[+] Final aggregator
[+] Tested firmware: /home/genesis/firmwaretest/DUMP.tar
[+] EMBA start command: ./emba -l ../bashis -f ../DUMP.tar -p ./scan-profiles/default-scan.emba
[+] Detected architecture and endianness (verified): MIPS / EL
[+] Operating system detected (verified): Linux / v3.10.27
[+] 974 files and 135 directories detected.
[+] Entropy analysis of binary firmware is: 6.775706 bits per byte.
[+] Entropy analysis of binary firmware is available: /logs/firmware_entropy.png
[+] Found 807 issues in 84 shell scripts.
[+] Found the following configuration issues:
Found 39 areas with weak permissions.
Found 1 password related details.
Found 7 password related details via STACS (1 passwords cracked.)
Found 1 outdated certificates in 2 certificates.
Found 53 kernel modules with 0 licensing issues.
Found 0 interesting files and 1 files that could be useful for post-exploitation.
[+] Found 204 (69%) binaries without enabled RELRO in 295 binaries.
[+] Found 295 (100%) binaries without enabled NX in 295 binaries.
[+] Found 107 (36%) binaries without enabled PIE in 295 binaries.
[+] Found 239 (81%) stripped binaries without symbols in 295 binaries.
[+] Found 267 usages of strcpy in 295 binaries.
[+] STRCPY - top 10 results:
17 : libasound.so.2. : common linux file: yes | No RELRO | Canary | NX disabled | No Symbols | Networking |
16 : tz_dst : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
16 : libwifi.so : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
16 : libiw.so.30 : common linux file: yes | No RELRO | Canary | NX disabled | No Symbols | No Networking |
16 : libdumpSiteSurv : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
16 : libcam.so : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
14 : libpib.so : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
13 : onvifbox : common linux file: no | No RELRO | Canary | NX disabled | No Symbols | No Networking |
13 : libglib-2.0.so. : common linux file: no | No RELRO | Canary | NX disabled | No Symbols | No Networking |
12 : libonvifkit.so : common linux file: no | No RELRO | Canary | NX disabled | No Symbols | No Networking |
[+] SYSTEM - top 10 results:
70 : librtsnm.so : common linux file: no | No RELRO | Canary | NX disabled | No Symbols | Networking |
58 : start_wps : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
50 : wifi-tool : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
35 : cgihtmlbox : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
32 : mfgbox : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
27 : libwifi.so : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
21 : libbuilt_in_cgi : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
16 : libwlan.so : common linux file: no | No RELRO | Canary | NX disabled | No Symbols | No Networking |
16 : libonvifkit.so : common linux file: no | No RELRO | Canary | NX disabled | No Symbols | No Networking |
16 : libcam.so : common linux file: no | RELRO | Canary | NX disabled | No Symbols | No Networking |
[*] Identified the following software inventory, vulnerabilities and exploits:
[+] Found version details: alsa : 1.0.28 : CVEs: 1 : Exploits: 0 : Source: STAT
[+] Found version details: ethtool : 6 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: curl : 1 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: busybox : 1.22.1 : CVEs: 18 : Exploits: 15 : Source: STAT
[+] Found version details: ncurses : 6.0.20150808 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: sed : 4.0 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: curl : 7.43.0 : CVEs: 80 : Exploits: 31 : Source: STAT
[+] Found version details: iperf : 2.0.5 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: expat : 2.0.1 : CVEs: 31 : Exploits: 18 : Source: STAT
[+] Found version details: libgjpeg-turbo : 1.5.0 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: lighttpd : 1.4.35 : CVEs: 3 : Exploits: 2 : Source: STAT
[+] Found version details: libcurl : 7.43.0 : CVEs: 24 : Exploits: 12 : Source: STAT
[+] Found version details: portmap : 6.0 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: openssl : 1.0.2t : CVEs: 18 : Exploits: 17 : Source: STAT
[+] Found version details: udhcp : 1.22.1 : CVEs: 0 : Exploits: 0 : Source: STAT
[+] Found version details: zlib : 1.2.5 : CVEs: 5 : Exploits: 2 : Source: STAT
[+] Found version details: kernel : 3.10.27 : CVEs: 1392 : Exploits: 277 : Source: STAT
[+] Identified 17 software components with version details.
[+] Identified 1575 CVE entries.
Identified 585 High rated CVE entries / Exploits: 211
Identified 912 Medium rated CVE entries / Exploits: 137
Identified 78 Low rated CVE entries /Exploits: 13
361 possible exploits available (11 Metasploit modules).
Remote exploits: 0 / Local exploits: 24 / DoS exploits: 9 / Github PoCs: 311 / Known exploited vulnerabilities: 4 / Verified Exploits: 0