TROMMEL – sifts through directories of files to identify indicators that may contain vulnerabilities.
TROMMEL identifies the following indicators related to:
– Secure Shell (SSH) key files
– Secure Socket Layer (SSL) key files
– Internet Protocol (IP) addresses
– Uniform Resource Locator (URL)
– email addresses
– shell scripts
– web server binaries
– configuration files
– database files
– specific binaries files (i.e. Dropbear, BusyBox, etc.)
– shared object library files
– web application scripting variables, and
– Android application package (APK) file permissions.
TROMMEL has also integrated vFeed which allows for further in-depth vulnerability analysis of identified indicator.
trommel
Dependencies:
+ Python-Magic https://pypi.python.org/pypi/python-magic
+ vFeed Database Community(free Edition) https://vfeed.io/pricing/
The vFeed.db (The Correlated Vulnerability and Threat Database) is a detective and preventive security information repository used for gathering vulnerability and mitigation data from scattered internet sources into an unified database
Notes
* TROMMEL has been tested using Python 2.7 on macOS Sierra and Kali Linux x86_64.
* TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices
Usage:
git clone https://github.com/CERTCC-Vulnerability-Analysis/trommel && cd trommel ./trommel.py --help ./trommel.py -p /directory -o output_file