TROMMEL – Search Files For Potential Vulnerable Indicators

TROMMEL sifts through embedded device files to identify potential vulnerable indicators. The tool can be used to search files and configurations in a directory and find potential vulnerability. usually any security scanner will produced reports and finding without properly confirming the system vulnerability.

TROMMEL - Search Files to Identify Potential Vulnerable Indicators
TROMMEL – Search Files to Identify Potential Vulnerable Indicators

Vulnerability scanner allow security professional to automate and accelerate the vulnerability assessment while it will be required to validate any security issue reported. This tool can be an additional way to verify files for vulnerabilities. TROMMEL identifies the following indicators related to:

  • Secure Shell (SSH) key files
  • Secure Socket Layer (SSL) key files
  • Internet Protocol (IP) addresses
  • Uniform Resource Locator (URL)
  • email addresses
  • shell scripts
  • web server binaries
  • configuration files
  • database files
  • specific binaries files (i.e. Dropbear, BusyBox, etc.)
  • shared object library files
  • web application scripting variables, and
  • Android application package (APK) file permissions.

Upon execution, TROMMEL provides the following feedback to the researcher in the terminal and writes 2 (CSV parsable) results files:

  • Results will be saved to User-Supplied-File-Name_Trommel_YYYYMMDD_HHMMSS.
  • Hashes of files will be saved to User-Supplied-File-Name_TROMMEL_Hash_Results_YYYYMMDD_HHMMSS.

Checks the system architecture by using the BusyBox binary. The text file is named according to the above naming convention and will contain the following information preceding the identified indicators:

  • TROMMEL Results File Name: [Researcher Supplied File Name]
  • Directory: [Researcher Supplied Directory]
  • There are [Count of Files] total files within the directory.

The results should be reviewed to identify and remove false positives and to identify indicators that need further analysis for potential vulnerabilities.

You can read more and download this tool over here: https://github.com/CERTCC/trommel

Share