TROMMEL – Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities

TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities. TROMMEL identifies the following indicators related to:Secure Shell (SSH) key filesSecure Socket Layer (SSL) key filesInternet Protocol (IP) addressesUniform Resource Locator (URL)email addressesshell scriptsweb server binariesconfiguration filesdatabase filesspecific binaries files (i.e. Dropbear, BusyBox, etc.)shared object library filesweb application scripting variables, andAndroid application package (APK) file permissions.TROMMEL has also integrated vFeed which allows for further in-depth vulnerability analysis of identified indicators.DependenciesPython-MagicvFeed Database – For non-commercial use, register and download the Community Edition databaseUsage$ –helpOutput TROMMEL results to a file based on a given directory$ -p /directory -o output_fileNotesTROMMEL has been tested using Python 2.7 on macOS Sierra and Kali Linux x86_64.TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices.ReferencesvFeedFirmwalkerLua Code: Security Overview and Practical Approaches to Static Analysis by Andrei CostinDownload TROMMEL