log color, init sort, web reporter

config/banner/MSF_Edt-v1.1.3.txt

@@ -1,5 +1,5 @@
 
-EMBA version 1.1.3 - Metasploit Edt.
+EMBA version 1.1.3 - Metasploit Edt. (Historic edt.)
 
      ,           ,
     /             \

config/bin_version_strings.cfg

@@ -179,7 +179,7 @@ flowman;;unknown;"^flowman\ [0-9]\.[0-9]\.[0-9]\.flowman\ build-[0-9]+$";"sed -r
 fota;;unknown;"^fota\ client\ version:\ [0-9](\.[0-9]+)+?\.$";"sed -r 's/fota\ client\ version\:\ ([0-9](\.[0-9]+)+)?\.$/fota_client:\1/'";
 fota;;unknown;"^fota\ tz\ client\ version:\ [0-9](\.[0-9]+)+?\.$";"sed -r 's/fota\ tz\ client\ version\:\ ([0-9](\.[0-9]+)+?)\.$/fota_client:\1/'";
 freebsd;;bsd;"FreeBSD\ [0-9]+(\.[0-9])+?-RELEASE\ ";"sed -r 's/FreeBSD\ ([0-9]+(\.[0-9]+)+?)-RELEASE\ $/freebsd:\1/'";
-freebsd;;bsd;"FreeBSD\ [0-9]+(\.[0-9])+?-RELEASE-p[0-9]\ ";"sed -r 's/FreeBSD\ ([0-9]+(\.[0-9]+)+?)-RELEASE-([a-z]([0-9]+))\ $/freebsd:\1:\2/'";
+freebsd;;bsd;"FreeBSD\ [0-9]+(\.[0-9])+?-RELEASE-p[0-9]\ ";"sed -r 's/FreeBSD\ ([0-9]+(\.[0-9]+)+?)-RELEASE-([a-z]([0-9]+))\ $/freebsd:\1:\3/'";
 freeradius;;bsd;"^radiusd:\ FreeRADIUS\ Version\ [0-9](\.[0-9]+)+?";"sed -r 's/radiusd:\ FreeRADIUS\ Version\ ([0-9](\.[0-9]+)+?).*/freeradius:\1/'";
 freeradius;;bsd;"^FreeRADIUS\ Version\ [0-9](\.[0-9]+)+?";"sed -r 's/FreeRADIUS\ Version\ ([0-9](\.[0-9]+)+?).*/freeradius:\1/'";
 freeradius-radclient;;bsd;"radclient:\ [0-9]\.[0-9]+\.[0-9]+\ built\ on\ ";"sed -r 's/radclient:\ ([0-9](\.[0-9]+)+?).*/freeradius:radclient:\1/'";

helpers/helpers_emba_html_generator.sh

@@ -115,16 +115,12 @@ add_link_tags() {
           done
           LINK_COMMAND_ARR+=( "$LINE_NUMBER_INFO_PREV"'s@^@'"$HTML_LINK"'@' "$LINE_NUMBER_INFO_PREV"'s@$@'"$LINK_END"'@')
         elif [[ "${REF_LINK: -7}" == ".tar.gz" ]] ; then
-          # LINE_NUMBER_INFO_PREV="$(grep -a -n -m 1 -E "\[REF\] ""$REF_LINK" "$LINK_FILE" | cut -d":" -f1 || true)"
           local RES_PATH
           RES_PATH="$ABS_HTML_PATH""/""$(echo "$BACK_LINK" | cut -d"." -f1 )""/res"
           if [[ ! -d "$RES_PATH" ]] ; then mkdir -p "$RES_PATH" > /dev/null || true ; fi
           cp "$REF_LINK" "$RES_PATH""/""$(basename "$REF_LINK")" || true
-          # HTML_LINK="$P_START""Archive: ""$(echo "$LOCAL_LINK" | sed -e "s@LINK@./$(echo "$BACK_LINK" | cut -d"." -f1 )/res/$(basename "$REF_LINK")@g" || true)""$(basename "$REF_LINK")""$LINK_END""$P_END"
           HTML_LINK="$(echo "$LOCAL_LINK" | sed -e "s@LINK@./$(echo "$BACK_LINK" | cut -d"." -f1 )/res/$(basename "$REF_LINK")@g" || true)""Download Qemu emulation archive.""$LINK_END"
-          # LINK_COMMAND_ARR+=( "$LINE_NUMBER_INFO_PREV"'s@$@'"$HTML_LINK"'@' )
-          # LINK_COMMAND_ARR+=( "$LINE_NUMBER_INFO_PREV"'s@Qemu emulation archive created in log directory.@'"$HTML_LINK"'@' )
-          sed -i "s@Qemu emulation archive created in log directory.@$HTML_LINK@" "$LINK_FILE"
+          sed -i "s@Qemu emulation archive created in log directory.*@$HTML_LINK$P_END@" "$LINK_FILE"
         elif [[ "${REF_LINK: -4}" == ".png" ]] ; then
           LINE_NUMBER_INFO_PREV="$(grep -a -n -m 1 -E "\[REF\] ""$REF_LINK" "$LINK_FILE" | cut -d":" -f1 || true)"
           cp "$REF_LINK" "$ABS_HTML_PATH$STYLE_PATH""/""$(basename "$REF_LINK")" || true

helpers/helpers_emba_print.sh

@@ -515,7 +515,7 @@ print_help()
   echo -e "\\nModify output"
   echo -e "$CYAN""-s""$NC""                Prints only relative paths"
   echo -e "$CYAN""-z""$NC""                Adds ANSI color codes to log"
-  echo -e "$CYAN""-B""$NC""                Enables status bar (Warning: unstable on some firmwares)"
+  echo -e "$CYAN""-B""$NC""                Enables status bar (Warning: unstable on some firmware images)"
   echo -e "\\nFirmware details"
   echo -e "$CYAN""-X [version]""$NC""      Firmware version (double quote your input)"
   echo -e "$CYAN""-Y [vendor]""$NC""       Firmware vendor (double quote your input)"

modules/F50_base_aggregator.sh

@@ -657,7 +657,7 @@ output_cve_exploits() {
         write_link "l35"
       fi
       if [[ "$REMOTE_EXPLOIT_CNT" -gt 0 || "$LOCAL_EXPLOIT_CNT" -gt 0 || "$DOS_EXPLOIT_CNT" -gt 0 || "$GITHUB_EXPLOIT_CNT" -gt 0 || "$KNOWN_EXPLOITED_COUNTER" -gt 0 || "$MSF_VERIFIED" -gt 0 ]]; then
-        print_output "$(indent "$(green "Remote exploits: $MAGENTA$BOLD$REMOTE_EXPLOIT_CNT$NC$GREEN / Local exploits: $MAGENTA$BOLD$LOCAL_EXPLOIT_CNT$NC$GREEN / DoS exploits: $MAGENTA$BOLD$DOS_EXPLOIT_CNT$NC$GREEN / Github PoCs: $MAGENTA$BOLD$GITHUB_EXPLOIT_CNT$NC$GREEN / Known exploited vulnerabilities: $MAGENTA$BOLD$KNOWN_EXPLOITED_COUNTER$GREE / Verified Exploits: $MAGENTA$BOLD$MSF_VERIFIED$NC")")"
+        print_output "$(indent "$(green "Remote exploits: $MAGENTA$BOLD$REMOTE_EXPLOIT_CNT$NC$GREEN / Local exploits: $MAGENTA$BOLD$LOCAL_EXPLOIT_CNT$NC$GREEN / DoS exploits: $MAGENTA$BOLD$DOS_EXPLOIT_CNT$NC$GREEN / Github PoCs: $MAGENTA$BOLD$GITHUB_EXPLOIT_CNT$NC$GREEN / Known exploited vulnerabilities: $MAGENTA$BOLD$KNOWN_EXPLOITED_COUNTER$GREEN / Verified Exploits: $MAGENTA$BOLD$MSF_VERIFIED$NC")")"
         write_csv_log "remote_exploits" "$REMOTE_EXPLOIT_CNT" "NA"
         write_csv_log "local_exploits" "$LOCAL_EXPLOIT_CNT" "NA"
         write_csv_log "dos_exploits" "$DOS_EXPLOIT_CNT" "NA"

modules/L10_system_emulation.sh

@@ -1237,7 +1237,14 @@ get_networking_details_emulation() {
       done
     fi
 
-    eval "IPS_INT_VLAN=($(for i in "${IPS_INT_VLAN[@]}" ; do echo "\"$i\"" ; done | sort -u))"
+    eval "IPS_INT_VLAN=(
+    $(for i in "${IPS_INT_VLAN[@]}" ; do
+      if [[ "$i" == *"default"* ]]; then
+        # Quick fix - we remove the default entry now and add it later on to the last position
+        continue
+      fi
+      echo "\"$i\"" ;
+    done | sort -u))"
 
     # fallback - default network configuration:
     # we always add this as the last resort - with this at least ICMP should be possible in most cases

modules/L10_system_emulation/inferFile.sh

@@ -5,6 +5,7 @@
 # shellcheck disable=SC2148
 BUSYBOX="/busybox"
 
+"${BUSYBOX}" touch /firmadyne/init_tmp
 "${BUSYBOX}" touch /firmadyne/init
 "${BUSYBOX}" echo "[*] EMBA inferFile script starting ..."
 
@@ -37,7 +38,7 @@ if ("${FIRMAE_BOOT}"); then
     "${BUSYBOX}" echo "[*] Found boot file $FILE"
     # sysinit entry is the one to look for
     # shellcheck disable=SC2016
-    for STARTUP_FILE in $("${BUSYBOX}" grep ":.*sysinit:" "$FILE" | "${BUSYBOX}" rev | "${BUSYBOX}" cut -d: -f1 | "${BUSYBOX}" rev | "${BUSYBOX}" awk '{print $1}' | "${BUSYBOX}" sort -u)
+    for STARTUP_FILE in $("${BUSYBOX}" grep "^:.*sysinit:" "$FILE" | "${BUSYBOX}" rev | "${BUSYBOX}" cut -d: -f1 | "${BUSYBOX}" rev | "${BUSYBOX}" awk '{print $1}' | "${BUSYBOX}" sort -u)
     do
       "${BUSYBOX}" echo "[*] Found possible startup file $STARTUP_FILE"
       arr+=("${STARTUP_FILE}")
@@ -58,6 +59,10 @@ if ("${FIRMAE_BOOT}"); then
       if [ -d "${FILE}" ]; then
         continue
       fi
+      if [ "$FILE" = "/firmadyne/init" ]; then
+        # skip our own init
+        continue
+      fi
       if [ ! -e "${FILE}" ]; then # could not find original file (symbolic link or just file)
         if [ -h "${FILE}" ]; then # remove old symbolic link
           "${BUSYBOX}" rm "${FILE}"
@@ -75,14 +80,16 @@ if ("${FIRMAE_BOOT}"); then
       fi
       if [ -e "${FILE}" ]; then
         "${BUSYBOX}" echo "[*] Writing firmadyne init $FILE"
-        "${BUSYBOX}" echo "${FILE}" >> /firmadyne/init
+        "${BUSYBOX}" echo "${FILE}" >> /firmadyne/init_tmp
       fi
     done
   fi
 fi
 
 "${BUSYBOX}" echo "[*] Re-creating firmadyne/init:"
+"${BUSYBOX}" sort /firmadyne/init_tmp > /firmadyne/init
 "${BUSYBOX}" echo '/firmadyne/preInit.sh' >> /firmadyne/init
 "${BUSYBOX}" cat /firmadyne/init
+"${BUSYBOX}" rm /firmadyne/init_tmp
 
 "${BUSYBOX}" echo "[*] EMBA inferFile script finished ..."

modules/L30_routersploit.sh

@@ -72,6 +72,18 @@ check_live_routersploit() {
     grep -B 1 "Target seems to be vulnerable" "$LOG_PATH_MODULE"/routersploit-"$IP_ADDRESS_".txt | tee -a "$LOG_FILE"
     print_ln
   fi
+
+  color_routersploit_log "$LOG_PATH_MODULE/routersploit-$IP_ADDRESS_.txt"
+
   print_output "[*] Routersploit tests for emulated system with IP $ORANGE$IP_ADDRESS_$NC finished"
 }
 
+color_routersploit_log() {
+  local RSPLOIT_LOG_FILE_="${1:-}"
+  if ! [[ -f "${RSPLOIT_LOG_FILE_:-}" ]]; then
+    return
+  fi
+
+  sed -i -r "s/Target is vulnerable/\x1b[32m&\x1b[0m/" "$RSPLOIT_LOG_FILE_"
+  sed -i -r "s/Target seems to be vulnerable/\x1b[32m&\x1b[0m/" "$RSPLOIT_LOG_FILE_"
+}

modules/P35_UEFI_extractor.sh

@@ -37,9 +37,9 @@ P35_UEFI_extractor() {
     if [[ "$FILES_UEFI" -gt 0 ]]; then
       MD5_DONE_DEEP+=( "$(md5sum "$FIRMWARE_PATH" | awk '{print $1}')" )
       export FIRMWARE_PATH="$LOG_DIR"/firmware/
+      NEG_LOG=1
     fi
 
-    NEG_LOG=1
     module_end_log "${FUNCNAME[0]}" "$NEG_LOG"
   fi
 }

modules/P61_unblob_eval.sh

@@ -89,6 +89,9 @@ P61_unblob_eval() {
     print_output "[*] Additionally the Linux path counter is $ORANGE$LINUX_PATH_COUNTER_UNBLOB$NC."
     print_ln
     print_output "[*] ${ORANGE}EMBA/binwalk$NC results:$NC"
+    if [[ -f "$LOG_DIR/p59_binwalk_extractor.txt" ]]; then
+      write_link "p59"
+    fi
     print_output "[*] Found $ORANGE$FILES_EXT$NC files ($ORANGE$UNIQUE_FILES$NC unique files) and $ORANGE$DIRS_EXT$NC directories at all."
     print_output "[*] Found $ORANGE$BINS$NC binaries."
     print_output "[*] Additionally the Linux path counter is $ORANGE$LINUX_PATH_COUNTER$NC."

modules/S14_weak_func_radare_check.sh

@@ -424,6 +424,7 @@ radare_print_top10_statistics() {
             write_link "$LOG_PATH_MODULE""/vul_func_""$F_COUNTER""_""$FUNCTION"-"$SEARCH_TERM"".txt"
           fi
         done
+        print_ln
       fi  
     done
   else
@@ -433,7 +434,7 @@ radare_print_top10_statistics() {
 
 radare_color_output() {
   local FUNCTION="${1:-}"
-  sed -i -r "s/^.*($FUNCTION).*/\x1b[31m&\x1b[0m/" "$FUNC_LOG" 2>/dev/null || true
+  sed -i -r "s/^[[:alnum:]].*($FUNCTION).*/\x1b[31m&\x1b[0m/" "$FUNC_LOG" 2>/dev/null || true
 }
 
 radare_log_bin_hardening() {

modules/S15_bootloader_check.sh

@@ -66,7 +66,7 @@ check_bootloader()
   # Syslinux
   local SYSLINUX_PATHS=()
   local SYSLINUX_FILE=""
-  mapfile -t SYSLINUX_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/syslinux/syslinux.cfg")
+  mapfile -t SYSLINUX_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/syslinux/syslinux.cfg" || true)
   for SYSLINUX_FILE in "${SYSLINUX_PATHS[@]}" ; do
     if [[ -f "$SYSLINUX_FILE" ]] ; then
       CHECK=1
@@ -83,7 +83,7 @@ check_bootloader()
   CHECK=0
   local GRUB_PATHS=()
   local GRUB_FILE=""
-  mapfile -t GRUB_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/grub/grub.conf")
+  mapfile -t GRUB_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/grub/grub.conf" || true)
   for GRUB_FILE in "${GRUB_PATHS[@]}" ; do
     if [[ -f "$GRUB_FILE" ]] ; then
       CHECK=1
@@ -93,7 +93,7 @@ check_bootloader()
       ((STARTUP_FINDS+=1))
     fi
   done
-  mapfile -t GRUB_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/grub/menu.lst")
+  mapfile -t GRUB_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/grub/menu.lst" || true)
   for GRUB_FILE in "${GRUB_PATHS[@]}" ; do
     if [[ -f "$GRUB_FILE" ]] ; then
       CHECK=1
@@ -109,7 +109,7 @@ check_bootloader()
 
   # Grub2
   CHECK=0
-  mapfile -t GRUB_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/grub/grub.cfg")
+  mapfile -t GRUB_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/grub/grub.cfg" || true)
   for GRUB_FILE in "${GRUB_PATHS[@]}" ; do
     if [[ -f "$GRUB_FILE" ]] ; then
       CHECK=1
@@ -119,7 +119,7 @@ check_bootloader()
       ((STARTUP_FINDS+=1))
     fi
   done
-  mapfile -t GRUB_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/grub/grub.conf")
+  mapfile -t GRUB_PATHS < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/grub/grub.conf" || true)
   for GRUB_FILE in "${GRUB_PATHS[@]}" ; do
     if [[ -f "$GRUB_FILE" ]] ; then
       CHECK=1
@@ -170,11 +170,11 @@ check_bootloader()
   CHECK=0
   local BOOT1 BOOT2 BOOTL
   #mapfile -t BOOT1 < <(mod_path "/boot/boot1")
-  mapfile -t BOOT1 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/boot1")
+  mapfile -t BOOT1 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/boot1" || true)
   #mapfile -t BOOT2 < <(mod_path "/boot/boot2")
-  mapfile -t BOOT2 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/boot2")
+  mapfile -t BOOT2 < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/boot2" || true)
   #mapfile -t BOOTL < <(mod_path "/boot/loader")
-  mapfile -t BOOTL < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/loader")
+  mapfile -t BOOTL < <(find "$FIRMWARE_PATH" -xdev -type f -iwholename "/boot/loader" || true)
 
   for B1 in "${BOOT1[@]}" ; do
     for B2 in "${BOOT2[@]}" ; do

modules/S20_shell_check.sh

@@ -30,7 +30,7 @@ S20_shell_check()
   local SEMGREP=1
   local NEG_LOG=0
 
-  mapfile -t SH_SCRIPTS < <( find "$FIRMWARE_PATH" -xdev -type f -iname "*.sh" -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\  -f3 )
+  mapfile -t SH_SCRIPTS < <( find "$FIRMWARE_PATH" -xdev -type f -iname "*.sh" -exec md5sum {} \; 2>/dev/null | sort -u -k1,1 | cut -d\  -f3 || true )
   write_csv_log "Script path" "Shell issues detected" "common linux file" "shellcheck/semgrep"
 
   if [[ $SHELLCHECK -eq 1 ]] ; then