TROMMEL - Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities

TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities.
TROMMEL identifies the following indicators related to:

• Secure Shell (SSH) key files
• Secure Socket Layer (SSL) key files
• Internet Protocol (IP) addresses
• Uniform Resource Locator (URL)
• email addresses
• shell scripts
• web server binaries
• configuration files
• database files
• specific binaries files (i.e. Dropbear, BusyBox, etc.)
• shared object library files
• web application scripting variables, and
• Android application package (APK) file permissions.
  TROMMEL has also integrated vFeed which allows for further in-depth vulnerability analysis of identified indicators.

Dependencies

• Python-Magic
• vFeed Database - For non-commercial use, register and download the Community Edition database

Usage

$ trommel.py --help

Output TROMMEL results to a file based on a given directory

$ trommel.py -p /directory -o output_file

Notes

• TROMMEL has been tested using Python 2.7 on macOS Sierra and Kali Linux x86_64.
• TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices.

References

• vFeed
• Firmwalker
• Lua Code: Security Overview and Practical Approaches to Static Analysis by Andrei Costin

Download TROMMEL