TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerability.

TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerability.

TROMMEL – sifts through directories of files to identify indicators that may contain vulnerabilities.

TROMMEL identifies the following indicators related to:
– Secure Shell (SSH) key files
Secure Socket Layer (SSL) key files
– Internet Protocol (IP) addresses
– Uniform Resource Locator (URL)
– email addresses
– shell scripts
– web server binaries
– configuration files
– database files
– specific binaries files (i.e. Dropbear, BusyBox, etc.)
– shared object library files
– web application scripting variables, and
Android application package (APK) file permissions.
TROMMEL has also integrated vFeed which allows for further in-depth vulnerability analysis of identified indicator.

trommel

Dependencies:
+ Python-Magic https://pypi.python.org/pypi/python-magic
+ vFeed Database Community(free Edition) https://vfeed.io/pricing/
The vFeed.db (The Correlated Vulnerability and Threat Database) is a detective and preventive security information repository used for gathering vulnerability and mitigation data from scattered internet sources into an unified database

Notes
* TROMMEL has been tested using Python 2.7 on macOS Sierra and Kali Linux x86_64.
* TROMMEL was written with the intent to help with identifying indicators that may contain vulnerabilities found in firmware of embedded devices

Usage:

Source: https://github.com/CERTCC-Vulnerability-Analysis