EMBA v1.5.0 - SBOMdorado

[m-1-k-3]

The main goal of EMBA was always to get an accurate real life overview of the threats of a firmware image. While a few years ago the target audience were only pentesters, in today’s EMBA world also software developers, product owners and product security teams are using her to achieve different goals.

Over the time EMBA is grown and today she is not only a firmware analyzer anymore. Nowadays, EMBA is used to test every little piece of unknown binary. While the main interest stays on analyzing Linux based firmware, we have seen that EMBA is also used for UEFI, Windows binaries, Linux binaries, different Scripts, Android APKs and a lot of other stuff. Beside the high fragmentation of the targets under test, we have seen a growing demand for SBOM generation. EMBA includes some kind of basic SBOM support for ages, but as most of our analyzed binaries do not rely on some kind of package managers, we have not seen the demand for supporting them on a broad base - until today.

We have now adjusted our approach to support a broad range of package managers, packet types and further sources for getting an accurate SBOM out of every testing candidate.

Beside our binary analysis mechanism as the only source of truth, EMBA is now able to extract further details from the following sources:

• Binaries and libraries
• Linux Kernel
• Kernel modules
• Linux distribution identification
• RPM package management system
• Debian package management system
• OpenWRT Package management system
• Python PIP package management system
• Python requirements files
• RPM packages
• DEB packages
• FreeBSD pkg packages
• Java archives
• Alpine APK
• Python poetry
• Python wheel
• Rust (cargo.lock)
• Ruby (gem)
• JavaScript - npm
• Windows binary exif data
• Windows binary extraction and analysis

Further details can be found in our wiki

Additionally, we did something more:

• FLOSS interview - check it out here
• Ubuntu 24.04 LTS support
• Switching from docker-compose to docker compose
• Bug fixing
• Refactoring
• Docker base image updates

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

A big kudos goes to to offchain-audit for his sponsoring and to n0x08 for his ongoing support.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @gluesmith2021 made their first contribution in Version string fixes for isc:dhcp and gnu:glibc #1150
• @Grezzo made their first contribution in Fix spelling mistake in S23_lua_check.sh #1222

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

---

What's Changed

• Is there a mode for differential restart? #1073 by @m-1-k-3 in #1073 #1076
• restart EMBA functionality by @m-1-k-3 in restart EMBA functionality #1078
• make the quick mode quick by @m-1-k-3 in make the quick mode quick #1081
• Make the updater work again by @m-1-k-3 in Make the updater work again #1082
• fix hardening log for s16 by @m-1-k-3 in fix hardening log for s16 #1084
• Quick version identifier update by @github-actions in Quick version identifier update #1089
• Metasploit database update by @github-actions in Metasploit database update #1087
• CISA known exploited database update by @github-actions in CISA known exploited database update #1088
• Snyk database update by @github-actions in Snyk database update #1090
• Packetstorm database update by @github-actions in Packetstorm database update #1091
• fix day cnt by @m-1-k-3 in fix day cnt #1085
• fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in fix for Spurious linux_kernel CVEs, cpe string handling #1086
• Metasploit database update by @github-actions in Metasploit database update #1094
• full names and working tagging for packetstorm script by @HoxhaEndri in full names and working tagging for packetstorm script #1061
• add md5sum to binaries by @m-1-k-3 in add md5sum to binaries #1096
• installer srecord by @m-1-k-3 in installer srecord #1097
• Firmware/binary handling again by @m-1-k-3 in Firmware/binary handling again #1099
• little fixes by @m-1-k-3 in little fixes #1102
• Quick version identifier update by @github-actions in Quick version identifier update #1105
• CISA known exploited database update by @github-actions in CISA known exploited database update #1104
• Metasploit database update by @github-actions in Metasploit database update #1103
• Packetstorm database update by @github-actions in Packetstorm database update #1107
• Snyk database update by @github-actions in Snyk database update #1106
• Packetstorm database update by @github-actions in Packetstorm database update #1113
• CISA known exploited database update by @github-actions in CISA known exploited database update #1111
• Metasploit database update by @github-actions in Metasploit database update #1110
• Snyk database update by @github-actions in Snyk database update #1112
• xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in xz backdoor detection - CVE-2024-3094 #1114
• FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in FIRST EPSS (Exploit Prediction Scoring System) integration #1109
• Workflow docker builder updates by @m-1-k-3 in Workflow docker builder updates #1115
• Remove Arachni / refactoring by @m-1-k-3 in Remove Arachni / refactoring #1117
• Packetstorm database update by @github-actions in Packetstorm database update #1122
• CISA known exploited database update by @github-actions in CISA known exploited database update #1120
• csv issues f10 + p99 csv files question #1116 by @m-1-k-3 in csv issues #1116 #1118
• Metasploit database update by @github-actions in Metasploit database update #1119
• Snyk database update by @github-actions in Snyk database update #1121
• csv issues f10 + p99 csv files question #1116 by @m-1-k-3 in csv issues #1116 #1123
• f10 csv fix by @m-1-k-3 in f10 csv fix #1124
• Vars check by @m-1-k-3 in Vars check #1126
• Metasploit database update by @github-actions in Metasploit database update #1128
• CISA known exploited database update by @github-actions in CISA known exploited database update #1129
• Packetstorm database update by @github-actions in Packetstorm database update #1131
• Snyk database update by @github-actions in Snyk database update #1130
• further vars cleanup, kev in f20 by @m-1-k-3 in further vars cleanup, kev in f20 #1127
• var cleanup, status_bar fix by @m-1-k-3 in var cleanup, status_bar fix #1132
• S36 updates, l10 fixes by @m-1-k-3 in S36 updates, l10 fixes #1133
• CISA known exploited database update by @github-actions in CISA known exploited database update #1135
• Packetstorm database update by @github-actions in Packetstorm database update #1137
• Metasploit database update by @github-actions in Metasploit database update #1134
• Snyk database update by @github-actions in Snyk database update #1136
• Emulation updates by @m-1-k-3 in Emulation updates #1140
• Packetstorm database update by @github-actions in Packetstorm database update #1144
• CISA known exploited database update by @github-actions in CISA known exploited database update #1142
• Metasploit database update by @github-actions in Metasploit database update #1141
• s115 qemu command output by @m-1-k-3 in s115 qemu command output #1145
• Snyk database update by @github-actions in Snyk database update #1143
• Packetstorm database update by @github-actions in Packetstorm database update #1149
• CISA known exploited database update by @github-actions in CISA known exploited database update #1147
• Metasploit database update by @github-actions in Metasploit database update #1146
• Snyk database update by @github-actions in Snyk database update #1148
• Metasploit database update by @github-actions in Metasploit database update #1151
• Packetstorm database update by @github-actions in Packetstorm database update #1153
• Snyk database update by @github-actions in Snyk database update #1152
• Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in Version string fixes for isc:dhcp and gnu:glibc #1150
• Update default-scan-no-notify.emba by @BenediktMKuehne in Update default-scan-no-notify.emba #1156
• Packetstorm database update by @github-actions in Packetstorm database update #1161
• Quick version identifier update by @github-actions in Quick version identifier update #1160
• CISA known exploited database update by @github-actions in CISA known exploited database update #1158
• fix zlib (unzip) version string by @gluesmith2021 in fix zlib (unzip) version string #1164
• JTR hash sorting by @BenediktMKuehne in JTR hash sorting #1154
• Dhcp version strings and blacklist fix by @gluesmith2021 in Dhcp version strings and blacklist fix #1163
• f20 cpe handling Improve "ISC DHCP" detection and CVE search #1155 by @m-1-k-3 in f20 cpe handling #1155 #1166
• MODULE_BLACKLIST array handling by @m-1-k-3 in MODULE_BLACKLIST array handling #1168
• CISA known exploited database update by @github-actions in CISA known exploited database update #1170
• Quick version identifier update by @github-actions in Quick version identifier update #1171
• Metasploit database update by @github-actions in Metasploit database update #1169
• Snyk database update by @github-actions in Snyk database update #1172
• Packetstorm database update by @github-actions in Packetstorm database update #1173
• improve not on YARA settings by @m-1-k-3 in improve not on YARA settings #1176
• F20 CVE version range checking: fix and dead code removal by @gluesmith2021 in F20 CVE version range checking: fix and dead code removal #1165
• Less regex / f20 and s21 wording by @m-1-k-3 in Less regex / f20 and s21 wording #1177
• Update unblob and binwalk installer by @m-1-k-3 in Update unblob and binwalk installer #1178
• System emulation updates by @m-1-k-3 in System emulation updates #1157
• Revert "System emulation updates" by @m-1-k-3 in Revert "System emulation updates" #1179
• Metasploit database update by @github-actions in Metasploit database update #1181
• CISA known exploited database update by @github-actions in CISA known exploited database update #1182
• Packetstorm database update by @github-actions in Packetstorm database update #1185
• Quick version identifier update by @github-actions in Quick version identifier update #1184
• Packetstorm database update by @github-actions in Packetstorm database update #1191
• Snyk database update by @github-actions in Snyk database update #1190
• CISA known exploited database update by @github-actions in CISA known exploited database update #1189
• Metasploit database update by @github-actions in Metasploit database update #1188
• System emulator updates by @m-1-k-3 in System emulator updates #1180
• Snyk script improved by @HoxhaEndri in Snyk script improved #1186
• System emulation updates by @m-1-k-3 in System emulation updates #1193
• Metasploit database update by @github-actions in Metasploit database update #1194
• CISA known exploited database update by @github-actions in CISA known exploited database update #1195
• Quick version identifier update by @github-actions in Quick version identifier update #1196
• Packetstorm database update by @github-actions in Packetstorm database update #1198
• System emulation updates by @m-1-k-3 in System emulation updates #1199
• Snyk database update by @github-actions in Snyk database update #1197
• Update README.md by @BenediktMKuehne in Update README.md #1200
• Bump version - v1.4.1 (white rabbit) by @m-1-k-3 in Bump version - v1.4.1 (white rabbit) #1201
• Update EMBA VERSION.txt by @github-actions in Update EMBA VERSION.txt #1203
• little updates by @m-1-k-3 in little updates #1204
• Metasploit database update by @github-actions in Metasploit database update #1205
• Snyk database update by @github-actions in Snyk database update #1206
• Packetstorm database update by @github-actions in Packetstorm database update #1207
• Metasploit database update by @github-actions in Metasploit database update #1208
• CISA known exploited database update by @github-actions in CISA known exploited database update #1209
• Snyk database update by @github-actions in Snyk database update #1210
• Packetstorm database update by @github-actions in Packetstorm database update #1211
• more bash expansion refactoring by @m-1-k-3 in more bash expansion refactoring #1215
• P23 improvements of handling nbd devices by @m-1-k-3 in P23 improvements of handling nbd devices #1214
• Metasploit database update by @github-actions in Metasploit database update #1217
• CISA known exploited database update by @github-actions in CISA known exploited database update #1218
• Snyk database update by @github-actions in Snyk database update #1219
• Packetstorm database update by @github-actions in Packetstorm database update #1220
• Module documentation template by @m-1-k-3 in Module documentation template #1216
• New capa (identify capabilities in executable files) module with ATT&CK support (S18) by @m-1-k-3 in New capa (identify capabilities in executable files) module with ATT&CK support (S18) #1212
• fix p35 by @m-1-k-3 in fix p35 #1221
• Fix spelling mistake in S23_lua_check.sh by @Grezzo in Fix spelling mistake in S23_lua_check.sh #1222
• fix s109, p35 by @m-1-k-3 in fix s109, p35 #1224
• Improve ssdeep command in EMBA by @m-1-k-3 in Improve ssdeep command in EMBA #1225
• Packetstorm database update by @github-actions in Packetstorm database update #1231
• CISA known exploited database update by @github-actions in CISA known exploited database update #1228
• Metasploit database update by @github-actions in Metasploit database update #1227
• Update docker-compose.yml by @BenediktMKuehne in Update docker-compose.yml #1232
• installer fix for installer issue  #1226 by @m-1-k-3 in installer fix for #1226 #1233
• Little updates by @m-1-k-3 in Little updates #1234
• Improve Patool error output by @m-1-k-3 in Improve Patool error output #1236
• ftp client by @m-1-k-3 in ftp client #1241
• Metasploit database update by @github-actions in Metasploit database update #1242
• CISA known exploited database update by @github-actions in CISA known exploited database update #1243
• Packetstorm database update by @github-actions in Packetstorm database update #1245
• L10 init recovery test mode by @m-1-k-3 in L10 init recovery test mode #1246
• docker compose install issue by @m-1-k-3 in docker compose install issue #1248
• libmagic by @m-1-k-3 in libmagic #1249
• little s18 fix by @m-1-k-3 in little s18 fix #1251
• CISA known exploited database update by @github-actions in CISA known exploited database update #1253
• Packetstorm database update by @github-actions in Packetstorm database update #1254
• Metasploit database update by @github-actions in Metasploit database update #1252
• S08 / Installer by @m-1-k-3 in S08 / Installer #1255
• Packetstorm database update by @github-actions in Packetstorm database update #1259
• CISA known exploited database update by @github-actions in CISA known exploited database update #1258
• Metasploit database update by @github-actions in Metasploit database update #1257
• docker compose vs docker-compose by @m-1-k-3 in docker compose vs docker-compose #1260
• little l10 improvements by @m-1-k-3 in little l10 improvements #1261
• log_bin_hardening improved by @m-1-k-3 in log_bin_hardening improved #1262
• refactoring, L10 fixes by @m-1-k-3 in refactoring, L10 fixes #1263
• Service handling for lighttpd, debugging services by @m-1-k-3 in Service handling for lighttpd, debugging services #1265
• bump version v1.4.2 by @m-1-k-3 in bump version v1.4.2 #1267
• default value by @m-1-k-3 in default value #1269
• s24 boot entry sort to the beginning of L10 tests by @m-1-k-3 in s24 boot entry sort to the beginning of L10 tests #1270
• Packetstorm database update by @github-actions in Packetstorm database update #1273
• CISA known exploited database update by @github-actions in CISA known exploited database update #1272
• Metasploit database update by @github-actions in Metasploit database update #1271
• Metasploit database update by @github-actions in Metasploit database update #1274
• CISA known exploited database update by @github-actions in CISA known exploited database update #1275
• Packetstorm database update by @github-actions in Packetstorm database update #1276
• Packetstorm database update by @github-actions in Packetstorm database update #1280
• CISA known exploited database update by @github-actions in CISA known exploited database update #1279
• Metasploit database update by @github-actions in Metasploit database update #1278
• L10: revert stat64 by @m-1-k-3 in L10: revert stat64 #1281
• S26: fix regex / S24 check for architecture by @m-1-k-3 in S26: fix regex / S24 check for architecture #1282
• Improve if with lower case by @m-1-k-3 in Improve if with lower case #1283
• Metasploit database update by @github-actions in Metasploit database update #1284
• CISA known exploited database update by @github-actions in CISA known exploited database update #1285
• Packetstorm database update by @github-actions in Packetstorm database update #1286
• Bug Fixes Snyk Crawler by @HoxhaEndri in Bug Fixes Snyk Crawler #1287
• workflow dispatch by @m-1-k-3 in workflow dispatch #1288
• Snyk database update by @github-actions in Snyk database update #1289
• Update default_install.yml by @m-1-k-3 in Update default_install.yml #1290
• fix uml-utilities install by @m-1-k-3 in fix uml-utilities install #1292
• profile path issue TypeError: kwargs_from_env() got an unexpected keyword argument 'ssl_version' #1266 by @m-1-k-3 in profile path issue #1266 #1291
• Updated versions of capa and cwe-checker in installer by @m-1-k-3 in Updated versions of capa and cwe-checker in installer  #1293
• CISA known exploited database update by @github-actions in CISA known exploited database update #1294
• Snyk database update by @github-actions in Snyk database update #1295
• Packetstorm database update by @github-actions in Packetstorm database update #1296
• update SECURITY.md by @m-1-k-3 in update SECURITY.md #1298
• Packetstorm database update by @github-actions in Packetstorm database update #1307
• Snyk database update by @github-actions in Snyk database update #1306
• Metasploit database update by @github-actions in Metasploit database update #1304
• fix missing components without vulns by @m-1-k-3 in fix missing components without vulns #1299
• CISA known exploited database update by @github-actions in CISA known exploited database update #1305
• Kali version bump, new docker image, refactoring, s26 bug by @m-1-k-3 in Kali version bump, new docker image, refactoring, s26 bug #1302
• remove routersploit dep by @m-1-k-3 in remove routersploit dep #1308
• Refactor P02, P05 by @m-1-k-3 in Refactor P02, P05 #1309
• Refactor LOG vars, D-modules by @m-1-k-3 in Refactor LOG vars, D-modules #1312
• Metasploit database update by @github-actions in Metasploit database update #1314
• Routersploit database update by @github-actions in Routersploit database update #1315
• CISA known exploited database update by @github-actions in CISA known exploited database update #1316
• Snyk database update by @github-actions in Snyk database update #1317
• Packetstorm database update by @github-actions in Packetstorm database update #1318
• fix docker build by @m-1-k-3 in fix docker build #1321
• bump docker base image by @m-1-k-3 in bump docker base image #1322
• Packetstorm database update by @github-actions in Packetstorm database update #1327
• Snyk database update by @github-actions in Snyk database update #1326
• Metasploit database update by @github-actions in Metasploit database update #1324
• CISA known exploited database update by @github-actions in CISA known exploited database update #1325
• Packetstorm database update by @github-actions in Packetstorm database update #1332
• Snyk database update by @github-actions in Snyk database update #1331
• Metasploit database update by @github-actions in Metasploit database update #1329
• Packetstorm database update by @github-actions in Packetstorm database update #1337
• Snyk database update by @github-actions in Snyk database update #1336
• Massive SBOM improvements by @m-1-k-3 in Massive SBOM improvements #1323
• Improve docker installation (includes Ubuntu 24.04 support) by @m-1-k-3 in Improve docker installation (includes Ubuntu 24.04 support) #1339
• Multiple little fixes / updated base image by @m-1-k-3 in Multiple little fixes / updated base image #1341
• Packetstorm database update by @github-actions in Packetstorm database update #1347
• Snyk database update by @github-actions in Snyk database update #1346
• Quick version identifier update by @github-actions in Quick version identifier update #1345
• Metasploit database update by @github-actions in Metasploit database update #1344
• CISA known exploited database update by @github-actions in CISA known exploited database update #1335
• Multiple little fixes by @m-1-k-3 in Multiple little fixes #1343
• Fix update check by @m-1-k-3 in Fix update check #1349
• bump version v1.5.0 by @m-1-k-3 in bump version v1.5.0 #1350

New Contributors

• @gluesmith2021 made their first contribution in Version string fixes for isc:dhcp and gnu:glibc #1150
• @Grezzo made their first contribution in Fix spelling mistake in S23_lua_check.sh #1222

Full Changelog: 1.4.0-ICS-testing-edt...v1.5.0-SBOMdorado

---

This discussion was created from the release EMBA v1.5.0 - SBOMdorado.