little fixes

Author: m-1-k-3

docker-compose.yml

@@ -21,6 +21,7 @@ services:
       - /root/.ghidra/
       - /root/.routersploit/
       - /root/.msf4
+      - /root/.john
       - /run/lock
       - /var/run
       - /var/tmp

helpers/helpers_emba_defaults.sh

@@ -131,4 +131,5 @@ set_defaults() {
   export TOTAL_MEMORY=0
   TOTAL_MEMORY="$(grep MemTotal /proc/meminfo | awk '{print $2}' || true)"
   export Q_MOD_PID=""
+  export F20_SOURCE=""      # F20 module - set to cve-discovery caller for further processing
 }

helpers/helpers_emba_dependency_check.sh

@@ -517,7 +517,9 @@ dependency_check()
       check_dep_file "Binarly FwHunt analyzer" "${EXT_DIR}""/fwhunt-scan/fwhunt_scan_analyzer.py"
 
       if function_exists F20_vul_aggregator; then
-        check_dep_file "NVD CVE database" "${EXT_DIR}""/nvd-json-data-feeds/README.md"
+        if ! [[ -f "${CONFIG_DIR}"/gh_action ]]; then
+          check_dep_file "NVD CVE database" "${EXT_DIR}""/nvd-json-data-feeds/README.md"
+        fi
         # CVE searchsploit
         check_dep_tool "CVE Searchsploit" "cve_searchsploit"
 

installer/IF20_nvd_feed.sh

@@ -37,6 +37,7 @@ IF20_nvd_feed() {
         echo -e "\\n""${MAGENTA}""Check if the NVD JSON data feed is already installed and populated.""${NC}"
         if [[ "${GH_ACTION}" -eq 1 ]]; then
           echo "[*] Github action - not installing NVD database"
+          echo "GH_action:true" > ./config/gh_action || true
           return
         fi
         if [[ -d external/nvd-json-data-feeds ]]; then

modules/F20_vul_aggregator.sh

@@ -22,6 +22,9 @@ F20_vul_aggregator() {
   module_title "Final vulnerability aggregator"
 
   pre_module_reporter "${FUNCNAME[0]}"
+
+  # we use this for later decisions:
+  export F20_SOURCE="${FUNCNAME[0]}"
   print_ln
 
   prepare_cve_search_module
@@ -481,7 +484,11 @@ cve_db_lookup_cve() {
     echo "${CVE_ID}:${CVE_V2:-"NA"}:${CVE_V31:-"NA"}" > "${LOG_PATH_MODULE}"/"${CVE_ENTRY}".txt || true
   fi
 
-  cve_extractor "${CVE_ENTRY}"
+  # only do further analysis if needed
+  # in case we come from s26 module we do not need all the upcoming analysis
+  if [[ "${F20_SOURCE}" == "F20_vul_aggregator" ]]; then
+    cve_extractor "${CVE_ENTRY}"
+  fi
 }
 
 cve_db_lookup_version() {
@@ -493,6 +500,7 @@ cve_db_lookup_version() {
 
   # we create something like "binary_1.2.3" for log paths
   local VERSION_PATH="${BIN_VERSION_//:/_}"
+  # we test for the binary_name:version and for binary_name:*:
   print_output "[*] CVE database lookup with version information: ${ORANGE}${BIN_VERSION_}${NC}" "no_log"
 
   BIN_NAME=$(echo "${BIN_VERSION_}" | cut -d':' -f1)
@@ -521,7 +529,11 @@ cve_db_lookup_version() {
 
   [[ "${THREADED}" -eq 1 ]] && wait_for_pid "${WAIT_PIDS_F19_CVE_SOURCE[@]}"
 
-  cve_extractor "${BIN_VERSION_}"
+  # only do further analysis if needed
+  # in case we come from s26 module we do not need all the upcoming analysis
+  if [[ "${F20_SOURCE}" == "F20_vul_aggregator" ]]; then
+    cve_extractor "${BIN_VERSION_}"
+  fi
 }
 
 # Test the identified JSON files for CPE details and version information
@@ -865,7 +877,7 @@ cve_extractor() {
     if grep -q "${BINARY};.*${VERSION}" "${S36_LOG}" 2>/dev/null; then
       if [[ "${VSOURCE}" == "unknown" ]]; then
         VSOURCE="STAT"
-      else
+      elif ! [[ "${VSOURCE}" =~ .*STAT.* ]]; then
         VSOURCE="${VSOURCE}""/STAT"
       fi
     fi

modules/S13_weak_func_check.sh

@@ -466,7 +466,7 @@ print_top10_statistics() {
     for FUNCTION in "${VULNERABLE_FUNCTIONS[@]}" ; do
       local SEARCH_TERM=""
       local F_COUNTER=0
-      readarray -t RESULTS < <( find "${LOG_PATH_MODULE}" -xdev -iname "vul_func_*_""${FUNCTION}""-*.txt" 2> /dev/null | sed "s/.*vul_func_//" | sort -g -r | head -10 | sed "s/_""${FUNCTION}""-/  /" | sed "s/\.txt//" 2> /dev/null || true)
+      readarray -t RESULTS < <( find "${LOG_PATH_MODULE}" -xdev -iname "vul_func_*_""${FUNCTION}""-*.txt" 2> /dev/null | sed "s/.*vul_func_//" | sort -g -r | head -10 | sed "s/_""${FUNCTION}""-/  /" | sed "s/\.txt//" | grep -v "^0\ " 2> /dev/null || true)
 
       if [[ "${#RESULTS[@]}" -gt 0 ]]; then
         print_ln

modules/S14_weak_func_radare_check.sh

@@ -458,7 +458,7 @@ radare_print_top10_statistics() {
     for FUNCTION in "${VULNERABLE_FUNCTIONS[@]}" ; do
       local SEARCH_TERM=""
       local F_COUNTER=0
-      readarray -t RESULTS < <( find "${LOG_PATH_MODULE}" -xdev -iname "vul_func_*_""${FUNCTION}""-*.txt" 2> /dev/null | sed "s/.*vul_func_//" | sort -g -r | head -10 | sed "s/_""${FUNCTION}""-/  /" | sed "s/\.txt//" 2> /dev/null || true)
+      readarray -t RESULTS < <( find "${LOG_PATH_MODULE}" -xdev -iname "vul_func_*_""${FUNCTION}""-*.txt" 2> /dev/null | sed "s/.*vul_func_//" | sort -g -r | head -10 | sed "s/_""${FUNCTION}""-/  /" | sed "s/\.txt//" | grep -v "^0\ " 2> /dev/null || true)
 
       if [[ "${#RESULTS[@]}" -gt 0 ]]; then
         print_ln

modules/S15_radare_decompile_checks.sh

@@ -167,7 +167,7 @@ radare_decomp_print_top10_statistics() {
     for FUNCTION in "${VULNERABLE_FUNCTIONS[@]}" ; do
       local SEARCH_TERM=""
       local F_COUNTER=0
-      readarray -t RESULTS < <( find "${LOG_PATH_MODULE}" -xdev -iname "vul_func_*_""${FUNCTION}""-*.txt" 2> /dev/null | sed "s/.*vul_func_//" | sort -g -r | head -10 | sed "s/_""${FUNCTION}""-/  /" | sed "s/\.txt//" 2> /dev/null || true)
+      readarray -t RESULTS < <( find "${LOG_PATH_MODULE}" -xdev -iname "vul_func_*_""${FUNCTION}""-*.txt" 2> /dev/null | sed "s/.*vul_func_//" | sort -g -r | head -10 | sed "s/_""${FUNCTION}""-/  /" | sed "s/\.txt//" | grep -v "^0\ " 2> /dev/null || true)
 
       if [[ "${#RESULTS[@]}" -gt 0 ]]; then
         print_ln

modules/S20_shell_check.sh

@@ -77,7 +77,7 @@ S20_shell_check()
   fi
 
   if [[ ${SEMGREP} -eq 1 ]] ; then
-    sub_module_title "Check scripts with semgrep"
+    sub_module_title "Check shell scripts with semgrep"
     local S20_SEMGREP_SCRIPTS=0
     local S20_SEMGREP_VULNS=0
     local SHELL_LOG="${LOG_PATH_MODULE}"/semgrep.log
@@ -118,8 +118,6 @@ s20_eval_script_check() {
   local GPT_PRIO_=3
   local GPT_ANCHOR_=""
 
-  sub_module_title "Check shell scripts for eval usage"
-
   for SH_SCRIPT in "${SH_SCRIPTS_[@]}" ; do
     print_output "[*] Testing ${ORANGE}${SH_SCRIPT}${NC} for eval usage" "no_log"
     if grep "eval " "${SH_SCRIPT}" | grep -q -v "^#.*"; then

modules/S26_kernel_vuln_verifier.sh

@@ -189,6 +189,7 @@ S26_kernel_vuln_verifier()
       tar -xzf "${KERNEL_ARCH_PATH}/linux-${K_VERSION_KORG}.tar.gz" -C "${LOG_PATH_MODULE}"
     fi
 
+    print_output "[*] Kernel version ${ORANGE}${K_VERSION}${NC} CVE detection ... "
     prepare_cve_search_module
     cve_db_lookup_version "linux_kernel:${K_VERSION}"
 

modules/S99_grepit.sh

@@ -174,6 +174,7 @@ grepit_search() {
       # this is the output to the terminal. For the final report we wait till all tests are finished and then we
       # parse the csv output file and sort it according the test priority - 1-9, where 1 is more interesting
       # (low false positive rate, certainty of "vulnerability") and 9 is only "you might want to have a look when you are desperately looking for vulns")
+      print_ln
       print_output "[*] ${ORANGE}${LINES_OF_OUTPUT}${NC} results of grepit module ${ORANGE}${CURRENT_TEST}${NC}." "no_log"
       write_csv_log "${CURRENT_TEST}" "${LINES_OF_OUTPUT}" "${ARGS_FOR_GREP[*]}" "${SEARCH_REGEX}" "${COMMENT}"
     fi