinux.mipseb.2"
+    print_file_info "vmlinux.mipsel.4" "FirmAE - Linux kernel 4.1 - MIPSel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.mipsel.4" "external/firmae/binaries/vmlinux.mipsel.4"
+    print_file_info "vmlinux.mipseb.4" "FirmAE - Linux kernel 4.1 - MIPSeb" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.mipseb.4" "external/firmae/binaries/vmlinux.mipseb.4"
+
+    print_file_info "zImage.armel" "FirmAE - Linux kernel 4.1 - ARMel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/zImage.armel" "external/firmae/binaries/zImage.armel"
+    print_file_info "vmlinux.armel" "FirmAE - Linux kernel 4.1 - ARMel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.armel" "external/firmae/binaries/vmlinux.armel"
+
+    print_file_info "busybox.armel" "FirmAE - busybox - ARMel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.armel" "external/firmae/binaries/console.armel"
+    print_file_info "busybox.mipseb" "FirmAE - busybox - MIPSeb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.mipseb" "external/firmae/binaries/console.mipseb"
+    print_file_info "busybox.mipsel" "FirmAE - busybox - MIPSel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.mipsel" "external/firmae/binaries/console.mipsel"
+
+    print_file_info "console.armel" "FirmAE - Console - ARMel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.armel" "external/firmae/binaries/console.armel"
+    print_file_info "console.mipseb" "FirmAE - Console - MIPSeb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.mipseb" "external/firmae/binaries/console.mipseb"
+    print_file_info "console.mipsel" "FirmAE - Console - MIPSel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.mipsel" "external/firmae/binaries/console.mipsel"
+
+    print_file_info "libnvram.so.armel" "FirmAE - libnvram - ARMel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.armel" "external/firmae/binaries/libnvram.so.armel"
+    print_file_info "libnvram.so.mipseb" "FirmAE - libnvram - MIPSeb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.mipseb" "external/firmae/binaries/libnvram.so.mipseb"
+    print_file_info "libnvram.so.mipsel" "FirmAE - libnvram - MIPSel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.mipsel" "external/firmae/binaries/libnvram.so.mipsel"
+    print_file_info "libnvram_ioctl.so.armel" "FirmAE - libnvram_ioctl - ARMel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.armel" "external/firmae/binaries/libnvram_ioctl.so.armel"
+    print_file_info "libnvram_ioctl.so.mipseb" "FirmAE - libnvram_ioctl - MIPSeb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.mipseb" "external/firmae/binaries/libnvram_ioctl.so.mipseb"
+    print_file_info "libnvram_ioctl.so.mipsel" "FirmAE - libnvram_ioctl - MIPSel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.mipsel" "external/firmae/binaries/libnvram_ioctl.so.mipsel"
+
+    print_file_info "fixImage.sh" "FirmAE fixImage script" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/fixImage.sh" "external/firmae/scripts/"
+    print_file_info "preInit.sh" "FirmAE preInit script" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/preInit.sh" "external/firmae/scripts/"
+    print_file_info "network.sh" "FirmAE network script" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/network.sh" "external/firmae/scripts/"
+    print_file_info "makeNetwork.sh" "FirmAE makeNetwork script" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/makeNetwork.sh" "external/firmae/scripts/"
+    print_file_info "run_service.sh" "FirmAE run_service script" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/run_service.sh" "external/firmae/scripts/"
+    print_file_info "inferFile.sh" "FirmAE inferFile script" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/inferFile.sh" "external/firmae/scripts/"
 
     if [[ "$LIST_DEP" -eq 1 ]] || [[ $DOCKER_SETUP -eq 1 ]] ; then
       ANSWER=("n")
     else
-      echo -e "\\n""$MAGENTA""$BOLD""The firmadyne dependencies (if not already on the system) will be downloaded and installed!""$NC"
+      echo -e "\\n""$MAGENTA""$BOLD""The system emulation dependencies (if not already on the system) will be downloaded and installed!""$NC"
       ANSWER=("y")
     fi
 
     case ${ANSWER:0:1} in
       y|Y )
 
-      mkdir -p external/firmadyne/binaries
-      mkdir -p external/firmadyne/binaries_FirmAE
-      mkdir -p external/firmadyne/scripts
+      mkdir -p external/firmae/binaries
+      mkdir -p external/firmae/scripts
 
       apt-get install "${INSTALL_APP_LIST[@]}" -y
 
-      # Firmadyne stuff:
-      if ! [[ -f "external/firmadyne/binaries/vmlinux.mipsel" ]]; then
-        download_file "vmlinux.mipsel" "https://github.com/firmadyne/kernel-v2.6/releases/download/v1.1/vmlinux.mipsel" "external/firmadyne/binaries/vmlinux.mipsel"
-      else
-        echo -e "$GREEN""vmlinux.mipsel already installed""$NC"
-      fi
-
-      if ! [[ -f "external/firmadyne/binaries/vmlinux.mipseb" ]]; then
-        download_file "vmlinux.mipseb" "https://github.com/firmadyne/kernel-v2.6/releases/download/v1.1/vmlinux.mipseb" "external/firmadyne/binaries/vmlinux.mipseb"
-      else
-        echo -e "$GREEN""vmlinux.mipseb already installed""$NC"
-      fi
-
-      if ! [[ -f "external/firmadyne/binaries/zImage.armel" ]]; then
-        download_file "zImage.armel" "https://github.com/firmadyne/kernel-v4.1/releases/download/v1.1/zImage.armel" "external/firmadyne/binaries/zImage.armel"
-      else
-        echo -e "$GREEN""zImage.armel already installed""$NC"
-      fi
-
-      if ! [[ -f "external/firmadyne/binaries/console.armel" ]]; then
-        download_file "console.armel" "https://github.com/firmadyne/console/releases/download/v1.0/console.armel" "external/firmadyne/binaries/console.armel"
-      else
-        echo -e "$GREEN""console.armel already installed""$NC"
-      fi
-      if ! [[ -f "external/firmadyne/binaries/console.mipseb" ]]; then
-        download_file "console.mipseb" "https://github.com/firmadyne/console/releases/download/v1.0/console.mipseb" "external/firmadyne/binaries/console.mipseb"
-      else
-        echo -e "$GREEN""console.mipseb already installed""$NC"
-      fi
-      if ! [[ -f "external/firmadyne/binaries/console.mipsel" ]]; then
-        download_file "console.mipsel" "https://github.com/firmadyne/console/releases/download/v1.0/console.mipsel" "external/firmadyne/binaries/console.mipsel"
-      else
-        echo -e "$GREEN""console.mipsel already installed""$NC"
-      fi
-
-      if ! [[ -f "external/firmadyne/binaries/libnvram.so.armel" ]]; then
-        download_file "libnvram.so.armel" "https://github.com/firmadyne/libnvram/releases/download/v1.0c/libnvram.so.armel" "external/firmadyne/binaries/libnvram.so.armel"
-      else
-        echo -e "$GREEN""libnvram.so.armel already installed""$NC"
-      fi
-      if ! [[ -f "external/firmadyne/binaries/libnvram.so.mipseb" ]]; then
-        download_file "libnvram.so.mipseb" "https://github.com/firmadyne/libnvram/releases/download/v1.0c/libnvram.so.mipseb" "external/firmadyne/binaries/libnvram.so.mipseb"
-      else
-        echo -e "$GREEN""libnvram.so.mipseb already installed""$NC"
-      fi
-      if ! [[ -f "external/firmadyne/binaries/libnvram.so.mipsel" ]]; then
-        download_file "libnvram.so.mipsel" "https://github.com/firmadyne/libnvram/releases/download/v1.0c/libnvram.so.mipsel" "external/firmadyne/binaries/libnvram.so.mipsel"
-      else
-        echo -e "$GREEN""libnvram.so.mipsel already installed""$NC"
-      fi
-
-      if ! [[ -f "external/firmadyne/scripts/fixImage_firmadyne.sh" ]]; then
-        download_file "fixImage.sh" "https://raw.githubusercontent.com/firmadyne/firmadyne/master/scripts/fixImage.sh" "external/firmadyne/scripts/fixImage_firmadyne.sh"
-      else
-        echo -e "$GREEN""firmadyne fixImage.sh already installed""$NC"
-      fi
-      if ! [[ -f "external/firmadyne/scripts/preInit_firmadyne.sh" ]]; then
-        download_file "preInit.sh" "https://raw.githubusercontent.com/firmadyne/firmadyne/master/scripts/preInit.sh" "external/firmadyne/scripts/preInit_firmadyne.sh"
-      else
-        echo -e "$GREEN""firmadyne preInit.sh already installed""$NC"
-      fi
+      download_file "vmlinux.mipsel.2" "https://github.com/pr0v3rbs/FirmAE_kernel-v2.6/releases/download/v1.0/vmlinux.mipsel.2" "external/firmae/binaries/vmlinux.mipsel.2"
+      download_file "vmlinux.mipseb.2" "https://github.com/pr0v3rbs/FirmAE_kernel-v2.6/releases/download/v1.0/vmlinux.mipseb.2" "external/firmae/binaries/vmlinux.mipseb.2"
+      download_file "vmlinux.mipsel.4" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.mipsel.4" "external/firmae/binaries/vmlinux.mipsel.4"
+      download_file "vmlinux.mipseb.4" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.mipseb.4" "external/firmae/binaries/vmlinux.mipseb.4"
+
+      download_file "zImage.armel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/zImage.armel" "external/firmae/binaries/zImage.armel"
+      download_file "vmlinux.armel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.armel" "external/firmae/binaries/vmlinux.armel"
+
+      download_file "busybox.armel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.armel" "external/firmae/binaries/busybox.armel"
+      download_file "busybox.mipseb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.mipseb" "external/firmae/binaries/busybox.mipseb"
+      download_file "busybox.mipsel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.mipsel" "external/firmae/binaries/busybox.mipsel"
+
+      download_file "console.armel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.armel" "external/firmae/binaries/console.armel"
+      download_file "console.mipseb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.mipseb" "external/firmae/binaries/console.mipseb"
+      download_file "console.mipsel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.mipsel" "external/firmae/binaries/console.mipsel"
+
+      download_file "libnvram.so.armel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.armel" "external/firmae/binaries/libnvram.so.armel"
+      download_file "libnvram.so.mipseb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.mipseb" "external/firmae/binaries/libnvram.so.mipseb"
+      download_file "libnvram.so.mipsel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.mipsel" "external/firmae/binaries/libnvram.so.mipsel"
+      download_file "libnvram_ioctl.so.armel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.armel" "external/firmae/binaries/libnvram_ioctl.so.armel"
+      download_file "libnvram_ioctl.so.mipseb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.mipseb" "external/firmae/binaries/libnvram_ioctl.so.mipseb"
+      download_file "libnvram_ioctl.so.mipsel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.mipsel" "external/firmae/binaries/libnvram_ioctl.so.mipsel"
+
+      download_file "fixImage.sh" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/fixImage.sh" "external/firmae/scripts/fixImage.sh"
+      download_file "preInit.sh" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/preInit.sh" "external/firmae/scripts/preInit.sh"
+      download_file "network.sh" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/network.sh" "external/firmae/scripts/network.sh"
+      download_file "inferNetwork.sh" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/inferNetwork.sh" "external/firmae/scripts/inferNetwork.sh"
+      download_file "run_service.sh" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/run_service.sh" "external/firmae/scripts/run_service.sh"
+      download_file "inferFile.sh" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/inferFile.sh" "external/firmae/scripts/inferFile.sh"
+
+      # patch inferFile.sh:
+      # shellcheck disable=SC2016
+      sed -i 's/for FILE in `${BUSYBOX} find \/ -name "preinitMT" -o -name "preinit" -o -name "rcS"`/for FILE in `${BUSYBOX} find \/ -name "preinitMT" -o -name "preinit" -o -name "rcS" -o -name "rc.sysinit"`/' external/firmae/scripts/inferFile.sh
 
       ;;
     esac
diff --git a/installer/IL15_emulated_checks_init.sh b/installer/IL15_emulated_checks_init.sh
index c83cbaca3..42e884373 100644
--- a/installer/IL15_emulated_checks_init.sh
+++ b/installer/IL15_emulated_checks_init.sh
@@ -59,6 +59,7 @@ IL15_emulated_checks_init() {
       fi
 
       python3 -m pip install -r requirements.txt
+      sed -i 's/routersploit\.log/\/tmp\/routersploit\.log/' ./rsf.py
 
       cd "$HOME_PATH" || exit 1
 
diff --git a/installer/IL20_firmae_system_emulator.sh b/installer/IL20_firmae_system_emulator.sh
deleted file mode 100644
index b9ec4ba9d..000000000
--- a/installer/IL20_firmae_system_emulator.sh
+++ /dev/null
@@ -1,112 +0,0 @@
-#!/bin/bash
-
-# EMBA - EMBEDDED LINUX ANALYZER
-#
-# Copyright 2020-2022 Siemens AG
-# Copyright 2020-2022 Siemens Energy AG
-#
-# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
-# welcome to redistribute it under the terms of the GNU General Public License.
-# See LICENSE file for usage of this software.
-#
-# EMBA is licensed under GPLv3
-#
-# Author(s): Michael Messner, Pascal Eckmann
-
-# Description:  Installs firmae / full system emulation
-
-IL20_firmae_system_emulator() {
-  module_title "${FUNCNAME[0]}"
-
-  if [[ "$LIST_DEP" -eq 1 ]] || [[ $IN_DOCKER -eq 1 ]] || [[ $DOCKER_SETUP -eq 0 ]] || [[ $FULL -eq 1 ]]; then
-    INSTALL_APP_LIST=()
-    cd "$HOME_PATH" || exit 1
-
-    print_tool_info "busybox-static" 1
-    print_tool_info "bash-static" 1
-    print_tool_info "fakeroot" 1
-    print_tool_info "git" 1
-    print_tool_info "dmsetup" 1
-    print_tool_info "kpartx" 1
-    print_tool_info "uml-utilities" 1
-    print_tool_info "util-linux" 1
-    print_tool_info "vlan" 1
-    print_tool_info "qemu-system-arm" 1
-    print_tool_info "qemu-system-mips" 1
-    print_tool_info "qemu-system-x86" 1
-    print_tool_info "qemu-utils" 1
-
-    print_file_info "vmlinux.mipsel.2" "FirmAE - Linux kernel 2.6 - MIPSel" "https://github.com/pr0v3rbs/FirmAE_kernel-v2.6/releases/download/v1.0/vmlinux.mipsel.2" "external/firmae/binaries/vmlinux.mipsel.2"
-    print_file_info "vmlinux.mipseb.2" "FirmAE - Linux kernel 2.6 - MIPSeb" "https://github.com/pr0v3rbs/FirmAE_kernel-v2.6/releases/download/v1.0/vmlinux.mipseb.2" "external/firmae/binaries/vmlinux.mipseb.2"
-    print_file_info "vmlinux.mipsel.4" "FirmAE - Linux kernel 4.1 - MIPSel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.mipsel.4" "external/firmae/binaries/vmlinux.mipsel.4"
-    print_file_info "vmlinux.mipseb.4" "FirmAE - Linux kernel 4.1 - MIPSeb" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.mipseb.4" "external/firmae/binaries/vmlinux.mipseb.4"
-
-    print_file_info "zImage.armel" "FirmAE - Linux kernel 4.1 - ARMel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/zImage.armel" "external/firmae/binaries/zImage.armel"
-    print_file_info "vmlinux.armel" "FirmAE - Linux kernel 4.1 - ARMel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.armel" "external/firmae/binaries/vmlinux.armel"
-
-    print_file_info "busybox.armel" "FirmAE - busybox - ARMel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.armel" "external/firmae/binaries/console.armel"
-    print_file_info "busybox.mipseb" "FirmAE - busybox - MIPSeb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.mipseb" "external/firmae/binaries/console.mipseb"
-    print_file_info "busybox.mipsel" "FirmAE - busybox - MIPSel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.mipsel" "external/firmae/binaries/console.mipsel"
-
-    print_file_info "console.armel" "FirmAE - Console - ARMel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.armel" "external/firmae/binaries/console.armel"
-    print_file_info "console.mipseb" "FirmAE - Console - MIPSeb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.mipseb" "external/firmae/binaries/console.mipseb"
-    print_file_info "console.mipsel" "FirmAE - Console - MIPSel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.mipsel" "external/firmae/binaries/console.mipsel"
-
-    print_file_info "libnvram.so.armel" "FirmAE - libnvram - ARMel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.armel" "external/firmae/binaries/libnvram.so.armel"
-    print_file_info "libnvram.so.mipseb" "FirmAE - libnvram - MIPSeb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.mipseb" "external/firmae/binaries/libnvram.so.mipseb"
-    print_file_info "libnvram.so.mipsel" "FirmAE - libnvram - MIPSel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.mipsel" "external/firmae/binaries/libnvram.so.mipsel"
-    print_file_info "libnvram_ioctl.so.armel" "FirmAE - libnvram_ioctl - ARMel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.armel" "external/firmae/binaries/libnvram_ioctl.so.armel"
-    print_file_info "libnvram_ioctl.so.mipseb" "FirmAE - libnvram_ioctl - MIPSeb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.mipseb" "external/firmae/binaries/libnvram_ioctl.so.mipseb"
-    print_file_info "libnvram_ioctl.so.mipsel" "FirmAE - libnvram_ioctl - MIPSel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.mipsel" "external/firmae/binaries/libnvram_ioctl.so.mipsel"
-
-    print_file_info "fixImage.sh" "FirmAE fixImage script" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/fixImage.sh" "external/firmae/scripts/"
-    print_file_info "preInit.sh" "FirmAE preInit script" "https://github.com/pr0v3rbs/FirmAE/blob/master/scripts/preInit.sh" "external/firmae/scripts/"
-    print_file_info "network.sh" "FirmAE preInit script" "https://github.com/pr0v3rbs/FirmAE/blob/master/scripts/network.sh" "external/firmae/scripts/"
-
-    if [[ "$LIST_DEP" -eq 1 ]] || [[ $DOCKER_SETUP -eq 1 ]] ; then
-      ANSWER=("n")
-    else
-      echo -e "\\n""$MAGENTA""$BOLD""The firmae dependencies (if not already on the system) will be downloaded and installed!""$NC"
-      ANSWER=("y")
-    fi
-
-    case ${ANSWER:0:1} in
-      y|Y )
-
-      mkdir -p external/firmae/binaries
-      mkdir -p external/firmae/scripts
-
-      apt-get install "${INSTALL_APP_LIST[@]}" -y
-
-      download_file "vmlinux.mipsel.2" "https://github.com/pr0v3rbs/FirmAE_kernel-v2.6/releases/download/v1.0/vmlinux.mipsel.2" "external/firmae/binaries/vmlinux.mipsel.2"
-      download_file "vmlinux.mipseb.2" "https://github.com/pr0v3rbs/FirmAE_kernel-v2.6/releases/download/v1.0/vmlinux.mipseb.2" "external/firmae/binaries/vmlinux.mipseb.2"
-      download_file "vmlinux.mipsel.4" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.mipsel.4" "external/firmae/binaries/vmlinux.mipsel.4"
-      download_file "vmlinux.mipseb.4" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.mipseb.4" "external/firmae/binaries/vmlinux.mipseb.4"
-
-      download_file "zImage.armel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/zImage.armel" "external/firmae/binaries/zImage.armel"
-      download_file "vmlinux.armel" "https://github.com/pr0v3rbs/FirmAE_kernel-v4.1/releases/download/v1.0/vmlinux.armel" "external/firmae/binaries/vmlinux.armel"
-
-      download_file "busybox.armel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.armel" "external/firmae/binaries/console.armel"
-      download_file "busybox.mipseb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.mipseb" "external/firmae/binaries/console.mipseb"
-      download_file "busybox.mipsel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/busybox.mipsel" "external/firmae/binaries/console.mipsel"
-
-      download_file "console.armel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.armel" "external/firmae/binaries/console.armel"
-      download_file "console.mipseb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.mipseb" "external/firmae/binaries/console.mipseb"
-      download_file "console.mipsel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/console.mipsel" "external/firmae/binaries/console.mipsel"
-
-      download_file "libnvram.so.armel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.armel" "external/firmae/binaries/libnvram.so.armel"
-      download_file "libnvram.so.mipseb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.mipseb" "external/firmae/binaries/libnvram.so.mipseb"
-      download_file "libnvram.so.mipsel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram.so.mipsel" "external/firmae/binaries/libnvram.so.mipsel"
-      download_file "libnvram_ioctl.so.armel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.armel" "external/firmae/binaries/libnvram_ioctl.so.armel"
-      download_file "libnvram_ioctl.so.mipseb" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.mipseb" "external/firmae/binaries/libnvram_ioctl.so.mipseb"
-      download_file "libnvram_ioctl.so.mipsel" "https://github.com/pr0v3rbs/FirmAE/releases/download/v1.0/libnvram_ioctl.so.mipsel" "external/firmae/binaries/libnvram_ioctl.so.mipsel"
-
-      download_file "fixImage.sh" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/fixImage.sh" "external/firmae/scripts/fixImage.sh"
-      download_file "preInit.sh" "https://github.com/pr0v3rbs/FirmAE/blob/master/scripts/preInit.sh" "external/firmae/scripts/preInit.sh"
-      download_file "network.sh" "https://raw.githubusercontent.com/pr0v3rbs/FirmAE/master/scripts/network.sh" "external/firmae/scripts/network.sh"
-
-      ;;
-    esac
-  fi
-}
-
diff --git a/installer/IL21_firmae_system_emulator.sh b/installer/IL21_firmae_system_emulator.sh
new file mode 100644
index 000000000..03f9436e2
--- /dev/null
+++ b/installer/IL21_firmae_system_emulator.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2022 Siemens AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+
+# Description:  Installs FirmAE full system emulation
+#               This is a temporary module which will be removed in the future without any further note!
+
+IL21_firmae_system_emulator() {
+  module_title "${FUNCNAME[0]}"
+
+  if [[ "$LIST_DEP" -eq 1 ]] || [[ $IN_DOCKER -eq 1 ]] || [[ $DOCKER_SETUP -eq 0 ]] || [[ $FULL -eq 1 ]]; then
+    cd "$HOME_PATH" || exit 1
+
+    print_tool_info "xdg-utils" 1
+    print_tool_info "fonts-liberation" 1
+    print_tool_info "openjdk-11-jdk" 1
+
+    print_git_info "FirmAE system mode emulator" "pr0v3rbs/FirmAE" "FirmAE is a fully-automated framework that performs emulation and vulnerability analysis."
+
+    echo -e "\\n""$MAGENTA""$BOLD""This is a temporary module which will be removed in the future without any further note!""$NC"
+
+    if [[ "$LIST_DEP" -eq 1 ]] || [[ $DOCKER_SETUP -eq 1 ]] ; then
+      ANSWER=("n")
+    else
+      echo -e "\\n""$MAGENTA""$BOLD""The FirmAE system emulation dependencies (if not already on the system) will be downloaded and installed!""$NC"
+      ANSWER=("y")
+    fi
+
+    case ${ANSWER:0:1} in
+      y|Y )
+
+        apt-get install "${INSTALL_APP_LIST[@]}" -y
+
+        if ! [[ -d external/FirmAE_orig ]]; then
+          git clone --recursive https://github.com/pr0v3rbs/FirmAE.git external/FirmAE_orig
+          cd external/FirmAE_orig || exit 1
+        else
+          cd external/FirmAE_orig || exit 1
+          git pull
+        fi
+
+        ./download.sh
+        ./install.sh
+        ./init.sh
+
+        /etc/init.d/postgresql stop
+
+        cd "$HOME_PATH" || exit 1
+
+      ;;
+    esac
+  fi
+}
+
diff --git a/installer/IL22_firmadyne_system_emulator.sh b/installer/IL22_firmadyne_system_emulator.sh
new file mode 100644
index 000000000..2f6c0fe86
--- /dev/null
+++ b/installer/IL22_firmadyne_system_emulator.sh
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2022 Siemens AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+
+# Description:  Installs firmadyne full system emulation
+#               This is a temporary module which will be removed in the future without any further note!
+
+IL22_firmadyne_system_emulator() {
+  module_title "${FUNCNAME[0]}"
+
+  if [[ "$LIST_DEP" -eq 1 ]] || [[ $IN_DOCKER -eq 1 ]] || [[ $DOCKER_SETUP -eq 0 ]] || [[ $FULL -eq 1 ]]; then
+    cd "$HOME_PATH" || exit 1
+
+    print_tool_info "busybox-static" 1
+    print_tool_info "fakeroot" 1
+    print_tool_info "git" 1
+    print_tool_info "dmsetup" 1
+    print_tool_info "kpartx" 1
+    print_tool_info "netcat-openbsd" 1
+    print_tool_info "nmap" 1
+    print_tool_info "python3-psycopg2" 1
+    print_tool_info "snmp" 1
+    print_tool_info "uml-utilities" 1
+    print_tool_info "util-linux" 1
+    print_tool_info "vlan" 1
+    print_tool_info "qemu-system-arm" 1
+    print_tool_info "qemu-system-mips" 1
+    print_tool_info "qemu-system-x86" 1
+    print_tool_info "qemu-utils" 1
+
+    print_git_info "Firmadyne system mode emulator" "firmadyne/firmadyne" "FIRMADYNE is an automated and scalable system for performing emulation and dynamic analysis of Linux-based embedded firmware"
+    echo -e "\\n""$MAGENTA""$BOLD""This is a temporary module which will be removed in the future without any further note!""$NC"
+
+
+    if [[ "$LIST_DEP" -eq 1 ]] || [[ $DOCKER_SETUP -eq 1 ]] ; then
+      ANSWER=("n")
+    else
+      echo -e "\\n""$MAGENTA""$BOLD""The firmadyne system emulation dependencies (if not already on the system) will be downloaded and installed!""$NC"
+      ANSWER=("y")
+    fi
+
+    case ${ANSWER:0:1} in
+      y|Y )
+
+        apt-get install "${INSTALL_APP_LIST[@]}" -y
+
+        if ! [[ -d external/firmadyne_orig ]]; then
+          git clone --recursive https://github.com/firmadyne/firmadyne.git external/firmadyne_orig
+          cd external/firmadyne_orig || exit 1
+        else
+          cd external/firmadyne_orig || exit 1
+          git pull
+        fi
+
+        # this is already done via IL21 installer
+        #apt-get install postgresql
+        #sudo -u postgres createuser -P firmadyne
+        #sudo -u postgres createdb -O firmadyne firmware
+        # shellcheck disable=SC2024
+        #sudo -u postgres psql -d firmware < ./firmadyne/database/schema
+
+        # as we are currently using the old binwalk version, we need to downgrade the extractor:
+        wget https://raw.githubusercontent.com/firmadyne/extractor/6e05a6a8e5d553da70e27c2a653a40f992378557/extractor.py -O ./extractor/extractor.py
+
+        sed -i "s/^#FIRMWARE_DIR.*/FIRMWARE_DIR=$(pwd)/g" firmadyne.config
+
+        ./download.sh
+
+        cd "$HOME_PATH" || exit 1
+
+      ;;
+    esac
+  fi
+}
+
diff --git a/installer/IP00_extractors.sh b/installer/IP00_extractors.sh
new file mode 100644
index 000000000..6515535d0
--- /dev/null
+++ b/installer/IP00_extractors.sh
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2022 Siemens AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+
+# Description:  Installs basic extractor tools
+
+IP00_extractors(){
+  module_title "${FUNCNAME[0]}"
+
+  if [[ "$LIST_DEP" -eq 1 ]] || [[ $IN_DOCKER -eq 1 ]] || [[ $DOCKER_SETUP -eq 0 ]] || [[ $FULL -eq 1 ]] ; then
+
+    print_tool_info "python3-pip" 1
+    print_tool_info "patool" 1
+    print_pip_info "protobuf"
+    print_pip_info "bsdiff4"
+    print_git_info "payload_dumper" "vm03/payload_dumper" "Android OTA payload.bin extractor"
+  
+    if [[ "$LIST_DEP" -eq 1 ]] || [[ $DOCKER_SETUP -eq 1 ]] ; then
+      ANSWER=("n")
+    else
+      echo -e "\\n""$MAGENTA""$BOLD""These applications will be installed/updated!""$NC"
+      ANSWER=("y")
+    fi
+
+    case ${ANSWER:0:1} in
+      y|Y )
+        echo
+
+        apt-get install "${INSTALL_APP_LIST[@]}" -y
+        pip3 install protobuf
+        pip3 install bsdiff4
+
+        if ! [[ -d external/payload_dumper ]]; then
+          git clone https://github.com/vm03/payload_dumper.git external/payload_dumper
+        else
+          cd external/payload_dumper || exit 1 
+          git pull
+          cd "$HOME_PATH" || exit 1
+        fi
+      ;;
+    esac
+  fi
+}
diff --git a/installer/IP60_fact_extractor.sh b/installer/IP60_fact_extractor.sh
index 44d2f6044..4ae73d6b4 100644
--- a/installer/IP60_fact_extractor.sh
+++ b/installer/IP60_fact_extractor.sh
@@ -15,6 +15,7 @@
 # Contributor(s): Stefan Haboeck, Nikolas Papaioannou
 
 # Description:  Installs FACT-extractor for EMBA
+#               FACT will be completely removed in the future
 
 IP60_fact_extractor() {
   module_title "${FUNCNAME[0]}"
@@ -33,11 +34,44 @@ IP60_fact_extractor() {
     case ${ANSWER:0:1} in
       y|Y )
         if ! [[ -d ./external/fact_extractor ]]; then
-          # this is a temporary solution until the official fact repo supports a current kali linux
+
+          # Note: This is a temporary solution until the official FACT repo supports a current kali linux
+          # Note: This is a temporary solution as long as the installation via pip does not work
+          apt-get install curl
+
+          cd "$HOME_PATH" || exit 1
+
+          # get the FACT base repository:
           git clone https://github.com/m-1-k-3/fact_extractor.git external/fact_extractor
-          cd ./external/fact_extractor/fact_extractor/ || exit 1
+          cd external/fact_extractor/ || exit 1
+
+          # for entropython we need rust:
+          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > rustup
+          chmod +x rustup
+          ./rustup -y
+
+          # entropython is currently not available via pip:
+          git clone https://github.com/fkie-cad/entropython.git
+          cd entropython || exit 1
+
+          /root/.cargo/bin/cargo build --release
+          mv target/release/libentropython.so entropython.so
+          cp entropython.so /usr/local/lib/python3.10/dist-packages/
+          cd .. || exit 1
+
+          # now it is possible to build conmmon_helper_unpacking_classifier (without entropython - which is already installed):
+          git clone https://github.com/fkie-cad/common_helper_unpacking_classifier.git
+          cd common_helper_unpacking_classifier/ || exit 1
+          sed -i "s/'entropython/#'entropython/" setup.py
+          pip install .
+
+          cd "$HOME_PATH" || exit 1
+          cd external/fact_extractor/fact_extractor/ || exit 1
           ./install/pre_install.sh
           python3 ./install.py
+          cd .. || exit 1
+          rm rustup
+
           cd "$HOME_PATH" || exit 1
         fi
   
diff --git a/modules/F20_vul_aggregator.sh b/modules/F20_vul_aggregator.sh
index c92b30321..b85576736 100755
--- a/modules/F20_vul_aggregator.sh
+++ b/modules/F20_vul_aggregator.sh
@@ -2,8 +2,8 @@
 
 # EMBA - EMBEDDED LINUX ANALYZER
 #
-# Copyright 2020 Siemens Energy AG
-# Copyright 2020 Siemens AG
+# Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2022 Siemens AG
 #
 # EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.
@@ -46,6 +46,9 @@ F20_vul_aggregator() {
 
   CVE_MINIMAL_LOG="$LOG_PATH_MODULE"/CVE_minimal.txt
   EXPLOIT_OVERVIEW_LOG="$LOG_PATH_MODULE"/exploits-overview.txt
+  if ! [[ -f "$KNOWN_EXP_CSV" ]]; then
+    KNOWN_EXP_CSV="$EXT_DIR"/known_exploited_vulnerabilities.csv
+  fi
 
   if [[ -f $PATH_CVE_SEARCH ]]; then
     print_output "[*] Aggregate vulnerability details"
@@ -269,9 +272,22 @@ generate_special_log() {
       fi
     done
 
+    if [[ -f "$LOG_PATH_MODULE"/exploit/known_exploited_vulns.log ]]; then
+      mapfile -t KNOWN_EXPLOITED_VULNS < <(grep -E "known exploited" "$LOG_PATH_MODULE"/exploit/known_exploited_vulns.log || true 2>/dev/null)
+      if [[ -v KNOWN_EXPLOITED_VULNS[@] ]]; then
+        print_output ""
+        print_output "[*] Vulnerability summary on known exploited vulnerabilities stored in $LOG_PATH_MODULE/exploit/known_exploited_vulns.log.\\n"
+        for KNOWN_EXPLOITED_VULN in "${KNOWN_EXPLOITED_VULNS[@]}"; do
+          print_output "$KNOWN_EXPLOITED_VULN"
+        done
+        print_output ""
+      fi
+    fi
+
     echo "$EXPLOIT_HIGH" > "$TMP_DIR"/EXPLOIT_HIGH_COUNTER.tmp
     echo "$EXPLOIT_MEDIUM" > "$TMP_DIR"/EXPLOIT_MEDIUM_COUNTER.tmp
     echo "$EXPLOIT_LOW" > "$TMP_DIR"/EXPLOIT_LOW_COUNTER.tmp
+    echo "${#KNOWN_EXPLOITED_VULNS[@]}" > "$TMP_DIR"/KNOWN_EXPLOITED_COUNTER.tmp
   fi
 }
 
@@ -360,10 +376,20 @@ cve_extractor() {
     for CVE_OUTPUT in "${CVEs_OUTPUT[@]}"; do
       ((CVE_COUNTER+=1))
       ((CVE_COUNTER_VERSION+=1))
+      KNOWN_EXPLOITED=0
       #extract the CVSS and CVE value (remove all spaces and tabs)
       CVSS_VALUE=$(echo "$CVE_OUTPUT" | cut -d: -f3 | sed -e 's/\t//g' | sed -e 's/\ \+//g')
       CVE_VALUE=$(echo "$CVE_OUTPUT" | cut -d: -f2 | sed -e 's/\t//g' | sed -e 's/\ \+//g')
 
+      # check if the CVE is known as a knwon exploited vulnerability:
+      if [[ -f "$KNOWN_EXP_CSV" ]]; then
+        if grep -q "${CVE_VALUE}," "$KNOWN_EXP_CSV"; then
+          print_output "[+] ${ORANGE}WARNING:$GREEN Vulnerability $ORANGE$CVE_VALUE$GREEN is a known exploited vulnerability."
+          echo -e "[+] ${ORANGE}WARNING:$GREEN Vulnerability $ORANGE$CVE_VALUE$GREEN is a known exploited vulnerability." >> "$LOG_PATH_MODULE"/exploit/known_exploited_vulns.log
+          KNOWN_EXPLOITED=1
+        fi
+      fi
+
       # default value
       EXPLOIT="No exploit available"
 
@@ -545,6 +571,10 @@ cve_extractor() {
         fi
       fi
 
+      if [[ $KNOWN_EXPLOITED -eq 1 ]]; then
+        EXPLOIT="$EXPLOIT"" (X)"
+      fi
+
       if [[ $EDB -eq 1 ]]; then
         EXPLOIT="$EXPLOIT"")"
       fi
@@ -554,21 +584,21 @@ cve_extractor() {
       #VERSION=$(echo "$CVE_OUTPUT" | cut -d: -f2- | sed -e 's/\t//g' | sed -e 's/\ \+//g' | sed -e 's/:CVE-[0-9].*//')
       # we do not deal with output formatting the usual way -> we use printf
       if (( $(echo "$CVSS_VALUE > 6.9" | bc -l) )); then
-        if [[ "$EXPLOIT" == *MSF* || "$EXPLOIT" == *EDB\ ID* || "$EXPLOIT" == *linux-exploit-suggester* || "$EXPLOIT" == *Routersploit* || "$EXPLOIT" == *Github* ]]; then
+        if [[ "$EXPLOIT" == *MSF* || "$EXPLOIT" == *EDB\ ID* || "$EXPLOIT" == *linux-exploit-suggester* || "$EXPLOIT" == *Routersploit* || "$EXPLOIT" == *Github* || "$KNOWN_EXPLOITED" -eq 1 ]]; then
           printf "${MAGENTA}\t%-20.20s\t:\t%-15.15s\t:\t%-15.15s\t:\t%-8.8s:\t%s${NC}\n" "$BINARY" "$VERSION" "$CVE_VALUE" "$CVSS_VALUE" "$EXPLOIT" >> "$LOG_PATH_MODULE"/cve_sum/"$AGG_LOG_FILE"
         else
           printf "${RED}\t%-20.20s\t:\t%-15.15s\t:\t%-15.15s\t:\t%-8.8s:\t%s${NC}\n" "$BINARY" "$VERSION" "$CVE_VALUE" "$CVSS_VALUE" "$EXPLOIT" >> "$LOG_PATH_MODULE"/cve_sum/"$AGG_LOG_FILE"
         fi
         ((HIGH_CVE_COUNTER+=1))
       elif (( $(echo "$CVSS_VALUE > 3.9" | bc -l) )); then
-        if [[ "$EXPLOIT" == *MSF* || "$EXPLOIT" == *EDB\ ID* || "$EXPLOIT" == *linux-exploit-suggester* || "$EXPLOIT" == *Routersploit* || "$EXPLOIT" == *Github* ]]; then
+        if [[ "$EXPLOIT" == *MSF* || "$EXPLOIT" == *EDB\ ID* || "$EXPLOIT" == *linux-exploit-suggester* || "$EXPLOIT" == *Routersploit* || "$EXPLOIT" == *Github* || "$KNOWN_EXPLOITED" -eq 1 ]]; then
           printf "${MAGENTA}\t%-20.20s\t:\t%-15.15s\t:\t%-15.15s\t:\t%-8.8s:\t%s${NC}\n" "$BINARY" "$VERSION" "$CVE_VALUE" "$CVSS_VALUE" "$EXPLOIT" >> "$LOG_PATH_MODULE"/cve_sum/"$AGG_LOG_FILE"
         else
           printf "${ORANGE}\t%-20.20s\t:\t%-15.15s\t:\t%-15.15s\t:\t%-8.8s:\t%s${NC}\n" "$BINARY" "$VERSION" "$CVE_VALUE" "$CVSS_VALUE" "$EXPLOIT" >> "$LOG_PATH_MODULE"/cve_sum/"$AGG_LOG_FILE"
         fi
         ((MEDIUM_CVE_COUNTER+=1))
       else
-        if [[ "$EXPLOIT" == *MSF* || "$EXPLOIT" == *EDB\ ID* || "$EXPLOIT" == *linux-exploit-suggester* || "$EXPLOIT" == *Routersploit* || "$EXPLOIT" == *Github* ]]; then
+        if [[ "$EXPLOIT" == *MSF* || "$EXPLOIT" == *EDB\ ID* || "$EXPLOIT" == *linux-exploit-suggester* || "$EXPLOIT" == *Routersploit* || "$EXPLOIT" == *Github* || "$KNOWN_EXPLOITED" -eq 1 ]]; then
           printf "${MAGENTA}\t%-20.20s\t:\t%-15.15s\t:\t%-15.15s\t:\t%-8.8s:\t%s${NC}\n" "$BINARY" "$VERSION" "$CVE_VALUE" "$CVSS_VALUE" "$EXPLOIT" >> "$LOG_PATH_MODULE"/cve_sum/"$AGG_LOG_FILE"
         else
           printf "${GREEN}\t%-20.20s\t:\t%-15.15s\t:\t%-15.15s\t:\t%-8.8s:\t%s${NC}\n" "$BINARY" "$VERSION" "$CVE_VALUE" "$CVSS_VALUE" "$EXPLOIT" >> "$LOG_PATH_MODULE"/cve_sum/"$AGG_LOG_FILE"
@@ -617,7 +647,7 @@ cve_extractor() {
     if ! [[ -f "$LOG_PATH_MODULE"/overview.csv ]]; then
       echo "BINARY;VERSION;Number of CVEs;Number of EXPLOITS" >> "$LOG_PATH_MODULE"/overview.csv
     fi
-    if [[ "$EXPLOIT_COUNTER_VERSION" -gt 0 ]]; then
+    if [[ "$EXPLOIT_COUNTER_VERSION" -gt 0 || "$KNOWN_EXPLOITED" -eq 1 ]]; then
       printf "[${MAGENTA}+${NC}]${MAGENTA} Found version details: \t%-20.20s\t:\t%-15.15s\t:\tCVEs: %-8.8s\t:\tExploits: %-8.8s${NC}\n" "$BINARY" "$VERSION" "$CVEs" "$EXPLOITS" >> "$LOG_PATH_MODULE"/overview.txt
       echo "$BINARY;$VERSION;$CVEs;$EXPLOITS" >> "$LOG_PATH_MODULE"/overview.csv
     else
diff --git a/modules/F50_base_aggregator.sh b/modules/F50_base_aggregator.sh
index 4265b3a2e..a78cffb75 100755
--- a/modules/F50_base_aggregator.sh
+++ b/modules/F50_base_aggregator.sh
@@ -42,7 +42,7 @@ F50_base_aggregator() {
   S85_LOG="s85_ssh_check.txt"
   S95_LOG="s95_interesting_binaries_check.txt"
   S107_LOG="s107_deep_password_search.txt"
-  S108_LOG="s108_linux_common_file_checker.txt"
+  S108_LOG="s108_stacs_password_search.txt"
   S110_LOG="s110_yara_check.txt"
   S120_LOG="s120_cwe_checker.txt"
   L10_LOG="l10_system_emulator.txt"
@@ -214,7 +214,7 @@ output_details() {
 output_config_issues() {
 
   local DATA=0
-  if [[ "${PW_COUNTER-0}" -gt 0 || "${S85_SSH_VUL_CNT-0}" -gt 0 || "${FILE_COUNTER-0}" -gt 0 || "${INT_COUNT-0}" -gt 0 || "${POST_COUNT-0}" -gt 0 || "${MOD_DATA_COUNTER-0}" -gt 0 || "${S40_WEAK_PERM_COUNTER-0}" -gt 0 || "${S55_HISTORY_COUNTER-0}" -gt 0 || "${S50_AUTH_ISSUES-0}" -gt 0 || "${PASS_FILES_FOUND-0}" -gt 0 || "${CERT_CNT-0}" -gt 0 ]]; then
+  if [[ "${PW_COUNTER-0}" -gt 0 || "${S85_SSH_VUL_CNT-0}" -gt 0 || "${STACS_HASHES-0}" -gt 0 || "${INT_COUNT-0}" -gt 0 || "${POST_COUNT-0}" -gt 0 || "${MOD_DATA_COUNTER-0}" -gt 0 || "${S40_WEAK_PERM_COUNTER-0}" -gt 0 || "${S55_HISTORY_COUNTER-0}" -gt 0 || "${S50_AUTH_ISSUES-0}" -gt 0 || "${PASS_FILES_FOUND-0}" -gt 0 || "${CERT_CNT-0}" -gt 0 ]]; then
     print_output "[+] Found the following configuration issues:"
     if [[ "${S40_WEAK_PERM_COUNTER-0}" -gt 0 ]]; then
       print_output "$(indent "$(green "Found $ORANGE$S40_WEAK_PERM_COUNTER$GREEN areas with weak permissions.")")"
@@ -240,10 +240,17 @@ output_config_issues() {
       echo "ssh_issues;\"$S85_SSH_VUL_CNT\"" >> "$CSV_LOG_FILE"
       DATA=1
     fi
-    if [[ "${PW_COUNTER-0}" -gt 0 ]]; then
-      print_output "$(indent "$(green "Found $ORANGE$PW_COUNTER$GREEN password hashes.")")"
-      write_link "s107"
-      echo "password_hashes;\"$PW_COUNTER\"" >> "$CSV_LOG_FILE"
+    if [[ "${PW_COUNTER-0}" -gt 0 || "${STACS_HASHES-0}" -gt 0 ]]; then
+      if [[ "${PW_COUNTER-0}" -gt 0 ]]; then
+        print_output "$(indent "$(green "Found $ORANGE$PW_COUNTER$GREEN password related details.")")"
+        write_link "s107"
+        echo "password_hashes;\"$PW_COUNTER\"" >> "$CSV_LOG_FILE"
+      fi
+      if [[ "${STACS_HASHES-0}" -gt 0 ]]; then
+        print_output "$(indent "$(green "Found $ORANGE$STACS_HASHES$GREEN password related details via STACS.")")"
+        write_link "s108"
+        echo "password_hashes_stacs;\"$STACS_HASHES\"" >> "$CSV_LOG_FILE"
+      fi
       DATA=1
     fi
     if [[ "${CERT_CNT-0}" -gt 0 ]]; then
@@ -260,11 +267,6 @@ output_config_issues() {
       echo "kernel_modules_lic;\"$KMOD_BAD\"" >> "$CSV_LOG_FILE"
       DATA=1
     fi
-    if [[ "${FILE_COUNTER-0}" -gt 0 ]]; then
-      print_output "$(indent "$(green "Found $ORANGE$FILE_COUNTER$GREEN not common Linux files with $ORANGE$FILE_COUNTER_ALL$GREEN files at all.")")"
-      write_link "s11"
-      DATA=1
-    fi
     if [[ "${INT_COUNT-0}" -gt 0 || "${POST_COUNT-0}" -gt 0 ]]; then
       print_output "$(indent "$(green "Found $ORANGE${INT_COUNT}$GREEN interesting files and $ORANGE${POST_COUNT-0}$GREEN files that could be useful for post-exploitation.")")"
       write_link "s95"
@@ -532,12 +534,13 @@ output_cve_exploits() {
         print_output "$(indent "$(green "$MAGENTA$BOLD$EXPLOIT_COUNTER$NC$GREEN possible exploits available.")")"
         write_link "f20#minimalreportofexploitsandcves"
       fi
-      if [[ "$REMOTE_EXPLOIT_CNT" -gt 0 || "$LOCAL_EXPLOIT_CNT" -gt 0 || "$DOS_EXPLOIT_CNT" -gt 0 || "$GITHUB_EXPLOIT_CNT" -gt 0 ]]; then
-        print_output "$(indent "$(green "Remote exploits: $MAGENTA$BOLD$REMOTE_EXPLOIT_CNT$NC$GREEN / Local exploits: $MAGENTA$BOLD$LOCAL_EXPLOIT_CNT$NC$GREEN / DoS exploits: $MAGENTA$BOLD$DOS_EXPLOIT_CNT$NC$GREEN / Github PoCs: $MAGENTA$BOLD$GITHUB_EXPLOIT_CNT$NC$GREEN")")"
+      if [[ "$REMOTE_EXPLOIT_CNT" -gt 0 || "$LOCAL_EXPLOIT_CNT" -gt 0 || "$DOS_EXPLOIT_CNT" -gt 0 || "$GITHUB_EXPLOIT_CNT" -gt 0 || "$KNOWN_EXPLOITED_COUNTER" -gt 0 ]]; then
+        print_output "$(indent "$(green "Remote exploits: $MAGENTA$BOLD$REMOTE_EXPLOIT_CNT$NC$GREEN / Local exploits: $MAGENTA$BOLD$LOCAL_EXPLOIT_CNT$NC$GREEN / DoS exploits: $MAGENTA$BOLD$DOS_EXPLOIT_CNT$NC$GREEN / Github PoCs: $MAGENTA$BOLD$GITHUB_EXPLOIT_CNT$NC$GREEN / Known exploited exploits: $MAGENTA$BOLD$KNOWN_EXPLOITED_COUNTER$NC")")"
         write_csv_log "remote_exploits" "$REMOTE_EXPLOIT_CNT"
         write_csv_log "local_exploits" "$LOCAL_EXPLOIT_CNT"
         write_csv_log "dos_exploits" "$DOS_EXPLOIT_CNT"
         write_csv_log "github_exploits" "$GITHUB_EXPLOIT_CNT"
+        write_csv_log "known_exploited" "$KNOWN_EXPLOITED_COUNTER"
       fi
       # we report only software components with exploits to csv:
       grep "Found version details" "$LOG_DIR/f20_vul_aggregator/overview.txt" 2>/dev/null | sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2})?)?[mGK]//g" | tr -d "\[\+\]" | grep -v "CVEs: 0" | sed -e 's/Found version details:/version_details:/' |sed -e 's/[[:blank:]]//g' | sed -e 's/:/;/g' >> "$CSV_LOG_FILE" || true
@@ -561,6 +564,7 @@ get_data() {
   MSF_MODULE_CNT=0
   INT_COUNT=0
   POST_COUNT=0
+  KNOWN_EXPLOITED_COUNTER=0
 
   if [[ -f "$LOG_DIR"/"$P02_LOG" ]]; then
     ENTROPY=$(grep -a "Entropy" "$LOG_DIR"/"$P02_LOG" | cut -d= -f2 | sed 's/^\ //' || true)
@@ -641,8 +645,7 @@ get_data() {
     PW_COUNTER=$(grep -a "\[\*\]\ Statistics:" "$LOG_DIR"/"$S107_LOG" | cut -d: -f2 || true)
   fi
   if [[ -f "$LOG_DIR"/"$S108_LOG" ]]; then
-    FILE_COUNTER=$(grep -a "\[\*\]\ Statistics:" "$LOG_DIR"/"$S108_LOG" | cut -d: -f2 || true)
-    FILE_COUNTER_ALL=$(grep -a "\[\*\]\ Statistics:" "$LOG_DIR"/"$S108_LOG" | cut -d: -f3 || true)
+    STACS_HASHES=$(grep -a "\[\*\]\ Statistics:" "$LOG_DIR"/"$S108_LOG" | cut -d: -f2 || true)
   fi
   if [[ -f "$LOG_DIR"/"$S110_LOG" ]]; then
     YARA_CNT=$(grep -a "\[\*\]\ Statistics:" "$LOG_DIR"/"$S110_LOG" | cut -d: -f2 || true)
@@ -682,6 +685,9 @@ get_data() {
     done < "$TMP_DIR"/LOW_CVE_COUNTER.tmp
     (( CVE_COUNTER="$CVE_COUNTER"+"$LOW_CVE_COUNTER" ))
   fi
+  if [[ -f "$TMP_DIR"/KNOWN_EXPLOITED_COUNTER.tmp ]]; then
+    KNOWN_EXPLOITED_COUNTER=$(cat "$TMP_DIR"/KNOWN_EXPLOITED_COUNTER.tmp)
+  fi
   if [[ -f "$F20_EXPLOITS_LOG" ]]; then
     EXPLOIT_COUNTER="$(grep -c -E "Exploit\ .*" "$F20_EXPLOITS_LOG" || true)"
     MSF_MODULE_CNT="$(grep -c -E "Exploit\ .*MSF" "$F20_EXPLOITS_LOG" || true)"
diff --git a/modules/L10_system_emulator.sh b/modules/L10_system_emulator.sh
deleted file mode 100755
index 1ad165f9d..000000000
--- a/modules/L10_system_emulator.sh
+++ /dev/null
@@ -1,615 +0,0 @@
-#!/bin/bash
-
-# EMBA - EMBEDDED LINUX ANALYZER
-#
-# Copyright 2020-2022 Siemens Energy AG
-# Copyright 2020-2022 Siemens AG
-#
-# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
-# welcome to redistribute it under the terms of the GNU General Public License.
-# See LICENSE file for usage of this software.
-#
-# EMBA is licensed under GPLv3
-#
-# Author(s): Michael Messner, Pascal Eckmann
-
-# Description:  Builds and emulates Linux firmware - this module is based on the great work of firmadyne
-#               Check out the original firmadyne project at https://github.com/firmadyne
-#               Currently this is an experimental module and needs to be activated separately via the -Q switch. 
-# Warning:      This module changes your network configuration and it could happen that your system looses
-#               network connectivity.
-
-# Threading priority - if set to 1, these modules will be executed first
-export THREAD_PRIO=0
-
-L10_system_emulator() {
-  module_log_init "${FUNCNAME[0]}"
-  module_title "System emulation of Linux based embedded devices with firmadyne."
-
-  SYS_ONLINE=0
-  BOOTED=0
-  MODULE_END=0
-  IPS=()
-
-  if [[ "$FULL_EMULATION" -eq 1 && "$RTOS" -eq 0 ]]; then
-    pre_module_reporter "${FUNCNAME[0]}"
-
-    export FIRMADYNE_DIR="$EXT_DIR""/firmadyne"
-
-    print_output "[*] This module creates a full copy of the firmware filesystem in the log directory $LOG_DIR.\\n"
-
-    if [[ "$ARCH" == "MIPS" || "$ARCH" == "ARM" ]]; then
-
-      export BINARY_DIR="$FIRMADYNE_DIR/binaries"
-
-      for R_PATH in "${ROOT_PATH[@]}" ; do
-        KPANIC=0
-
-        print_output "[*] Detected root path: $ORANGE$R_PATH$NC"
-
-        if [[ -n "$D_END" ]]; then
-          D_END="$(echo "$D_END" | tr '[:upper:]' '[:lower:]')"
-          ARCH_END="$(echo "$ARCH" | tr '[:upper:]' '[:lower:]')$(echo "$D_END" | tr '[:upper:]' '[:lower:]')"
-          CONSOLE=$(get_console "$ARCH_END")
-          LIBNVRAM=$(get_nvram "$ARCH_END")
-
-          pre_cleanup
-
-          create_emulation_filesystem "$R_PATH" "$ARCH_END"
-          if [[ "$FS_CREATED" -eq 1 ]]; then
-            identify_networking "$IMAGE_NAME" "$ARCH_END"
-            get_networking_details
-
-            if [[ "$KPANIC" -eq 0 && "${#IPS[@]}" -gt 0 ]]; then
-              setup_network
-              run_emulated_system
-              check_online_stat
-              EXECUTE=1
-              if [[ "$SYS_ONLINE" -eq 1 ]]; then
-                print_output "[+] System emulation was successful."
-                print_output "[+] System should be available via IP $IP."
-                EXECUTE=0
-              fi
-              reset_network "$EXECUTE"
-              if [[ "$SYS_ONLINE" -eq 1 ]]; then
-                create_emulation_archive
-              fi
-              # if the emulation was successful, we stop here - no emulation of other detected rootfs
-              break
-            else
-              print_output "[!] No further emulation steps are performed"
-            fi
-          else
-            print_output "[!] No further emulation steps are performed"
-          fi
-        else
-          print_output "[!] No supported architecture detected"
-        fi
-      done
-      MODULE_END=1
-    else
-      print_output "[!] No supported architecture found.\\n"
-      print_output "[!] Curently supported: ARM, MIPS.\\n"
-      MODULE_END=0
-    fi
-
-  fi
-
-  write_log ""
-  write_log "[*] Statistics:$SYS_ONLINE:${#IPS[@]}:$BOOTED"
-  module_end_log "${FUNCNAME[0]}" "$MODULE_END"
-
-}
-
-pre_cleanup() {
-  # this cleanup function is to ensure that we have no mounts from previous tests mounted
-  print_output "[*] Checking for not unmounted proc, sys and run in log directory"
-  mapfile -t CHECK_MOUNTS < <(mount | grep "$LOG_DIR" | grep "proc\|sys\|run" || true)
-  for MOUNT in "${CHECK_MOUNTS[@]}"; do
-    print_output "[*] Unmounting $MOUNT"
-    MOUNT=$(echo "$MOUNT" | cut -d\  -f3)
-    umount -l "$MOUNT" || true
-  done
-}
-
-create_emulation_filesystem() {
-  # based on the original firmadyne script:
-  # https://github.com/firmadyne/firmadyne/blob/master/scripts/makeImage.sh
-
-  sub_module_title "Create Qemu filesystem"
-  ROOT_PATH="${1:-}"
-  ARCH_END="${2:-}"
-  export IMAGE_NAME
-  FS_CREATED=1
-  IMAGE_NAME="$(basename "$ROOT_PATH")_$ARCH_END-$RANDOM"
-  MNT_POINT="$LOG_PATH_MODULE/emulation_tmp_fs"
-  if [[ -d "$MNT_POINT" ]]; then
-    MNT_POINT="$MNT_POINT"-"$RANDOM"
-  fi
-  mkdir "$MNT_POINT" || true
-
-  print_output "[*] Create filesystem for emulation - $ROOT_PATH.\\n"
-  IMAGE_SIZE="$(du -b --max-depth=0 "$ROOT_PATH" | awk '{print $1}')"
-  IMAGE_SIZE=$((IMAGE_SIZE + 150 * 1024 * 1024))
-
-  print_output "[*] Size of filesystem for emulation - $IMAGE_SIZE.\\n"
-  print_output "[*] Name of filesystem for emulation - $IMAGE_NAME.\\n"
-  qemu-img create -f raw "$LOG_PATH_MODULE/$IMAGE_NAME" "$IMAGE_SIZE"
-  chmod a+rw "$LOG_PATH_MODULE/$IMAGE_NAME"
-
-  print_output "[*] Creating Partition Table"
-  echo -e "o\nn\np\n1\n\n\nw" | /sbin/fdisk "$LOG_PATH_MODULE/$IMAGE_NAME"
-
-  print_output "[*] Mounting QEMU Image"
-  DEVICE=$(get_device "$(kpartx -a -s -v "$LOG_PATH_MODULE/$IMAGE_NAME" || true)")
-  sleep 1
-  print_output "[*] Device mapper created at ${DEVICE}"
-
-  print_output "[*] Creating Filesystem"
-  sync
-  mkfs.ext2 "${DEVICE}" || true
-
-  print_output "[*] Mounting QEMU Image Partition 1 to $MNT_POINT"
-  mount "${DEVICE}" "$MNT_POINT" || true
-  if mount | grep -q "$MNT_POINT"; then
-    print_output "[*] Copy root filesystem to QEMU image"
-    #rm -rf "${MNT_POINT:?}/"*
-    cp -prf "$ROOT_PATH"/* "$MNT_POINT"/ || true
-
-    print_output "[*] Creating FIRMADYNE Directories"
-    mkdir -p "$MNT_POINT/firmadyne/libnvram/" || true
-    mkdir -p "$MNT_POINT/firmadyne/libnvram.override/" || true
-
-    print_output "[*] Patching Filesystem (chroot)"
-    cp "$(which busybox)" "$MNT_POINT" || true
-
-    cp "$FIRMADYNE_DIR/scripts/fixImage_firmadyne.sh" "$MNT_POINT"/fixImage.sh || true
-    chroot "$MNT_POINT" /busybox ash /fixImage.sh || true
-
-    rm "$MNT_POINT/fixImage.sh" || true
-    rm "$MNT_POINT/busybox" || true
-
-    print_output "[*] Setting up FIRMADYNE"
-    cp "${CONSOLE}" "$MNT_POINT/firmadyne/console" || true
-    chmod a+x "$MNT_POINT/firmadyne/console"
-    mknod -m 666 "$MNT_POINT/firmadyne/ttyS1" c 4 65
-
-    cp "${LIBNVRAM}" "$MNT_POINT/firmadyne/libnvram.so" || true
-    chmod a+x "$MNT_POINT/firmadyne/libnvram.so"
-
-    cp "$FIRMADYNE_DIR/scripts/preInit_firmadyne.sh" "$MNT_POINT/firmadyne/preInit.sh" || true
-    chmod a+x "$MNT_POINT/firmadyne/preInit.sh"
-
-    print_output "[*] Unmounting QEMU Image"
-    sync
-    umount "${DEVICE}" || true
-
-  else
-    print_output "[!] Filesystem mount failed"
-    FS_CREATED=0
-  fi
-  print_output "[*] Deleting device mapper"
-  kpartx -v -d "$LOG_PATH_MODULE/$IMAGE_NAME"
-  losetup -d "${DEVICE}" &>/dev/null || true
-  # just in case we check the output and remove our device:
-  if losetup | grep -q "$(basename "$IMAGE_NAME")"; then
-    losetup -d "$(losetup | grep "$(basename "$IMAGE_NAME")" | awk '{print $1}' || true)"
-  fi
-  dmsetup remove "$(basename "$DEVICE")" &>/dev/null || true
-  rm -rf "${MNT_POINT:?}/"* || true
-}
-
-identify_networking() {
-  # based on the original firmadyne script:
-  # https://github.com/firmadyne/firmadyne/blob/master/scripts/inferNetwork.sh
-  
-  sub_module_title "Network identification"
-  IMAGE_NAME="${1:-}"
-  IMAGE=$(abs_path "$LOG_PATH_MODULE/$IMAGE_NAME")
-
-  ARCH_END="${2:-}"
-
-  print_output "[*] Test basic emulation and identify network settings.\\n"
-  print_output "[*] Running firmware $IMAGE_NAME: terminating after 60 secs..."
-
-  QEMU_PARAMS=""
-  if [[ "$ARCH_END" == "mipsel" ]]; then
-    KERNEL_="vmlinux"
-    QEMU="qemu-system-mipsel"
-    MACHINE="malta"
-    DRIVE="if=ide,format=raw,file=$IMAGE"
-    ROOT_DEV="/dev/sda1"
-    NETWORK="-netdev socket,id=s0,listen=:2000 -device e1000,netdev=s0 -netdev socket,id=s1,listen=:2001 -device e1000,netdev=s1 -netdev socket,id=s2,listen=:2002 -device e1000,netdev=s2 -netdev socket,id=s3,listen=:2003 -device e1000,netdev=s3"
-  elif [[ "$ARCH_END" == "mipseb" ]]; then
-    KERNEL_="vmlinux"
-    QEMU="qemu-system-mips"
-    MACHINE="malta"
-    #DRIVE="if=ide,format=raw,file=\"$IMAGE\""
-    DRIVE="if=ide,format=raw,file=$IMAGE"
-    ROOT_DEV="/dev/sda1"
-    NETWORK="-netdev socket,id=s0,listen=:2000 -device e1000,netdev=s0 -netdev socket,id=s1,listen=:2001 -device e1000,netdev=s1 -netdev socket,id=s2,listen=:2002 -device e1000,netdev=s2 -netdev socket,id=s3,listen=:2003 -device e1000,netdev=s3"
-  elif [[ "$ARCH_END" == "armel" ]]; then
-    QEMU="qemu-system-arm"
-    KERNEL_="zImage"
-    MACHINE="virt"
-    DRIVE="if=none,file=$IMAGE,format=raw,id=rootfs -device virtio-blk-device,drive=rootfs"
-    ROOT_DEV="/dev/vda1"
-    NETWORK="-device virtio-net-device,netdev=net1 -netdev socket,listen=:2000,id=net1 -device virtio-net-device,netdev=net2 -netdev socket,listen=:2001,id=net2 -device virtio-net-device,netdev=net3 -netdev socket,listen=:2002,id=net3 -device virtio-net-device,netdev=net4 -netdev socket,listen=:2003,id=net4"
-    QEMU_PARAMS="-audiodev driver=none,id=none"
-  fi
-
-  run_network_id &
-
-  tail -F "$LOG_PATH_MODULE/qemu.initial.serial.log" 2>/dev/null&
-  sleep 60
-  pkill -f "qemu-system-.*$IMAGE_NAME.*" || true
-  pkill -f "tail.*$LOG_PATH_MODULE/qemu.initial.serial.log.*" || true
-
-  if [[ -f "$LOG_PATH_MODULE"/qemu.initial.serial.log ]]; then
-    cat "$LOG_PATH_MODULE"/qemu.initial.serial.log >> "$LOG_FILE"
-  else
-    print_output "[-] No $LOG_PATH_MODULE/qemu.initial.serial.log log file generated."
-  fi
-
-  print_output "[*] Firmware $IMAGE_NAME finished for identification of the network configuration"
-}
-
-run_network_id() {
-  # based on the original firmadyne scripts:
-  # https://github.com/firmadyne/firmadyne/blob/master/scripts/run.mipsel.sh
-  # https://github.com/firmadyne/firmadyne/blob/master/scripts/run.mipseb.sh
-  # https://github.com/firmadyne/firmadyne/blob/master/scripts/run.armel.sh
-
-  print_output "[*] Qemu network identification run for $ARCH_END - $IMAGE_NAME"
-
-  KERNEL="$FIRMADYNE_DIR/binaries/$KERNEL_.$ARCH_END"
-
-  # shellcheck disable=SC2086
-  $QEMU -m 256 -M $MACHINE -kernel $KERNEL -drive $DRIVE \
-    -append "firmadyne.syscall=1 root=$ROOT_DEV console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/preInit.sh rw debug ignore_loglevel print-fatal-signals=1 user_debug=31" \
-    -serial file:$LOG_PATH_MODULE/qemu.initial.serial.log -serial unix:/tmp/qemu.$IMAGE_NAME.S1,server,nowait -monitor unix:/tmp/qemu.$IMAGE_NAME,server,nowait -display none \
-    $NETWORK $QEMU_PARAMS || true
-}
-
-get_networking_details() {
-  # based on the original firmadyne script:
-  # https://github.com/firmadyne/firmadyne/blob/master/scripts/makeNetwork.py
-
-  sub_module_title "Network identification - $IMAGE_NAME"
-
-  if [[ -f "$LOG_PATH_MODULE"/qemu.initial.serial.log ]]; then
-    INT=()
-    VLAN=()
-  
-    mapfile -t MAC_CHANGES < <(grep -a "ioctl_SIOCSIFHWADDR" "$LOG_PATH_MODULE"/qemu.initial.serial.log | cut -d: -f2- | sort -u || true)
-    mapfile -t INTERFACE_CANDIDATES < <(grep -a "__inet_insert_ifa" "$LOG_PATH_MODULE"/qemu.initial.serial.log | cut -d: -f2- | sort -u || true)
-    mapfile -t BRIDGE_INTERFACES < <(grep -a "br_add_if\|br_dev_ioctl" "$LOG_PATH_MODULE"/qemu.initial.serial.log | cut -d: -f2- | sort -u || true)
-    mapfile -t VLAN_INFOS < <(grep -a "register_vlan_dev" "$LOG_PATH_MODULE"/qemu.initial.serial.log | cut -d: -f2- | sort -u || true)
-    mapfile -t PANICS < <(grep -a "Kernel panic - " "$LOG_PATH_MODULE"/qemu.initial.serial.log || true)
-  
-    if [[ "${#MAC_CHANGES[@]}" -gt 0 || "${#INTERFACE_CANDIDATES[@]}" -gt 0 || "${#BRIDGE_INTERFACES[@]}" -gt 0 || "${#VLAN_INFOS[@]}" -gt 0 ]]; then
-      BOOTED=1
-    fi
-
-    for MAC_CHANGE in "${MAC_CHANGES[@]}"; do
-      print_output "[*] MAC change detected: $MAC_CHANGE"
-      print_output "[!] No further action implemented"
-    done
-  
-    for INTERFACE_CAND in "${INTERFACE_CANDIDATES[@]}"; do
-      print_output "[*] Possible interface candidate detected: $ORANGE$INTERFACE_CAND$NC"
-      # INTERFACE_CAND -> __inet_insert_ifa[PID: 139 (ifconfig)]: device:br0 ifa:0xc0a80001
-      mapfile -t IP_ADDRESS < <(echo "$INTERFACE_CAND" | grep device | cut -d: -f2- | sed "s/^.*\]:\ //" | awk '{print $2}' | cut -d: -f2 | sed 's/0x//' | sed 's/../0x&\n/g')
-      # IP_ADDRESS -> c0a80001
-      # as I don't get it to change the hex ip to dec with printf, we do it the poor way:
-      IP_=""
-      for IPs in "${IP_ADDRESS[@]}"; do
-        if [[ "$IPs" == "0x"* ]]; then
-          #shellcheck disable=SC2004
-          IP_="$IP_.$(($IPs))"
-        fi
-      done
-
-      #shellcheck disable=SC2001
-      IP_="$(echo "$IP_" | sed 's/^\.//')"
-  
-      if [[ "$D_END" == "eb" ]]; then
-        IP_ADDRESS_="$IP_"
-      elif [[ "$D_END" == "el" ]]; then
-        IP_ADDRESS_=$(echo "$IP_" | tr '.' '\n' | tac | tr '\n' '.' | sed 's/\.$//')
-      fi
-
-      if ! [[ "$IP_ADDRESS_" == "127."* ]] && ! [[ "$IP_ADDRESS_" == "0.0.0.0" ]]; then
-        IPS+=( "$IP_ADDRESS_" )
-        NETWORK_DEVICE="$(echo "$INTERFACE_CAND" | grep device | cut -d: -f2- | sed "s/^.*\]:\ //" | awk '{print $1}' | cut -d: -f2)"
-        if [[ -n "$NETWORK_DEVICE" ]]; then
-          INT+=( "$NETWORK_DEVICE" )
-        fi
-      fi
-    done
-  
-    for BRIDGE_INT in "${BRIDGE_INTERFACES[@]}"; do
-      print_output "[*] Possible bridge interface candidate detected: $ORANGE$BRIDGE_INT$NC"
-      # br_add_if[PID: 138 (brctl)]: br:br0 dev:eth1.1
-      BRIDGE_INT_="$(echo "$BRIDGE_INT" | sed "s/^.*\]:\ //" | awk '{print $1}' | cut -d: -f2)"
-      NET_DEV="$(echo "$BRIDGE_INT" | sed "s/^.*\]:\ //" | awk '{print $2}' | cut -d: -f2 | cut -d. -f1)"
-  
-      # check if the dev part is something like eth1.2:
-      # br_add_if[PID: 170 (brctl)]: br:br0 dev:eth0
-      #if [[ "$(echo "$BRIDGE_INT" | sed "s/^.*\]:\ //" | awk '{print $2}' | cut -d: -f2 | grep -q -E "[0-9]\.[0-9]")" ]]; then
-      if echo "$BRIDGE_INT" | sed "s/^.*\]:\ //" | awk '{print $2}' | cut -d: -f2 | grep -q -E "[0-9]\.[0-9]"; then
-        VLAN_ID="$(echo "$BRIDGE_INT" | sed "s/^.*\]:\ //" | grep -o "dev:.*" | cut -d. -f2)"
-      fi
-      if [[ -n "$BRIDGE_INT_" ]]; then
-        INT+=( "$BRIDGE_INT_" )
-      fi
-      if [[ -n "$NET_DEV" ]]; then
-        INT+=( "$NET_DEV" )
-      fi
-    done
-  
-    for VLAN_INFO in "${VLAN_INFOS[@]}"; do
-      print_output "[*] Possible VLAN details detected: $ORANGE$VLAN_INFO$NC"
-      # register_vlan_dev[PID: 128 (vconfig)]: dev:eth1.1 vlan_id:1
-      NET_DEV="$(echo "$VLAN_INFO" | sed "s/^.*\]:\ //" | awk '{print $1}' | cut -d: -f2 | cut -d. -f1)"
-      VLAN_ID="$(echo "$VLAN_INFO" | grep -o "vlan_id:[0-9]" | cut -d: -f2)"
-      VLAN+=( "$VLAN_ID" )
-      INT+=( "$NET_DEV" )
-    done
-  
-    # make them unique:
-    eval "IPS=($(for i in "${IPS[@]}" ; do echo "\"$i\"" ; done | sort -u))"
-    eval "INT=($(for i in "${INT[@]}" ; do echo "\"$i\"" ; done | sort -u))"
-    eval "VLAN=($(for i in "${VLAN[@]}" ; do echo "\"$i\"" ; done | sort -u))"
-
-    print_output ""
-    for IP in "${IPS[@]}"; do
-      print_output "[+] Found possible IP address: $ORANGE$IP$NC"
-    done
-    for INT_ in "${INT[@]}"; do
-      if [[ "$INT_" == *"br"* ]]; then
-        print_output "[+] Possible bridge interface detected: $ORANGE$INT_$NC"
-      else
-        print_output "[+] Possible network interface detected: $ORANGE$INT_$NC"
-      fi
-    done
-    for VLAN_ in "${VLAN[@]}"; do
-      print_output "[+] Possible VLAN ID detected: $ORANGE$VLAN_$NC"
-    done
-  
-    for PANIC in "${PANICS[@]}"; do
-      print_output "[!] WARNING: Kernel Panic detected: $ORANGE$PANIC$NC"
-      KPANIC=1
-    done
-
-  else
-    print_output "[-] No $LOG_PATH_MODULE/qemu.initial.serial.log log file generated."
-  fi
-  print_output ""
-}
-
-setup_network() {
-  sub_module_title "Setup networking - $IMAGE_NAME"
-
-  # used for generating startup scripts for offline analysis
-  ARCHIVE_PATH="$LOG_PATH_MODULE"/archive-"$IMAGE_NAME"
-  if [[ -d "$ARCHIVE_PATH" ]]; then
-    ARCHIVE_PATH="$ARCHIVE_PATH-$RANDOM"
-  fi
-
-  if ! [[ -d "$ARCHIVE_PATH" ]]; then
-    mkdir "$ARCHIVE_PATH"
-  fi
-
-  TAP_ID=2 #temp
-
-  # bridge, no vlan, ip address
-  TAPDEV_0=tap$TAP_ID"_0"
-  HOSTNETDEV_0=$TAPDEV_0
-  print_output "[*] Creating TAP device $ORANGE$TAPDEV_0$NC..."
-  write_script_exec "tunctl -t $TAPDEV_0" "$ARCHIVE_PATH"/run.sh 1
-
-  if [[ "${#VLAN[@]}" -gt 0 ]]; then
-    for VLANID in "${VLAN[@]}"; do
-      print_output "[*] Init VLAN $VLAN_ID ..."
-      HOSTNETDEV_0x=$TAPDEV_0.$VLANID
-      print_output "[*] Bringing up HOSTNETDEV $ORANGE$HOSTNETDEV_0x$NC"
-      write_script_exec "ip link add link $TAPDEV_0 name $HOSTNETDEV_0x type vlan id $VLANID" "$ARCHIVE_PATH"/run.sh 1
-      write_script_exec "ip link set $TAPDEV_0 up" "$ARCHIVE_PATH"/run.sh 1
-    done
-  fi
-
-  for IP in "${IPS[@]}"; do
-    HOSTIP="$(echo "$IP" | sed 's/\./&\n/g' | sed -E 's/^[0-9]+$/2/' | tr -d '\n')"
-    print_output "[*] Using HOSTIP: $ORANGE$HOSTIP$NC"
-    print_output "[*] Possible IP address for emulated device: $ORANGE$IP$NC"
-    print_output "[*] Bringing up TAP device $ORANGE$TAPDEV_0$NC"
-
-    write_script_exec "ip link set ${HOSTNETDEV_0} up" "$ARCHIVE_PATH"/run.sh 1
-    write_script_exec "ip addr add $HOSTIP/24 dev ${HOSTNETDEV_0}" "$ARCHIVE_PATH"/run.sh 1
-
-    print_output "Adding route to $IP..."
-    write_script_exec "ip route add $IP via $IP dev ${HOSTNETDEV_0}" "$ARCHIVE_PATH"/run.sh 1
-  done
-}
-
-run_emulated_system() {
-  sub_module_title "Final system emulation."
-
-  IMAGE="$LOG_PATH_MODULE/$IMAGE_NAME"
-  # SYS_ONLINE is used to check the network reachability
-  SYS_ONLINE=0
-
-  KERNEL_="vmlinux"
-  if [[ "$ARCH_END" == "mipsel" ]]; then
-    QEMU_BIN="qemu-system-$ARCH_END"
-    QEMU_MACHINE="malta"
-  elif [[ "$ARCH_END" == "mipseb" ]]; then
-    QEMU_BIN="qemu-system-mips"
-    QEMU_MACHINE="malta"
-  elif [[ "$ARCH_END" == "armel" ]]; then
-    KERNEL_="zImage"
-    QEMU_BIN="qemu-system-arm"
-    QEMU_MACHINE="virt"
-  else
-    QEMU_BIN="NA"
-  fi
-  KERNEL="$FIRMADYNE_DIR/binaries/$KERNEL_.$ARCH_END"
-
-  if [[ "$ARCH" == "ARM" ]]; then
-    QEMU_DISK="-drive if=none,file=$IMAGE,format=raw,id=rootfs -device virtio-blk-device,drive=rootfs"
-    QEMU_PARAMS="-audiodev driver=none,id=none"
-    QEMU_ROOTFS="/dev/vda1"
-    NET_ID=0
-    # newer kernels use virtio only
-    QEMU_NETWORK="-device virtio-net-device,netdev=net$NET_ID -netdev tap,id=net$NET_ID,ifname=${TAPDEV_0},script=no"
-    for NET_ID in 1 2 3; do
-      QEMU_NETWORK="$QEMU_NETWORK -device virtio-net-device,netdev=net$NET_ID -netdev socket,id=net$NET_ID,listen=:200$NET_ID"
-    done
-
-  elif [[ "$ARCH" == "MIPS" ]]; then
-    QEMU_DISK="-drive if=ide,format=raw,file=$IMAGE"
-    QEMU_PARAMS=""
-    QEMU_ROOTFS="/dev/sda1"
-    NET_ID=0
-    #QEMU_NETWORK="-netdev socket,id=net$NET_ID,listen=:200$NET_ID -device e1000,netdev=net$NET_ID"
-    QEMU_NETWORK="-netdev tap,id=net$NET_ID,ifname=${TAPDEV_0},script=no -device e1000,netdev=net$NET_ID"
-    for NET_ID in 1 2 3; do
-      QEMU_NETWORK="$QEMU_NETWORK -netdev socket,id=net$NET_ID,listen=:200$NET_ID -device e1000,netdev=net$NET_ID"
-    done
-  fi
-
-  if [[ "$QEMU_BIN" != "NA" ]]; then
-    print_output "[*] Starting firmware emulation $QEMU_BIN / $ARCH / $IMAGE_NAME ... use Ctrl-a + x to exit"
-    sleep 1s
-    run_qemu_final_emulation &
-  else
-    print_output "[-] No firmware emulation $ARCH / $IMAGE_NAME possible"
-  fi
-}
-
-run_qemu_final_emulation() {
-  # run this in the background to be able to test the system in parallel
-  # kill it afterwards with something like
-  # pkill -f "qemu-system-.*$IMAGE_NAME.*"
-
-  echo "echo \"[*] Starting firmware emulation $QEMU_BIN / $ARCH / $IMAGE_NAME ... use Ctrl-a + x to exit\"" >> "$ARCHIVE_PATH"/run.sh
-  write_script_exec "$QEMU_BIN -m 256 -M $QEMU_MACHINE -kernel $KERNEL $QEMU_DISK -append \"root=$QEMU_ROOTFS console=ttyS0 nandsim.parts=64,64,64,64,64,64,64,64,64,64 rdinit=/firmadyne/preInit.sh rw debug ignore_loglevel print-fatal-signals=1 user_debug=31 firmadyne.syscall=0\" -nographic $QEMU_NETWORK $QEMU_PARAMS | tee \"$LOG_PATH_MODULE\"/qemu.final.serial.log || true" "$ARCHIVE_PATH"/run.sh 1
-}
-
-check_online_stat() {
-  # check for a maximum of 60 seconds
-  PING_CNT=0
-  while [[ "$PING_CNT" -lt 12 ]]; do
-    for IP in "${IPS[@]}"; do
-      if ping -c 1 "$IP" &> /dev/null; then
-        print_output "[+] Host with $IP is reachable via ICMP."
-        print_output "[*] Wait 60 seconds until the boot process is completely finished"
-        sleep 60
-        SYS_ONLINE=1
-        break 2
-      else
-        print_output "[*] Host with $IP is not reachable."
-        SYS_ONLINE=0
-      fi
-    done
-    sleep 5
-    (( PING_CNT+=1 ))
-  done
-
-  print_output ""
-  cat "$LOG_PATH_MODULE"/qemu.final.serial.log >> "$LOG_FILE" || true
-}
-
-create_emulation_archive() {
-  sub_module_title "Create scripts and archive to re-run the emulated system"
-
-  cp "$KERNEL" "$ARCHIVE_PATH" || true
-  cp "$IMAGE" "$ARCHIVE_PATH" || true
-  if [[ -f "$ARCHIVE_PATH"/run.sh ]];then
-    chmod +x "$ARCHIVE_PATH"/run.sh
-  else
-    print_output "[-] No run script created ..."
-  fi
-  tar -czvf "$LOG_PATH_MODULE"/archive-"$IMAGE_NAME".tar.gz "$ARCHIVE_PATH"
-  if [[ -f "$LOG_PATH_MODULE"/archive-"$IMAGE_NAME".tar.gz ]]; then
-    print_output "[*] Qemu emulation archive created in $LOG_PATH_MODULE/archive-$IMAGE_NAME.tar.gz" "" "$LOG_PATH_MODULE/archive-$IMAGE_NAME.tar.gz"
-    print_output ""
-  fi
-}
-
-reset_network() {
-  EXECUTE_="${1:0}"
-
-  if [[ "$EXECUTE" -ne 0 ]]; then
-    sub_module_title "Reset network environment"
-    print_output "[*] Stopping Qemu emulation ..."
-    pkill -9 -f "qemu-system-.*$IMAGE_NAME.*" || true
-  else
-    sub_module_title "Create network environment startup script"
-  fi
-
-  if [[ "$EXECUTE" -eq 1 ]]; then
-    print_output "[*] Deleting route..."
-  fi
-  write_script_exec "ip route flush dev \"${HOSTNETDEV_0}\"" "$ARCHIVE_PATH"/run.sh "$EXECUTE_"
-
-  if [[ "$EXECUTE" -eq 1 ]]; then
-    print_output "[*] Bringing down TAP device..."
-  fi
-  write_script_exec "ip link set $TAPDEV_0 down" "$ARCHIVE_PATH"/run.sh "$EXECUTE_"
-
-  if [[ "$EXECUTE" -eq 1 ]]; then
-    print_output "Removing VLAN..."
-  fi
-  write_script_exec "ip link delete ${HOSTNETDEV_0}" "$ARCHIVE_PATH"/run.sh "$EXECUTE_"
-
-  if [[ "$EXECUTE" -eq 1 ]]; then
-    print_output "Deleting TAP device ${TAPDEV_0}..."
-  fi
-  write_script_exec "tunctl -d ${TAPDEV_0}" "$ARCHIVE_PATH"/run.sh "$EXECUTE_"
-}
-
-write_script_exec() {
-  COMMAND="${1:-}"
-  SCRIPT_WRITE="${2:-}"
-  # EXECUTE: 0 -> just write script
-  # EXECUTE: 1 -> execute and write script
-  # EXECUTE: 2 -> just execute
-  EXECUTE="${3:0}"
-
-  if [[ "$EXECUTE" -ne 0 ]];then
-    eval "$COMMAND" || true &
-  fi
-
-  if [[ "$EXECUTE" -ne 2 ]];then
-    if ! [[ -f "$SCRIPT_WRITE" ]]; then
-      echo "#!/bin/bash" > "$SCRIPT_WRITE"
-    fi
-
-    # for the final script we need to adjust the paths:
-    if echo "$COMMAND" | grep -q qemu-system-; then
-      #shellcheck disable=SC2001
-      COMMAND=$(echo "$COMMAND" | sed "s#${KERNEL:-}#\.\/${KERNEL_:-}.${ARCH_END:-}#g")
-      #shellcheck disable=SC2001
-      COMMAND=$(echo "$COMMAND" | sed "s#${IMAGE:-}#\.\/${IMAGE_NAME:-}#g")
-      #shellcheck disable=SC2001
-      COMMAND=$(echo "$COMMAND" | sed "s#\"${LOG_PATH_MODULE:-}\"#\.#g")
-    fi
-
-    echo "$COMMAND" >> "$SCRIPT_WRITE"
-  fi
-}
-
-get_nvram () {
-  echo "${BINARY_DIR}/libnvram.so.${1}"
-}
-
-get_console () {
-  echo "${BINARY_DIR}/console.${1}"
-}
-
-get_device () {
-    # Parses output from kpartx
-    echo "/dev/mapper/$(echo "$1" | cut -d ' ' -f 3)"
-}
diff --git a/modules/L15_emulated_checks_init.sh b/modules/L15_emulated_checks_init.sh
deleted file mode 100755
index 90ae735bf..000000000
--- a/modules/L15_emulated_checks_init.sh
+++ /dev/null
@@ -1,212 +0,0 @@
-#!/bin/bash
-
-# EMBA - EMBEDDED LINUX ANALYZER
-#
-# Copyright 2020-2022 Siemens Energy AG
-# Copyright 2020-2022 Siemens AG
-#
-# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
-# welcome to redistribute it under the terms of the GNU General Public License.
-# See LICENSE file for usage of this software.
-#
-# EMBA is licensed under GPLv3
-#
-# Author(s): Michael Messner, Pascal Eckmann
-
-# Description:  Tests the emulated live system which is build and started in L10
-#               Currently this is an experimental module and needs to be activated separately via the -Q switch. 
-#               It is also recommended to only use this technique in a dockerized or virtualized environment.
-
-# Threading priority - if set to 1, these modules will be executed first
-export THREAD_PRIO=0
-
-L15_emulated_checks_init() {
-  module_log_init "${FUNCNAME[0]}"
-  module_title "Live tests of emulated device."
-
-  SNMP_UP=0
-  NIKTO_UP=0
-  NMAP_PORTS_SERVICES=()
-  MODULE_END=0
-
-  if [[ "$SYS_ONLINE" -eq 1 ]]; then
-    pre_module_reporter "${FUNCNAME[0]}"
-
-    if [[ $IN_DOCKER -eq 0 ]] ; then
-      print_output "[!] This module should not be used in developer mode and could harm your host environment."
-    fi
-
-    check_live_nmap_basic
-    check_live_snmp
-    # running into issues with nikto on different systems -> disabling for now:
-    # check_live_nikto
-    check_live_routersploit
-    MODULE_END=1
-    pkill -f "qemu-system-.*$IMAGE_NAME.*" || true
-    reset_network 2
-  fi
-
-  write_log ""
-  write_log "[*] Statistics:${#NMAP_PORTS_SERVICES[@]}:$SNMP_UP:$NIKTO_UP"
-  module_end_log "${FUNCNAME[0]}" "$MODULE_END"
-
-}
-
-check_live_nmap_basic() {
-  sub_module_title "Nmap portscans for emulated system with IP $IP"
-
-  nmap -sSV "$IP" -oA "$LOG_PATH_MODULE"/nmap-basic-"$IP" | tee -a "$LOG_FILE"
-  if [[ -f "$LOG_PATH_MODULE"/nmap-basic-"$IP".nmap ]]; then
-    mapfile -t NMAP_PORTS_SERVICES < <(grep "open" "$LOG_PATH_MODULE"/nmap-basic-"$IP".nmap | awk '{print $4,$5,$6}' | sort -u)
-    mapfile -t NMAP_PORTS < <(grep "open" "$LOG_PATH_MODULE"/nmap-basic-"$IP".nmap | awk '{print $1}' | cut -d '/' -f1 | sort -u)
-  fi
-
-  TYPE="Nmap"
-
-  if [[ -v NMAP_PORTS_SERVICES[@] ]]; then
-    write_csv_log "---" "---" "version_detected" "csv_rule" "license" "static/emulation/nmap"
-    print_output ""
-    for SERVICE in "${NMAP_PORTS_SERVICES[@]}"; do
-      while read -r VERSION_LINE; do
-        if echo "$VERSION_LINE" | grep -v -q "^[^#*/;]"; then
-          continue
-        fi
-        if echo "$VERSION_LINE" | grep -q "no_static"; then
-          continue
-        fi
-
-        STRICT="$(echo "$VERSION_LINE" | cut -d\; -f2)"
-
-        if [[ $STRICT == *"strict"* ]]; then
-          continue
-        elif [[ $STRICT == "zgrep" ]]; then
-          continue
-        fi
-
-        LIC="$(echo "$VERSION_LINE" | cut -d\; -f3)"
-        # BIN_NAME="$(echo "$VERSION_LINE" | cut -d\; -f1)"
-        CSV_REGEX="$(echo "$VERSION_LINE" | cut -d\; -f5)"
-        VERSION_IDENTIFIER="$(echo "$VERSION_LINE" | cut -d\; -f4 | sed s/^\"// | sed s/\"$//)"
-
-        VERSION_FINDER=$(echo "$SERVICE" | grep -o -a -E "$VERSION_IDENTIFIER" | head -1 2>/dev/null || true)
-        if [[ -n $VERSION_FINDER ]]; then
-          print_output "[+] Version information found ${RED}""$VERSION_FINDER""${NC}${GREEN} in Nmap port scanning logs."
-          # use get_csv_rule from s09:
-          get_csv_rule "$VERSION_FINDER" "$CSV_REGEX"
-          write_csv_log "---" "---" "$VERSION_FINDER" "$CSV_RULE" "$LIC" "$TYPE"
-          continue
-        fi
-      done  < "$CONFIG_DIR"/bin_version_strings.cfg
-    done
-  fi
-
-  print_output ""
-  print_output "[*] Nmap portscans for emulated system with IP $IP finished"
-}
-
-check_live_snmp() {
-  sub_module_title "SNMP enumeration for emulated system with IP $IP"
-
-  if command snmp-check > /dev/null; then
-    print_output "[*] SNMP scan with community name public"
-    snmp-check -w "$IP"| tee "$LOG_PATH_MODULE"/snmp-check-public-"$IP".txt
-    if [[ -f "$LOG_PATH_MODULE"/snmp-check-public-"$IP".txt ]]; then
-      cat "$LOG_PATH_MODULE"/snmp-check-public-"$IP".txt >> "$LOG_FILE"
-    fi
-    print_output ""
-    print_output "[*] SNMP scan with community name private"
-    snmp-check -c private -w "$IP"| tee "$LOG_PATH_MODULE"/snmp-check-private-"$IP".txt
-    if [[ -f "$LOG_PATH_MODULE"/snmp-check-private-"$IP".txt ]]; then
-      cat "$LOG_PATH_MODULE"/snmp-check-private-"$IP".txt >> "$LOG_FILE"
-    fi
-  else
-    print_output "[*] SNMP scan with community name public"
-    snmpwalk -v2c -c public "$IP" .iso | tee "$LOG_PATH_MODULE"/snmpwalk-public-"$IP".txt
-    if [[ -f "$LOG_PATH_MODULE"/snmp-check-public-"$IP".txt ]]; then
-      cat "$LOG_PATH_MODULE"/snmpwalk-public-"$IP".txt >> "$LOG_FILE"
-    fi
-    print_output ""
-    print_output "[*] SNMP scan with community name private"
-    snmpwalk -v2c -c private "$IP" .iso | tee "$LOG_PATH_MODULE"/snmapwalk-private-"$IP".txt
-    if [[ -f "$LOG_PATH_MODULE"/snmp-check-private-"$IP".txt ]]; then
-      cat "$LOG_PATH_MODULE"/snmpwalk-private-"$IP".txt >> "$LOG_FILE"
-    fi
-  fi
-  SNMP_UP=$(wc -l "$LOG_PATH_MODULE"/snmp* | tail -1 | awk '{print $1}')
-
-  if [[ "$SNMP_UP" -gt 20 ]]; then
-    SNMP_UP=1
-  else
-    SNMP_UP=0
-  fi
-
-  print_output ""
-  print_output "[*] SNMP tests for emulated system with IP $IP finished"
-}
-
-check_live_nikto() {
-  sub_module_title "Nikto web checks for emulated system with IP $IP"
-
-  NIKTO_UP=0
-  NIKTO_DONE=0
-
-  if [[ "${#NMAP_PORTS[@]}" -gt 0 ]]; then
-    for PORT in "${NMAP_PORTS[@]}"; do
-      #PORT=$(echo "$SERVICE" | cut -d/ -f1 | tr -d "[:blank:]")
-      NIKTO_OPTS="-timeout 3 -nointeractive -maxtime 8m"
-      if [[ "$SERVICE" == *"ssl|http"* ]];then
-        #shellcheck disable=SC2086
-        nikto $NIKTO_OPTS -ssl -port "$PORT" -host "$IP" | tee -a "$LOG_PATH_MODULE"/nikto-scan-"$IP".txt
-        NIKTO_DONE=1
-      elif [[ "$SERVICE" == *"http"* ]];then
-        #shellcheck disable=SC2086
-        nikto $NIKTO_OPTS -port "$PORT" -host "$IP" | tee -a "$LOG_PATH_MODULE"/nikto-scan-"$IP".txt
-        NIKTO_DONE=1
-      fi
-      if [[ "$NIKTO_DONE" -eq 1 ]]; then
-        break
-      fi
-    done
-    if [[ -f "$LOG_PATH_MODULE"/nikto-scan-"$IP".txt ]]; then
-      cat "$LOG_PATH_MODULE"/nikto-scan-"$IP".txt >> "$LOG_FILE"
-      print_output ""
-      mapfile -t VERSIONS < <(grep "Server" "$LOG_PATH_MODULE"/nikto-scan-"$IP".txt | cut -d: -f2 | sort -u | grep -v "null" | sed 's/^\ //')
-      for VERSION in "${VERSIONS[@]}"; do
-        if [[ "$VERSION" != *"Server banner has changed from"* ]]; then
-          print_output "[+] Version information found ${RED}""$VERSION""${NC}${GREEN} in Nikto web server scanning logs."
-        fi
-      done
-
-      mapfile -t VERSIONS < <(grep "Retrieved x-powered-by header" "$LOG_PATH_MODULE"/nikto-scan-"$IP".txt | cut -d: -f2 | sort -u | sed 's/^\ //')
-      for VERSION in "${VERSIONS[@]}"; do
-        print_output "[+] Version information found ${RED}""$VERSION""${NC}${GREEN} in Nikto web server scanning logs."
-      done
-
-      print_output ""
-      if [[ $(grep -c "+ [1-9] host(s) tested" "$LOG_PATH_MODULE"/nikto-scan-"$IP".txt || true) -gt 0 ]]; then
-        NIKTO_UP=1
-      fi
-    fi
-  fi
-
-  print_output "[*] Nikto web checks for emulated system with IP $IP finished"
-}
-
-check_live_routersploit() {
-  sub_module_title "Routersploit tests for emulated system with IP $IP"
-
-  if [[ -f /tmp/routersploit.log ]]; then
-    rm /tmp/routersploit.log
-  fi
-
-  timeout --preserve-status --signal SIGINT 300 "$EXT_DIR"/routersploit/rsf.py "$IP" 2>&1 | tee -a "$LOG_PATH_MODULE"/routersploit-"$IP".txt
-
-  if [[ -f /tmp/routersploit.log ]]; then
-    mv /tmp/routersploit.log "$LOG_PATH_MODULE"/routersploit-detail-"$IP".txt
-  fi
-
-  cat "$LOG_PATH_MODULE"/routersploit-"$IP".txt >> "$LOG_FILE"
-  print_output ""
-  print_output "[*] Routersploit tests for emulated system with IP $IP finished"
-}
-
diff --git a/modules/P02_firmware_bin_file_check.sh b/modules/P02_firmware_bin_file_check.sh
index 12be574b4..5fcd046d4 100755
--- a/modules/P02_firmware_bin_file_check.sh
+++ b/modules/P02_firmware_bin_file_check.sh
@@ -35,7 +35,8 @@ P02_firmware_bin_file_check() {
   export GPG_COMPRESS=0
   export QNAP_ENC_DETECTED=0
   export BSD_UFS=0
-  export FACT_INIT=0
+  export PATOOLS_INIT=0
+  export ANDROID_OTA=0
 
   if [[ -f "$FIRMWARE_PATH" ]]; then
     SHA512_CHECKSUM=$(sha512sum "$FIRMWARE_PATH" | awk '{print $1}')
@@ -82,7 +83,7 @@ fw_bin_detector() {
   local DLINK_ENC_CHECK
   local AVM_CHECK
 
-  export FACT_INIT=0
+  export PATOOLS_INIT=0
   export VMDK_DETECTED=0
   export DLINK_ENC_DETECTED=0
   export QNAP_ENC_DETECTED=0
@@ -93,16 +94,24 @@ fw_bin_detector() {
   export ENGENIUS_ENC_DETECTED=0
   export GPG_COMPRESS=0
   export BSD_UFS=0
+  export ANDROID_OTA=0
 
   FILE_BIN_OUT=$(file "$CHECK_FILE")
   DLINK_ENC_CHECK=$(hexdump -C "$CHECK_FILE" | head -1 || true)
   AVM_CHECK=$(strings "$CHECK_FILE" | grep -c "AVM GmbH .*. All rights reserved.\|(C) Copyright .* AVM" || true)
   QNAP_ENC_CHECK=$(binwalk -y "qnap encrypted" "$CHECK_FILE")
 
-  # if we have a zip, tgz, tar archive we are going to use the FACT extractor
-  if [[ "$FILE_BIN_OUT" == *"gzip compressed data"* || "$FILE_BIN_OUT" == *"Zip archive data"* || "$FILE_BIN_OUT" == *"POSIX tar archive"* ]]; then
-    print_output "[*] Identified gzip/zip/tar archive file - using FACT extraction module"
-    export FACT_INIT=1
+  if [[ "$AVM_CHECK" -gt 0 ]] || [[ "$FW_VENDOR" == *"AVM"* ]]; then
+    print_output "[*] Identified AVM firmware - using AVM extraction module"
+    export AVM_DETECTED=1
+  fi
+  # if we have a zip, tgz, tar archive we are going to use the patools extractor
+  if [[ "$FILE_BIN_OUT" == *"gzip compressed data"* || "$FILE_BIN_OUT" == *"Zip archive data"* || "$FILE_BIN_OUT" == *"POSIX tar archive"* || "$FILE_BIN_OUT" == *"ISO 9660 CD-ROM filesystem data"* ]]; then
+    # as the AVM images are also zip files we need to bypass it here:
+    if [[ "$AVM_DETECTED" -ne 1 ]]; then
+      print_output "[*] Identified gzip/zip/tar/iso archive file - using patools extraction module"
+      export PATOOLS_INIT=1
+    fi
   fi
   if [[ "$FILE_BIN_OUT" == *"VMware4 disk image"* ]]; then
     print_output "[*] Identified VMWware VMDK archive file - using VMDK extraction module"
@@ -128,10 +137,6 @@ fw_bin_detector() {
     print_output "[*] Identified D-Link encrpted_img encrpyted firmware - using D-Link extraction module"
     export DLINK_ENC_DETECTED=2
   fi
-  if [[ "$AVM_CHECK" -gt 0 ]] || [[ "$FW_VENDOR" == *"AVM"* ]]; then
-    print_output "[*] Identified AVM firmware - using AVM extraction module"
-    export AVM_DETECTED=1
-  fi
   if [[ "$FILE_BIN_OUT" == *"u-boot legacy uImage"* ]]; then
     print_output "[*] Identified u-boot firmware - using u-boot module"
     export UBOOT_IMAGE=1
@@ -165,4 +170,8 @@ fw_bin_detector() {
       export GPG_COMPRESS=1
     fi
   fi
+  if [[ "$DLINK_ENC_CHECK" == *"CrAU"* ]]; then
+    print_output "[*] Identified Android OTA payload.bin update file - using Android extraction module"
+    export ANDROID_OTA=1
+  fi
 }
diff --git a/modules/P05_fact_init.sh b/modules/P05_fact_init.sh
deleted file mode 100755
index 6a5674635..000000000
--- a/modules/P05_fact_init.sh
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/bash
-
-# EMBA - EMBEDDED LINUX ANALYZER
-#
-# Copyright 2020-2022 Siemens Energy AG
-# Copyright 2020-2022 Siemens AG
-#
-# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
-# welcome to redistribute it under the terms of the GNU General Public License.
-# See LICENSE file for usage of this software.
-#
-# EMBA is licensed under GPLv3
-#
-# Author(s): Michael Messner, Pascal Eckmann
-
-# Description: Extracts zip, tar, tgz archives with FACT extractor
-# Pre-checker threading mode - if set to 1, these modules will run in threaded mode
-export PRE_THREAD_ENA=0
-
-P05_fact_init() {
-  module_log_init "${FUNCNAME[0]}"
-  NEG_LOG=0
-
-  if [[ "$FACT_INIT" -eq 1 ]]; then
-    module_title "FACT initial extractor of different archives"
-    pre_module_reporter "${FUNCNAME[0]}"
-
-    EXTRACTION_DIR="$LOG_DIR"/firmware/fact_extraction/
-
-    fact_extractor "$FIRMWARE_PATH" "$EXTRACTION_DIR"
-
-    if [[ "$FILES_FACT" -gt 0 ]]; then
-      export FIRMWARE_PATH="$LOG_DIR"/firmware/
-    fi
-
-    NEG_LOG=1
-  fi
-  module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
-}
-
-fact_extractor() {
-  sub_module_title "FACT filesystem extractor"
-
-  local FIRMWARE_PATH_="$1"
-  local EXTRACTION_DIR_="$2"
-  FILES_FACT=0
-  local DIRS_FACT=0
-
-  if [[ -d /tmp/extractor ]]; then
-    # This directory is currently hard coded in FACT-extractor
-    rm -rf /tmp/extractor
-  fi
-
-  "$EXT_DIR"/fact_extractor/fact_extractor/fact_extract.py -d "$FIRMWARE_PATH_" >> "$TMP_DIR"/FACTer.txt
-
-  if [[ -d /tmp/extractor/files ]]; then
-    cat /tmp/extractor/reports/meta.json >> "$TMP_DIR"/FACTer.txt
-    cp -r /tmp/extractor/files "$EXTRACTION_DIR_"
-    rm -rf /tmp/extractor
-
-    print_output ""
-    print_output "[*] Using the following firmware directory ($ORANGE$EXTRACTION_DIR_$NC) as base directory:"
-    #shellcheck disable=SC2012
-    ls -lh "$EXTRACTION_DIR_" | tee -a "$LOG_FILE"
-    print_output ""
-
-    FILES_FACT=$(find "$EXTRACTION_DIR_" -type f | wc -l)
-    DIRS_FACT=$(find "$EXTRACTION_DIR_" -type d | wc -l)
-    print_output "[*] Extracted $ORANGE$FILES_FACT$NC files and $ORANGE$DIRS_FACT$NC directories from the firmware image."
-    print_output ""
-  fi
-}
diff --git a/modules/P05_patools_init.sh b/modules/P05_patools_init.sh
new file mode 100755
index 000000000..1c7212e43
--- /dev/null
+++ b/modules/P05_patools_init.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2022 Siemens AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+
+# Description: Extracts zip, tar, tgz archives with patools
+# Pre-checker threading mode - if set to 1, these modules will run in threaded mode
+export PRE_THREAD_ENA=0
+
+P05_patools_init() {
+  module_log_init "${FUNCNAME[0]}"
+  NEG_LOG=0
+
+  if [[ "$PATOOLS_INIT" -eq 1 ]]; then
+    module_title "Initial extractor of different archive types via patools"
+    pre_module_reporter "${FUNCNAME[0]}"
+
+    EXTRACTION_DIR="$LOG_DIR"/firmware/patool_extraction/
+
+    patools_extractor "$FIRMWARE_PATH" "$EXTRACTION_DIR"
+
+    if [[ "$FILES_PATOOLS" -gt 0 ]]; then
+      export FIRMWARE_PATH="$LOG_DIR"/firmware/
+    fi
+
+    NEG_LOG=1
+  fi
+  module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
+}
+
+patools_extractor() {
+  sub_module_title "Patools filesystem extractor"
+
+  local FIRMWARE_PATH_="$1"
+  local EXTRACTION_DIR_="$2"
+  FILES_PATOOLS=0
+  local DIRS_PATOOLS=0
+  local FIRMWARE_NAME_
+  FIRMWARE_NAME_="$(basename "$FIRMWARE_PATH_")"
+
+  patool -v test "$FIRMWARE_PATH_" | tee -a "$LOG_PATH_MODULE"/paextract_test_"$FIRMWARE_NAME_".log
+
+  if grep -q "patool: ... tested ok." "$LOG_PATH_MODULE"/paextract_test_"$FIRMWARE_NAME_".log ; then
+
+    print_output ""
+    print_output "[*] Valid compressed file detected - extraction process via patool started"
+
+    patool -v extract "$FIRMWARE_PATH_" --outdir "$EXTRACTION_DIR_" | tee -a "$LOG_PATH_MODULE"/paextract_extract_"$FIRMWARE_NAME_".log
+
+    print_output ""
+    print_output "[*] Using the following firmware directory ($ORANGE$EXTRACTION_DIR_$NC) as base directory:"
+    #shellcheck disable=SC2012
+    ls -lh "$EXTRACTION_DIR_" | tee -a "$LOG_FILE"
+    print_output ""
+
+    FILES_PATOOLS=$(find "$EXTRACTION_DIR_" -type f | wc -l)
+    DIRS_PATOOLS=$(find "$EXTRACTION_DIR_" -type d | wc -l)
+    print_output "[*] Extracted $ORANGE$FILES_PATOOLS$NC files and $ORANGE$DIRS_PATOOLS$NC directories from the firmware image."
+    print_output ""
+  fi
+}
diff --git a/modules/P11_dlink_SHRS_enc_extract.sh b/modules/P11_dlink_SHRS_enc_extract.sh
index 451da16bb..9f103eaf9 100755
--- a/modules/P11_dlink_SHRS_enc_extract.sh
+++ b/modules/P11_dlink_SHRS_enc_extract.sh
@@ -48,7 +48,7 @@ dlink_SHRS_enc_extractor() {
 
   print_output ""
 
-  dd if="$DLINK_ENC_PATH_" skip=1756 iflag=skip_bytes|openssl aes-128-cbc -d -p -nopad -nosalt -K "c05fbf1936c99429ce2a0781f08d6ad8" -iv "67c6697351ff4aec29cdbaabf2fbe346" --nosalt -in /dev/stdin -out "$EXTRACTION_FILE_" 2>&1 | tee -a "$LOG_FILE"
+  dd if="$DLINK_ENC_PATH_" skip=1756 iflag=skip_bytes|openssl aes-128-cbc -d -p -nopad -nosalt -K "c05fbf1936c99429ce2a0781f08d6ad8" -iv "67c6697351ff4aec29cdbaabf2fbe346" --nosalt -in /dev/stdin -out "$EXTRACTION_FILE_" 2>&1 || true | tee -a "$LOG_FILE"
 
   print_output ""
   if [[ -f "$EXTRACTION_FILE_" ]]; then
@@ -75,12 +75,16 @@ dlink_enc_img_extractor(){
   IMAGE_SIZE=$(stat -c%s "$TMP_IMAGE_FILE")
   (( ROOF=IMAGE_SIZE/131072 ))
   for ((ITERATION=0; ITERATION<ROOF; ITERATION++)); do
-    (( OFFSET=131072*ITERATION ))
+    if [[ "$ITERATION" -eq 0 ]]; then
+      OFFSET=0
+    else
+      (( OFFSET=131072*ITERATION ))
+    fi
     dd if="$TMP_IMAGE_FILE" skip="$OFFSET" iflag=skip_bytes count=256| openssl aes-256-cbc -d -in /dev/stdin  -out /dev/stdout \
     -K "6865392d342b4d212964363d6d7e7765312c7132613364316e26322a5a5e2538" -iv "4a253169516c38243d6c6d2d3b384145" --nopad \
     --nosalt | dd if=/dev/stdin of="$EXTRACTION_FILE_" oflag=append conv=notrunc 2>&1 | tee -a "$LOG_FILE"
   done
-# Now it should be a .ubi file thats somewhat readable and extractable via ubireader
+  # Now it should be a .ubi file thats somewhat readable and extractable via ubireader
   print_output ""
   if [[ -f "$EXTRACTION_FILE_" ]]; then
     print_output "[+] Decrypted D-Link firmware file to $ORANGE$EXTRACTION_FILE_$NC"
@@ -90,4 +94,4 @@ dlink_enc_img_extractor(){
   else
     print_output "[-] Decryption of D-Link firmware file failed"
   fi
-}
\ No newline at end of file
+}
diff --git a/modules/P12_avm_freetz_ng_extract.sh b/modules/P12_avm_freetz_ng_extract.sh
index 4481089a2..a90d18333 100755
--- a/modules/P12_avm_freetz_ng_extract.sh
+++ b/modules/P12_avm_freetz_ng_extract.sh
@@ -42,7 +42,10 @@ avm_extractor() {
   local FRITZ_VERSION
   sub_module_title "AVM freetz-ng firmware extractor"
 
-  "$EXT_DIR"/freetz-ng/fwmod -u -d "$EXTRACTION_DIR_" "$AVM_FW_PATH_" || true | tee -a "$LOG_FILE"
+  # read only filesystem bypass:
+  cp "$EXT_DIR"/freetz-ng/.config "$TMP_DIR"/.config
+  "$EXT_DIR"/freetz-ng/fwmod -u -i "$TMP_DIR"/.config -d "$EXTRACTION_DIR_" "$AVM_FW_PATH_" || true | tee -a "$LOG_FILE"
+
 
   FRITZ_FILES=$(find "$EXTRACTION_DIR_" -type f | wc -l)
   FRITZ_DIRS=$(find "$EXTRACTION_DIR_" -type d | wc -l)
diff --git a/modules/P14_ext2_mounter.sh b/modules/P14_ext2_mounter.sh
index eef05e84d..8681eb3bb 100755
--- a/modules/P14_ext2_mounter.sh
+++ b/modules/P14_ext2_mounter.sh
@@ -48,7 +48,7 @@ ext2_extractor() {
 
   mkdir -p "$TMP_EXT_MOUNT"
   print_output "[*] Trying to mount $ORANGE$EXT_PATH_$NC to $ORANGE$TMP_EXT_MOUNT$NC directory"
-  mount "$EXT_PATH_" "$TMP_EXT_MOUNT"
+  mount -o ro "$EXT_PATH_" "$TMP_EXT_MOUNT"
   if mount | grep -q ext_mount; then
     print_output "[*] Copying $ORANGE$TMP_EXT_MOUNT$NC to firmware tmp directory ($EXTRACTION_DIR_)"
     mkdir -p "$EXTRACTION_DIR_"
diff --git a/modules/P17_gpg_decompress.sh b/modules/P17_gpg_decompress.sh
index 3f8ed82a4..def429d50 100755
--- a/modules/P17_gpg_decompress.sh
+++ b/modules/P17_gpg_decompress.sh
@@ -42,7 +42,7 @@ gpg_decompress_extractor() {
   sub_module_title "GPG compressed firmware extractor"
 
   gpg --list-packets "$GPG_FILE_PATH_" 2>/dev/null | tee -a "$LOG_FILE"
-  gpg --decrypt "$GPG_FILE_PATH_" > "$EXTRACTION_FILE_"
+  gpg --decrypt "$GPG_FILE_PATH_" > "$EXTRACTION_FILE_" || true
 
   print_output ""
   if [[ -f "$EXTRACTION_FILE_" ]]; then
diff --git a/modules/P18_qnap_decryptor.sh b/modules/P18_qnap_decryptor.sh
index 75d23e6f8..a98fc6271 100755
--- a/modules/P18_qnap_decryptor.sh
+++ b/modules/P18_qnap_decryptor.sh
@@ -333,7 +333,7 @@ qnap_extractor() {
   if [[ -v USR_LOCAL[@] ]]; then
     print_output ""
     for f in "${USR_LOCAL[@]}"; do
-      print_output "[*] Extracting $ORANGE$f$NC -> sysroot/usr/local..."
+      print_output "[*] Extracting $ORANGE$f$NC -> ${ORANGE}sysroot/usr/local$NC ..."
       mkdir -p "$SYSROOT/usr/local" || true
       tar xvzf "$f" -C "$SYSROOT/usr/local"
     done
@@ -358,7 +358,7 @@ qnap_extractor() {
 
   for name in apache_php5 mysql5 mariadb5; do
     if [ -e "$QNAP_EXTRACTION_ROOT_DST/qpkg/$name.tgz" ]; then
-      print_output "[*] Extracting ${ORANGE}qpkg/$name.tgz$NC -> sysroot/usr/local..."
+      print_output "[*] Extracting ${ORANGE}qpkg/$name.tgz$NC -> ${ORANGE}sysroot/usr/local$NC ..."
       tar xvzf "$QNAP_EXTRACTION_ROOT_DST/qpkg/$name.tgz" -C "$SYSROOT/usr/local"
     fi
   done
diff --git a/modules/P19_bsd_ufs_mounter.sh b/modules/P19_bsd_ufs_mounter.sh
index 68cec5419..d48c115c2 100755
--- a/modules/P19_bsd_ufs_mounter.sh
+++ b/modules/P19_bsd_ufs_mounter.sh
@@ -51,7 +51,7 @@ ufs_extractor() {
   modprobe ufs
   mount -r -t ufs -o ufstype=ufs2 "$UFS_PATH_" "$TMP_UFS_MOUNT"
   if mount | grep -q ufs_mount; then
-    print_output "[*] Copying $ORANGE$TMP_UFS_MOUNT$NC to firmware tmp directory ($EXTRACTION_DIR_)"
+    print_output "[*] Copying $ORANGE$TMP_UFS_MOUNT$NC to firmware tmp directory ($ORANGE$EXTRACTION_DIR_$NC)"
     mkdir -p "$EXTRACTION_DIR_" 2>/dev/null || true
     cp -pri "$TMP_UFS_MOUNT"/* "$EXTRACTION_DIR_" 2>/dev/null || true
     print_output ""
diff --git a/modules/P25_android_ota.sh b/modules/P25_android_ota.sh
new file mode 100755
index 000000000..92b3e05f3
--- /dev/null
+++ b/modules/P25_android_ota.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2022 Siemens AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner, Pascal Eckmann
+
+# Description: Extracts Android OTA update files - see https://github.com/e-m-b-a/emba/issues/233
+# Pre-checker threading mode - if set to 1, these modules will run in threaded mode
+export PRE_THREAD_ENA=0
+
+P25_android_ota() {
+  module_log_init "${FUNCNAME[0]}"
+  NEG_LOG=0
+  if [[ "$ANDROID_OTA" -eq 1 ]]; then
+    module_title "Android OTA payload.bin extractor"
+    pre_module_reporter "${FUNCNAME[0]}"
+
+    EXTRACTION_DIR="$LOG_DIR"/firmware/android_ota/
+
+    android_ota_extractor "$FIRMWARE_PATH" "$EXTRACTION_DIR"
+
+    if [[ "$FILES_OTA" -gt 0 ]]; then
+      export FIRMWARE_PATH="$LOG_DIR"/firmware/
+    fi
+    NEG_LOG=1
+  fi
+  module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
+}
+
+android_ota_extractor() {
+  local OTA_INIT_PATH_="$1"
+  local EXTRACTION_DIR_="$2"
+  local DIRS_OTA=0
+  FILES_OTA=0
+  sub_module_title "Android OTA extractor"
+
+  hexdump -C "$OTA_INIT_PATH_" | head | tee -a "$LOG_FILE" || true
+
+  if [[ -d "$EXT_DIR"/payload_dumper ]]; then
+    print_output ""
+    print_output "[*] Extracting Android OTA payload.bin file ..."
+    print_output ""
+    python3 "$EXT_DIR"/payload_dumper/payload_dumper.py --out "$EXTRACTION_DIR_" "$OTA_INIT_PATH_" | tee -a "$LOG_FILE"
+    FILES_OTA=$(find "$EXTRACTION_DIR_" -type f | wc -l)
+    DIRS_OTA=$(find "$EXTRACTION_DIR_" -type d | wc -l)
+    print_output "[*] Extracted $ORANGE$FILES_OTA$NC files and $ORANGE$DIRS_OTA$NC directories from the firmware image."
+  else
+    print_output "[-] Android OTA payload.bin extractor not found - check your installation"
+  fi
+}
diff --git a/modules/P60_firmware_bin_extractor.sh b/modules/P60_firmware_bin_extractor.sh
index 25b50b95c..a80746bfc 100755
--- a/modules/P60_firmware_bin_extractor.sh
+++ b/modules/P60_firmware_bin_extractor.sh
@@ -278,9 +278,10 @@ binwalking() {
   # we use the original FIRMWARE_PATH for entropy testing, just if it is a file
   if [[ -f $FIRMWARE_PATH_BAK ]] ; then
     print_output "[*] Entropy testing with binwalk ... "
-    # we have to change the working directory for binwalk, because /emba is read-only in the Docker container and binwalk fails to save the entropy picture there
+    # we have to change the working directory for binwalk, because everything except the log directory is read-only in
+    # Docker container and binwalk fails to save the entropy picture there
     if [[ $IN_DOCKER -eq 1 ]] ; then
-      cd / || return
+      cd "$LOG_DIR" || return
       print_output "$(binwalk -E -F -J "$FIRMWARE_PATH_BAK")"
       mv "$(basename "$FIRMWARE_PATH".png)" "$LOG_DIR"/firmware_entropy.png 2> /dev/null || true
       cd /emba || return
diff --git a/modules/S115_usermode_emulator.sh b/modules/S115_usermode_emulator.sh
index 07aafcf34..838de7b00 100755
--- a/modules/S115_usermode_emulator.sh
+++ b/modules/S115_usermode_emulator.sh
@@ -362,17 +362,19 @@ prepare_emulator() {
 
     print_output ""
     print_output "[*] Currently mounted areas:"
-    print_output "$(indent "$(mount | grep "$R_PATH" 2> /dev/null )")""\\n"
+    print_output "$(indent "$(mount | grep "$R_PATH" 2> /dev/null || true)")""\\n"
 
+    # temp code - currently core dumps are disabled via docker-compose file
     # we disable core dumps in our docker environment. If running on the host without docker
     # the user is responsible for useful settings
-    if [[ $IN_DOCKER -eq 1 ]] ; then
-      print_output ""
-      print_output "[*] We disable core dumps to prevent wasting our disk space."
-      ulimit -c 0
-      sysctl -w kernel.core_pattern=/dev/null
-      ulimit -a
-    fi
+    #if [[ $IN_DOCKER -eq 1 ]] ; then
+    #  print_output ""
+    #  print_output "[*] We disable core dumps to prevent wasting our disk space."
+    #  ulimit -c 0
+    #  # this does not work inside of docker without "privileged: true":
+    #  sysctl -w kernel.core_pattern=/dev/null
+    #  ulimit -a
+    #fi
 
     print_output "[*] Final fixes of the root filesytem in a chroot environment"
     cp ./helpers/fixImage_user_mode_emulation.sh "$R_PATH"/
diff --git a/modules/S25_kernel_check.sh b/modules/S25_kernel_check.sh
index 271411381..070285f1a 100755
--- a/modules/S25_kernel_check.sh
+++ b/modules/S25_kernel_check.sh
@@ -26,6 +26,7 @@ S25_kernel_check()
 
   KERNEL_VERSION=()
   KERNEL_DESC=()
+  KERNEL_MODULES=()
   FOUND=0
   KMOD_BAD=0
 
@@ -73,6 +74,8 @@ S25_kernel_check()
     print_output "[*] Check kernel configuration ""$(print_path "$KERNEL_CONFIG" )"" via checksec.sh"
     print_output "$("$EXT_DIR""/checksec" --kernel="$KERNEL_CONFIG")"
     FOUND=1
+    export LOG_PATH_MODULE
+    LOG_PATH_MODULE="$LOG_DIR""/""$(echo "$MODULE_MAIN_NAME" | tr '[:upper:]' '[:lower:]')"
 
   elif [[ $KERNEL -eq 1 ]] && [[ $FIRMWARE -eq 1 ]] ; then
 
diff --git a/modules/S30_version_vulnerability_check.sh b/modules/S30_version_vulnerability_check.sh
index 198fe13af..ebe0fbe53 100755
--- a/modules/S30_version_vulnerability_check.sh
+++ b/modules/S30_version_vulnerability_check.sh
@@ -36,9 +36,6 @@ S30_version_vulnerability_check() {
 
     VUL_FEED_CVSS_DB="$EXT_DIR""/allitemscvss.csv"
 
-    print_output "[*] Vulnerability database found!"
-    print_output ""
-
     for LINE in "${BINARIES[@]}"; do
       if (file "$LINE" | grep -q "ELF"); then
 
diff --git a/scan-profiles/default-scan.emba b/scan-profiles/default-scan.emba
index 8a19880a5..76e2b1f20 100644
--- a/scan-profiles/default-scan.emba
+++ b/scan-profiles/default-scan.emba
@@ -1,17 +1,17 @@
-# emba - EMBEDDED LINUX ANALYZER
+# EMBA - EMBEDDED LINUX ANALYZER
 #
 # Copyright 2020-2021 Siemens Energy AG
 # Copyright 2020-2021 Siemens AG
 #
-# emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.
 # See LICENSE file for usage of this software.
 #
-# emba is licensed under GPLv3
+# EMBA is licensed under GPLv3
 #
 # Author(s): Michael Messner, Pascal Eckmann
 #
-# Description: This is a default emba profile. You can Use it as a template for your own profiles
+# Description: This is a default EMBA profile. You can Use it as a template for your own profiles
 #              or start emba with "-p default-scan.emba" to use it
 
 export FORMAT_LOG=1
@@ -31,6 +31,6 @@ if [[ $IN_DOCKER -ne 1 ]] ; then
   else
     print_output "$(indent "$(orange "Enables automated qemu emulation tests")")" "no_log"
   fi
-  print_output "$(indent "$(orange "Runs emba in docker container")")" "no_log"
+  print_output "$(indent "$(orange "Runs EMBA in docker container")")" "no_log"
   export USE_DOCKER=1
 fi
diff --git a/scan-profiles/full-scan.emba b/scan-profiles/full-scan.emba
index c8c9a86ff..cecb28de1 100644
--- a/scan-profiles/full-scan.emba
+++ b/scan-profiles/full-scan.emba
@@ -1,18 +1,18 @@
-# emba - EMBEDDED LINUX ANALYZER
+# EMBA - EMBEDDED LINUX ANALYZER
 #
-# Copyright 2020-2021 Siemens Energy AG
-# Copyright 2020-2021 Siemens AG
+# Copyright 2020-2022 Siemens Energy AG
+# Copyright 2020-2022 Siemens AG
 #
-# emba comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
 # welcome to redistribute it under the terms of the GNU General Public License.
 # See LICENSE file for usage of this software.
 #
-# emba is licensed under GPLv3
+# EMBA is licensed under GPLv3
 #
 # Author(s): Michael Messner, Pascal Eckmann
 #
-# Description: This is a default emba profile. You can Use it as a template for your own profiles
-#              or start emba with "-p full-scan.emba" to use it
+# Description: This is a default EMBA profile. You can Use it as a template for your own profiles
+#              or start EMBA with "-p full-scan.emba" to use it
 
 export FORMAT_LOG=1
 export THREADED=1
@@ -28,7 +28,7 @@ if [[ $IN_DOCKER -ne 1 ]] ; then
   print_output "$(indent "$(orange "Activates web report creation in log path")")" "no_log"
   print_output "$(indent "$(orange "Enable cwe-checker")")" "no_log"
   print_output "$(indent "$(orange "Enables automated qemu emulation tests (WARNING this module could harm your host!)")")" "no_log"
-  print_output "$(indent "$(orange "Runs emba in docker container")")" "no_log"
+  print_output "$(indent "$(orange "Runs EMBA in docker container")")" "no_log"
   export USE_DOCKER=1
 fi