Skip to content

EMBA v1.5.0 - SBOMdorado

Latest
Compare
Choose a tag to compare
@m-1-k-3 m-1-k-3 released this 22 Oct 11:07
· 150 commits to master since this release
c531641

The main goal of EMBA was always to get an accurate real life overview of the threats of a firmware image. While a few years ago the target audience were only pentesters, in today’s EMBA world also software developers, product owners and product security teams are using her to achieve different goals.

Over the time EMBA is grown and today she is not only a firmware analyzer anymore. Nowadays, EMBA is used to test every little piece of unknown binary. While the main interest stays on analyzing Linux based firmware, we have seen that EMBA is also used for UEFI, Windows binaries, Linux binaries, different Scripts, Android APKs and a lot of other stuff. Beside the high fragmentation of the targets under test, we have seen a growing demand for SBOM generation. EMBA includes some kind of basic SBOM support for ages, but as most of our analyzed binaries do not rely on some kind of package managers, we have not seen the demand for supporting them on a broad base - until today.

We have now adjusted our approach to support a broad range of package managers, packet types and further sources for getting an accurate SBOM out of every testing candidate.

Beside our binary analysis mechanism as the only source of truth, EMBA is now able to extract further details from the following sources:

  • Binaries and libraries
  • Linux Kernel
  • Kernel modules
  • Linux distribution identification
  • RPM package management system
  • Debian package management system
  • OpenWRT Package management system
  • Python PIP package management system
  • Python requirements files
  • RPM packages
  • DEB packages
  • FreeBSD pkg packages
  • Java archives
  • Alpine APK
  • Python poetry
  • Python wheel
  • Rust (cargo.lock)
  • Ruby (gem)
  • JavaScript - npm
  • Windows binary exif data
  • Windows binary extraction and analysis

Further details can be found in our wiki

Additionally, we did something more:

  • FLOSS interview - check it out here
  • Ubuntu 24.04 LTS support
  • Switching from docker-compose to docker compose
  • Bug fixing
  • Refactoring
  • Docker base image updates

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image

A big kudos goes to to offchain-audit for his sponsoring and to n0x08 for his ongoing support.

Check it out here and start being an essential part of the future of EMBA


It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:


Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

What's Changed

  • #1073 by @m-1-k-3 in #1076
  • restart EMBA functionality by @m-1-k-3 in #1078
  • make the quick mode quick by @m-1-k-3 in #1081
  • Make the updater work again by @m-1-k-3 in #1082
  • fix hardening log for s16 by @m-1-k-3 in #1084
  • Quick version identifier update by @github-actions in #1089
  • Metasploit database update by @github-actions in #1087
  • CISA known exploited database update by @github-actions in #1088
  • Snyk database update by @github-actions in #1090
  • Packetstorm database update by @github-actions in #1091
  • fix day cnt by @m-1-k-3 in #1085
  • fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
  • Metasploit database update by @github-actions in #1094
  • full names and working tagging for packetstorm script by @HoxhaEndri in #1061
  • add md5sum to binaries by @m-1-k-3 in #1096
  • installer srecord by @m-1-k-3 in #1097
  • Firmware/binary handling again by @m-1-k-3 in #1099
  • little fixes by @m-1-k-3 in #1102
  • Quick version identifier update by @github-actions in #1105
  • CISA known exploited database update by @github-actions in #1104
  • Metasploit database update by @github-actions in #1103
  • Packetstorm database update by @github-actions in #1107
  • Snyk database update by @github-actions in #1106
  • Packetstorm database update by @github-actions in #1113
  • CISA known exploited database update by @github-actions in #1111
  • Metasploit database update by @github-actions in #1110
  • Snyk database update by @github-actions in #1112
  • xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
  • FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
  • Workflow docker builder updates by @m-1-k-3 in #1115
  • Remove Arachni / refactoring by @m-1-k-3 in #1117
  • Packetstorm database update by @github-actions in #1122
  • CISA known exploited database update by @github-actions in #1120
  • csv issues #1116 by @m-1-k-3 in #1118
  • Metasploit database update by @github-actions in #1119
  • Snyk database update by @github-actions in #1121
  • csv issues #1116 by @m-1-k-3 in #1123
  • f10 csv fix by @m-1-k-3 in #1124
  • Vars check by @m-1-k-3 in #1126
  • Metasploit database update by @github-actions in #1128
  • CISA known exploited database update by @github-actions in #1129
  • Packetstorm database update by @github-actions in #1131
  • Snyk database update by @github-actions in #1130
  • further vars cleanup, kev in f20 by @m-1-k-3 in #1127
  • var cleanup, status_bar fix by @m-1-k-3 in #1132
  • S36 updates, l10 fixes by @m-1-k-3 in #1133
  • CISA known exploited database update by @github-actions in #1135
  • Packetstorm database update by @github-actions in #1137
  • Metasploit database update by @github-actions in #1134
  • Snyk database update by @github-actions in #1136
  • Emulation updates by @m-1-k-3 in #1140
  • Packetstorm database update by @github-actions in #1144
  • CISA known exploited database update by @github-actions in #1142
  • Metasploit database update by @github-actions in #1141
  • s115 qemu command output by @m-1-k-3 in #1145
  • Snyk database update by @github-actions in #1143
  • Packetstorm database update by @github-actions in #1149
  • CISA known exploited database update by @github-actions in #1147
  • Metasploit database update by @github-actions in #1146
  • Snyk database update by @github-actions in #1148
  • Metasploit database update by @github-actions in #1151
  • Packetstorm database update by @github-actions in #1153
  • Snyk database update by @github-actions in #1152
  • Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
  • Update default-scan-no-notify.emba by @BenediktMKuehne in #1156
  • Packetstorm database update by @github-actions in #1161
  • Quick version identifier update by @github-actions in #1160
  • CISA known exploited database update by @github-actions in #1158
  • fix zlib (unzip) version string by @gluesmith2021 in #1164
  • JTR hash sorting by @BenediktMKuehne in #1154
  • Dhcp version strings and blacklist fix by @gluesmith2021 in #1163
  • f20 cpe handling #1155 by @m-1-k-3 in #1166
  • MODULE_BLACKLIST array handling by @m-1-k-3 in #1168
  • CISA known exploited database update by @github-actions in #1170
  • Quick version identifier update by @github-actions in #1171
  • Metasploit database update by @github-actions in #1169
  • Snyk database update by @github-actions in #1172
  • Packetstorm database update by @github-actions in #1173
  • improve not on YARA settings by @m-1-k-3 in #1176
  • F20 CVE version range checking: fix and dead code removal by @gluesmith2021 in #1165
  • Less regex / f20 and s21 wording by @m-1-k-3 in #1177
  • Update unblob and binwalk installer by @m-1-k-3 in #1178
  • System emulation updates by @m-1-k-3 in #1157
  • Revert "System emulation updates" by @m-1-k-3 in #1179
  • Metasploit database update by @github-actions in #1181
  • CISA known exploited database update by @github-actions in #1182
  • Packetstorm database update by @github-actions in #1185
  • Quick version identifier update by @github-actions in #1184
  • Packetstorm database update by @github-actions in #1191
  • Snyk database update by @github-actions in #1190
  • CISA known exploited database update by @github-actions in #1189
  • Metasploit database update by @github-actions in #1188
  • System emulator updates by @m-1-k-3 in #1180
  • Snyk script improved by @HoxhaEndri in #1186
  • System emulation updates by @m-1-k-3 in #1193
  • Metasploit database update by @github-actions in #1194
  • CISA known exploited database update by @github-actions in #1195
  • Quick version identifier update by @github-actions in #1196
  • Packetstorm database update by @github-actions in #1198
  • System emulation updates by @m-1-k-3 in #1199
  • Snyk database update by @github-actions in #1197
  • Update README.md by @BenediktMKuehne in #1200
  • Bump version - v1.4.1 (white rabbit) by @m-1-k-3 in #1201
  • Update EMBA VERSION.txt by @github-actions in #1203
  • little updates by @m-1-k-3 in #1204
  • Metasploit database update by @github-actions in #1205
  • Snyk database update by @github-actions in #1206
  • Packetstorm database update by @github-actions in #1207
  • Metasploit database update by @github-actions in #1208
  • CISA known exploited database update by @github-actions in #1209
  • Snyk database update by @github-actions in #1210
  • Packetstorm database update by @github-actions in #1211
  • more bash expansion refactoring by @m-1-k-3 in #1215
  • P23 improvements of handling nbd devices by @m-1-k-3 in #1214
  • Metasploit database update by @github-actions in #1217
  • CISA known exploited database update by @github-actions in #1218
  • Snyk database update by @github-actions in #1219
  • Packetstorm database update by @github-actions in #1220
  • Module documentation template by @m-1-k-3 in #1216
  • New capa (identify capabilities in executable files) module with ATT&CK support (S18) by @m-1-k-3 in #1212
  • fix p35 by @m-1-k-3 in #1221
  • Fix spelling mistake in S23_lua_check.sh by @Grezzo in #1222
  • fix s109, p35 by @m-1-k-3 in #1224
  • Improve ssdeep command in EMBA by @m-1-k-3 in #1225
  • Packetstorm database update by @github-actions in #1231
  • CISA known exploited database update by @github-actions in #1228
  • Metasploit database update by @github-actions in #1227
  • Update docker-compose.yml by @BenediktMKuehne in #1232
  • installer fix for #1226 by @m-1-k-3 in #1233
  • Little updates by @m-1-k-3 in #1234
  • Improve Patool error output by @m-1-k-3 in #1236
  • ftp client by @m-1-k-3 in #1241
  • Metasploit database update by @github-actions in #1242
  • CISA known exploited database update by @github-actions in #1243
  • Packetstorm database update by @github-actions in #1245
  • L10 init recovery test mode by @m-1-k-3 in #1246
  • docker compose install issue by @m-1-k-3 in #1248
  • libmagic by @m-1-k-3 in #1249
  • little s18 fix by @m-1-k-3 in #1251
  • CISA known exploited database update by @github-actions in #1253
  • Packetstorm database update by @github-actions in #1254
  • Metasploit database update by @github-actions in #1252
  • S08 / Installer by @m-1-k-3 in #1255
  • Packetstorm database update by @github-actions in #1259
  • CISA known exploited database update by @github-actions in #1258
  • Metasploit database update by @github-actions in #1257
  • docker compose vs docker-compose by @m-1-k-3 in #1260
  • little l10 improvements by @m-1-k-3 in #1261
  • log_bin_hardening improved by @m-1-k-3 in #1262
  • refactoring, L10 fixes by @m-1-k-3 in #1263
  • Service handling for lighttpd, debugging services by @m-1-k-3 in #1265
  • bump version v1.4.2 by @m-1-k-3 in #1267
  • default value by @m-1-k-3 in #1269
  • s24 boot entry sort to the beginning of L10 tests by @m-1-k-3 in #1270
  • Packetstorm database update by @github-actions in #1273
  • CISA known exploited database update by @github-actions in #1272
  • Metasploit database update by @github-actions in #1271
  • Metasploit database update by @github-actions in #1274
  • CISA known exploited database update by @github-actions in #1275
  • Packetstorm database update by @github-actions in #1276
  • Packetstorm database update by @github-actions in #1280
  • CISA known exploited database update by @github-actions in #1279
  • Metasploit database update by @github-actions in #1278
  • L10: revert stat64 by @m-1-k-3 in #1281
  • S26: fix regex / S24 check for architecture by @m-1-k-3 in #1282
  • Improve if with lower case by @m-1-k-3 in #1283
  • Metasploit database update by @github-actions in #1284
  • CISA known exploited database update by @github-actions in #1285
  • Packetstorm database update by @github-actions in #1286
  • Bug Fixes Snyk Crawler by @HoxhaEndri in #1287
  • workflow dispatch by @m-1-k-3 in #1288
  • Snyk database update by @github-actions in #1289
  • Update default_install.yml by @m-1-k-3 in #1290
  • fix uml-utilities install by @m-1-k-3 in #1292
  • profile path issue #1266 by @m-1-k-3 in #1291
  • Updated versions of capa and cwe-checker in installer by @m-1-k-3 in #1293
  • CISA known exploited database update by @github-actions in #1294
  • Snyk database update by @github-actions in #1295
  • Packetstorm database update by @github-actions in #1296
  • update SECURITY.md by @m-1-k-3 in #1298
  • Packetstorm database update by @github-actions in #1307
  • Snyk database update by @github-actions in #1306
  • Metasploit database update by @github-actions in #1304
  • fix missing components without vulns by @m-1-k-3 in #1299
  • CISA known exploited database update by @github-actions in #1305
  • Kali version bump, new docker image, refactoring, s26 bug by @m-1-k-3 in #1302
  • remove routersploit dep by @m-1-k-3 in #1308
  • Refactor P02, P05 by @m-1-k-3 in #1309
  • Refactor LOG vars, D-modules by @m-1-k-3 in #1312
  • Metasploit database update by @github-actions in #1314
  • Routersploit database update by @github-actions in #1315
  • CISA known exploited database update by @github-actions in #1316
  • Snyk database update by @github-actions in #1317
  • Packetstorm database update by @github-actions in #1318
  • fix docker build by @m-1-k-3 in #1321
  • bump docker base image by @m-1-k-3 in #1322
  • Packetstorm database update by @github-actions in #1327
  • Snyk database update by @github-actions in #1326
  • Metasploit database update by @github-actions in #1324
  • CISA known exploited database update by @github-actions in #1325
  • Packetstorm database update by @github-actions in #1332
  • Snyk database update by @github-actions in #1331
  • Metasploit database update by @github-actions in #1329
  • Packetstorm database update by @github-actions in #1337
  • Snyk database update by @github-actions in #1336
  • Massive SBOM improvements by @m-1-k-3 in #1323
  • Improve docker installation (includes Ubuntu 24.04 support) by @m-1-k-3 in #1339
  • Multiple little fixes / updated base image by @m-1-k-3 in #1341
  • Packetstorm database update by @github-actions in #1347
  • Snyk database update by @github-actions in #1346
  • Quick version identifier update by @github-actions in #1345
  • Metasploit database update by @github-actions in #1344
  • CISA known exploited database update by @github-actions in #1335
  • Multiple little fixes by @m-1-k-3 in #1343
  • Fix update check by @m-1-k-3 in #1349
  • bump version v1.5.0 by @m-1-k-3 in #1350

New Contributors

Full Changelog: 1.4.0-ICS-testing-edt...v1.5.0-SBOMdorado