TROMMEL – Sift Through Embedded Device Files To Identify Potential Vulnerable Indicators

TROMMEL sifts through embedded device files to identify potential vulnerable indicators.TROMMEL identifies the following indicators related to:Secure Shell (SSH) key filesSecure Socket Layer (SSL) key filesInternet Protocol (IP) addressesUniform Resource Locator (URL)email addressesshell scriptsweb server binariesconfiguration filesdatabase filesspecific binaries files (i.e. Dropbear, BusyBox, etc.)shared object library filesweb application scripting variables, andAndroid application package (APK) file permissions.TROMMEL has also integrated vFeed which allows for further in-depth vulnerability analysis of identified indicators.DependenciesPython-Magic – See documentation for instructions for Python3-magic installationvFeed Database – For non-commercial use, register and download the Community Edition databaseUsage$ trommel.py –helpOutput TROMMEL results to a file based on a given directory. By default, only searches plain text files.$ trommel.py -p /directory -o output_fileOutput TROMMEL results to a file based on a given directory. Search both binary and plain text files.$ trommel.py -p /directory -o output_file -bNotesThe intended use of TROMMEL is to assist researchers during firmware analysis.TROMMEL has been tested using Python3 on Kali Linux x86_64.TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices.ReferencesvFeedFirmwalkerLua Code: Security Overview and Practical Approaches to Static Analysis by Andrei CostinAuthorKyle O’Meara – komeara AT cert DOT orgDownload Trommel

Link: http://feedproxy.google.com/~r/PentestTools/~3/UW_LBgpwYX4/trommel-sift-through-embedded-device.html

Pompem – Exploit and Vulnerability Finder

Pompem is an open source tool, designed to automate the search for Exploits and Vulnerability in the most important databases. Developed in Python, has a system of advanced search, that help the work of pentesters and ethical hackers. In the current version, it performs searches in PacketStorm security, CXSecurity, ZeroDay, Vulners, National Vulnerability Database, WPScan Vulnerability Database …ScreenshotsSource codeYou can download the latest tarball by clicking here or latest zipball by clicking here.You can also download Pompem directly from its Git repository:$ git clone https://github.com/rfunix/Pompem.gitDependenciesPompem works out of the box with Python 3.5 on any platform and requires the following packages:Requests 2.9.1+InstallationGet Pompem up and running in a single command:$ pip3.5 install -r requirements.txtYou may greatly benefit from using virtualenv, which isolates packages installed for every project. If you have never used it, simply check [this tutorial] (http://docs.python-guide.org/en/latest/dev/virtualenvs) .UsageTo get the list of basic options and information about the project:$ python3.5 pompem.py -hOptions: -h, –help show this help message and exit -s, –search text for search –txt Write txt File –html Write html FileExamples of use:$ python3.5 pompem.py -s WordPress$ python3.5 pompem.py -s Joomla –html$ python3.5 pompem.py -s “Internet Explorer,joomla,wordpress" –html$ python3.5 pompem.py -s FortiGate –txt$ python3.5 pompem.py -s ssh,ftp,mysqlDownload Pompem

Link: http://www.kitploit.com/2019/02/pompem-exploit-and-vulnerability-finder.html