Merge pull request #1405 from m-1-k-3/helpers_refactor

Little fixes (csv, s25, s06, l25), s26 speedup

helpers/helpers_emba_defaults.sh

@@ -211,6 +211,7 @@ set_log_paths() {
   export S20_LOG="${LOG_DIR}/s20_shell_check.txt"
   export S21_LOG="${LOG_DIR}/s21_python_check.txt"
   export S22_LOG="${LOG_DIR}/s22_php_check.txt"
+  export S22_CSV_LOG="${CSV_DIR}/s22_php_check.csv"
   export S23_LOG="${LOG_DIR}/s23_lua_check.txt"
   export S23_CSV_LOG="${CSV_DIR}/s23_lua_check.csv"
   export S24_LOG="${LOG_DIR}/s24_kernel_bin_identifier.txt"

helpers/helpers_emba_print.sh

@@ -219,9 +219,9 @@ escape_echo() {
   # %q  ARGUMENT is printed in a format that can be reused as shell input, escaping non-printable characters with the proposed POSIX $'' syntax.
   if [[ -v 2 ]]; then
     local lLOG_TO_FILE="${2:-}"
-    printf -- "%q" "${lSTRING_TO_ECHO}" | tee -a "${lLOG_TO_FILE}" >/dev/null || true
+    printf "%q\n" "${lSTRING_TO_ECHO}" | tee -a "${lLOG_TO_FILE}" >/dev/null || true
   else
-    printf -- "%q" "${lSTRING_TO_ECHO}" || true
+    printf "%q\n" "${lSTRING_TO_ECHO}" || true
   fi
 }
 

modules/F15_cyclonedx_sbom.sh

@@ -123,9 +123,15 @@ F15_cyclonedx_sbom() {
       fi
 
       if [[ -s "${lCOMP_FILE}" ]]; then
-        cat "${lCOMP_FILE}" >> "${SBOM_LOG_PATH}/sbom_components_tmp.json"
+        if (json_pp < "${lCOMP_FILE}" &> /dev/null); then
+          cat "${lCOMP_FILE}" >> "${SBOM_LOG_PATH}/sbom_components_tmp.json"
+        else
+          print_output "[!] WARNING: SBOM component ${lCOMP_FILE} failed to validate with json_pp"
+          continue
+        fi
       else
         print_output "[!] WARNING: SBOM component ${lCOMP_FILE} failed to decode"
+        continue
       fi
       if [[ $((lCOMP_FILE_ID+1)) -lt "${#lCOMP_FILES_ARR[@]}" ]]; then
         echo -n "," >> "${SBOM_LOG_PATH}/sbom_components_tmp.json"
@@ -178,7 +184,7 @@ F15_cyclonedx_sbom() {
     # I am sure there is a much cleaner way but for now I am stuck and don't get it in a different way :(
     sed -i 's/%SPACE%/\ /g' "${lSBOM_LOG_FILE}.json"
 
-    if [[ -f "${lSBOM_LOG_FILE}.json" ]]; then
+    if [[ -s "${lSBOM_LOG_FILE}.json" ]]; then
       local lNEG_LOG=1
       print_output "[*] Converting SBOM to further SBOM formats ..." "no_log"
       cyclonedx convert --output-format xml --input-file "${lSBOM_LOG_FILE}.json" --output-file "${lSBOM_LOG_FILE}.xml" || print_error "[-] Error while generating xml SBOM for SBOM"

modules/F20_vul_aggregator.sh

@@ -152,6 +152,13 @@ aggregate_versions() {
 
     print_output "[*] Software inventory initial overview:"
     write_anchor "softwareinventoryinitialoverview"
+    for lVERSION in "${VERSIONS_S08_PACKAGE_DETAILS_ARR[@]}"; do
+      if [ -z "${lVERSION}" ]; then
+        continue
+      fi
+      print_output "[+] Found Version details (${ORANGE}main SBOM environment${GREEN}): ""${ORANGE}${lVERSION}${NC}"
+    done
+
     for lVERSION in "${VERSIONS_SYS_EMULATOR_ARR[@]}"; do
       if [ -z "${lVERSION}" ]; then
         continue
@@ -1075,7 +1082,7 @@ cve_extractor() {
   if [[ -f "${F20_CSV_LOG}" ]]; then
     # very weak search for the end of the entry - if yes we have a verified kernel vuln
     # Todo: Improve this search on field base
-    lKERNEL_VERIFIED_VULN=$(grep -c "^${lBINARY};.*;yes;$" "${F20_CSV_LOG}" || true)
+    lKERNEL_VERIFIED_VULN=$(grep -E -c "^${lBINARY};.*;yes;[0-9]+;[0-9]+;$" "${F20_CSV_LOG}" || true)
   fi
 
   if [[ -f "${TMP_DIR}/exploit_cnt.tmp" ]]; then
@@ -1125,6 +1132,7 @@ cve_extractor() {
 
   # normally we only print the number of CVEs. If we have verified CVEs in the Linux Kernel or BusyBox we also add this detail
   local lCVEs="${lCVE_COUNTER_VERSION}"
+  print_output "[!] BINARY: ${lBINARY} / lKERNEL_VERIFIED_VULN: ${lKERNEL_VERIFIED_VULN}"
   if [[ "${lKERNEL_VERIFIED_VULN}" -gt 0 ]] && [[ "${lBINARY}" == *"kernel"* ]]; then
     lCVEs+=" (${lKERNEL_VERIFIED_VULN})"
   fi
@@ -1228,7 +1236,6 @@ cve_extractor_thread_actor() {
   if [[ -f "${KNOWN_EXP_CSV}" ]]; then
     # if grep -q \""${lCVE_VALUE}"\", "${KNOWN_EXP_CSV}"; then
     if grep -q "^${lCVE_VALUE}," "${KNOWN_EXP_CSV}"; then
-      print_output "[+] ${ORANGE}WARNING:${GREEN} Vulnerability ${ORANGE}${lCVE_VALUE}${GREEN} is a known exploited vulnerability."
       write_log "[+] ${ORANGE}WARNING:${GREEN} Vulnerability ${ORANGE}${lCVE_VALUE}${GREEN} is a known exploited vulnerability." "${LOG_PATH_MODULE}"/exploit/known_exploited_vulns.log
 
       if [[ "${lEXPLOIT}" == "No exploit available" ]]; then

modules/L25_web_checks.sh

@@ -23,7 +23,7 @@ L25_web_checks() {
 
   if [[ "${SYS_ONLINE}" -eq 1 ]] && [[ "${TCP}" == "ok" ]]; then
     module_log_init "${FUNCNAME[0]}"
-    module_title "Web tests of emulated device."
+    module_title "Web server analysis of emulated device"
     pre_module_reporter "${FUNCNAME[0]}"
 
     if [[ -v IP_ADDRESS_ ]]; then
@@ -437,15 +437,17 @@ web_access_crawler() {
     if [[ -f "${LOG_PATH_MODULE}/crawling_${lIP_}-${lPORT_}-200ok.log" ]] && [[ -f "${LOG_DIR}"/s22_php_check/semgrep_php_results_xml.log ]]; then
       while read -r lWEB_PATH; do
         lWEB_NAME="$(basename "${lWEB_PATH}")"
-        mapfile -t lCRAWLED_VULNS_ARR < <(grep "semgrep-rules.php.lang.security.*${lWEB_NAME}" "${LOG_DIR}"/s22_php_check/semgrep_php_results_xml.log || true)
+        mapfile -t lCRAWLED_VULNS_ARR < <(grep "${lWEB_NAME}.*semgrep-rules.php.lang.security" "${S22_CSV_LOG}" || true)
         for lC_VULN in "${lCRAWLED_VULNS_ARR[@]}"; do
-          lVULN_NAME=$(echo "${lC_VULN}" | tr ' ' '\n' | grep "^name=" | cut -d '=' -f2 || true)
-          lVULN_FILE=$(echo "${lC_VULN}" | tr ' ' '\n' | grep "^file=" | cut -d '=' -f2 || true)
+          lVULN_NAME=$(echo "${lC_VULN}" | cut -d ';' -f2)
+          lVULN_FILE="${lC_VULN/;*}"
+          lVULN_FILE=$(basename "${lVULN_FILE}")
 
           if ! [[ -f "${L25_CSV_LOG}" ]]; then
             write_csv_log "vuln file crawled" "source of vuln" "language" "vuln name" "filesystem path with vuln"
           fi
-          print_output "[+] Found possible vulnerability ${ORANGE}${lVULN_NAME}${GREEN} in semgrep analysis for ${ORANGE}${lWEB_NAME}${NC}." "" "${LOG_DIR}"/s22_php_check/semgrep_php_results_xml.log
+          print_output "[+] Found possible vulnerability ${ORANGE}${lVULN_NAME}${GREEN} in semgrep analysis for ${ORANGE}${lWEB_NAME}${NC}."
+          write_link "s22"
           write_csv_log "${lWEB_NAME}" "semgrep" "php" "${lVULN_NAME}" "${lVULN_FILE}"
         done
       done < "${LOG_PATH_MODULE}/crawling_${lIP_}-${lPORT_}-200ok.log"

modules/L35_metasploit_check.sh

@@ -140,6 +140,10 @@ check_live_metasploit() {
       # Print the session output from the metasploit log:
       sed -n '/Active sessions/,/Stopping all jobs/p' "${LOG_PATH_MODULE}"/metasploit-check-"${IP_ADDRESS_}".txt | tee -a "${LOG_FILE}" || true
       print_ln
+    elif grep -q "session .* opened" "${LOG_PATH_MODULE}/metasploit-check-${IP_ADDRESS_}.txt"; then
+      print_ln
+      print_output "[+] Possible Metasploit sessions for verification - check the log" "" "${LOG_PATH_MODULE}/metasploit-check-${IP_ADDRESS_}.txt"
+      print_ln
     else
       print_output "[-] No Metasploit session detected"
     fi

modules/P50_binwalk_extractor.sh

@@ -40,7 +40,7 @@ P50_binwalk_extractor() {
   local lFW_PATH_BINWALK="${FIRMWARE_PATH_BAK}"
 
   if [[ -d "${lFW_PATH_BINWALK}" ]]; then
-    print_output "[-] Binalk module only deals with firmware files - directories should be already handled via deep extractor"
+    print_output "[-] Binwalk module only deals with firmware files - directories should be already handled via deep extractor"
     module_end_log "${FUNCNAME[0]}" 0
     return
   fi

modules/S05_firmware_details.sh

@@ -36,9 +36,9 @@ S05_firmware_details()
   filesystem_tree
 
   write_log ""
-  write_log "[*] Statistics:${#FILE_ARR[@]}:${lDETECTED_DIR}"
+  write_log "[*] Statistics:${lFILE_CNT}:${lDETECTED_DIR}"
 
-  module_end_log "${FUNCNAME[0]}" "${#FILE_ARR[@]}"
+  module_end_log "${FUNCNAME[0]}" "${lFILE_CNT}"
 }
 
 filesystem_tree() {

modules/S09_firmware_base_version_check.sh

@@ -236,7 +236,8 @@ S09_firmware_base_version_check() {
           # MD5_SUM="$(md5sum "${lBIN}" | awk '{print $1}')"
           MD5_SUM=$(echo "${lBIN}" | cut -d ';' -f8)
           # MD5_SUM=$(echo "${lBIN}" | cut -d ';' -f8)
-          lAPP_NAME="$(basename "${lBIN/;*}")"
+          lBIN="${lBIN/;*}"
+          lAPP_NAME="$(basename "${lBIN}")"
           local lSTRINGS_OUTPUT="${LOG_PATH_MODULE}"/strings_bins/strings_"${MD5_SUM}"_"${lAPP_NAME}".txt
           if ! [[ -f "${lSTRINGS_OUTPUT}" ]]; then
             continue
@@ -250,6 +251,7 @@ S09_firmware_base_version_check() {
             write_csv_log "${lBIN}" "${lAPP_NAME}" "${lVERSION_FINDER}" "${CSV_RULE}" "${LIC}" "${TYPE}"
             check_for_s08_csv_log "${S08_CSV_LOG}"
 
+            lBIN="${lBIN/;*}"
             lSHA256_CHECKSUM="$(sha256sum "${lBIN}" | awk '{print $1}')"
             lSHA512_CHECKSUM="$(sha512sum "${lBIN}" | awk '{print $1}')"
             lCPE_IDENTIFIER=$(build_cpe_identifier "${CSV_RULE}")
@@ -355,7 +357,7 @@ S09_firmware_base_version_check() {
 
     else
 
-      # This is default mode!
+      # This is the fallback/default mode!
 
       if [[ -f "${lEXTRACTOR_LOG}" ]]; then
         # check unblob files sometimes we can find kernel version information or something else in it
@@ -468,6 +470,8 @@ S09_firmware_base_version_check() {
         fi
       fi
 
+      # The following area is responsible to check all binaries against our version database:
+
       [[ "${THREADED}" -eq 1 ]] && wait_for_pid "${WAIT_PIDS_S09_1[@]}"
       if [[ "${THREADED}" -eq 1 ]]; then
         # this will burn the CPU but in most cases the time of testing is cut into half
@@ -543,7 +547,12 @@ build_final_bins_threader() {
   fi
   local lPACKAGING_SYSTEM="unhandled_file"
   local lPROP_ARRAY_INIT_ARR=()
+  lBIN_ARCH=$(echo "${lBIN_FILE}" | cut -d ',' -f2)
+  lBIN_ARCH=${lBIN_ARCH#\ }
   lPROP_ARRAY_INIT_ARR+=( "source_path:${lFILE}" )
+  if [[ -n "${lBIN_ARCH}" ]]; then
+    lPROP_ARRAY_INIT_ARR+=( "source_arch:${lBIN_ARCH}" )
+  fi
   lPROP_ARRAY_INIT_ARR+=( "source_details:${lBIN_FILE}" )
 
   build_sbom_json_properties_arr "${lPROP_ARRAY_INIT_ARR[@]}"
@@ -771,8 +780,8 @@ bin_string_checker() {
             lSHA256_CHECKSUM="$(sha256sum "${lBIN}" | awk '{print $1}')"
             lSHA512_CHECKSUM="$(sha512sum "${lBIN}" | awk '{print $1}')"
 
-            lBIN_FILE=$(echo "${lBIN_FILE}" | cut -d ',' -f2)
-            lBIN_ARCH=${lBIN_FILE#\ }
+            lBIN_ARCH=$(echo "${lBIN_FILE}" | cut -d ',' -f2)
+            lBIN_ARCH=${lBIN_ARCH#\ }
 
             lCPE_IDENTIFIER=$(build_cpe_identifier "${CSV_RULE}")
             lPURL_IDENTIFIER=$(build_generic_purl "${CSV_RULE}" "${lOS_IDENTIFIED}" "${lBIN_ARCH}")

modules/S116_qemu_version_detection.sh

@@ -193,7 +193,12 @@ version_detection_thread() {
     # ensure we have a unique array
     eval "lBINARY_PATHS_FINAL_ARR=($(for i in "${lBINARY_PATHS_FINAL_ARR[@]}" ; do echo "\"${i}\"" ; done | sort -u))"
 
+    local lCNT=0
     for lBINARY_PATH in "${lBINARY_PATHS_FINAL_ARR[@]}"; do
+      lCNT=$((lCNT+1))
+      # I think it is enough to log the same version identifier for 10 times
+      [[ "${lCNT}" -gt 10 ]] && break
+
       print_output "[+] Version information found ${RED}""${lVERSION_DETECTED}""${NC}${GREEN} in binary ${ORANGE}${lBINARY_PATH}${GREEN} (license: ${ORANGE}${lAPP_LIC}${GREEN}) (${ORANGE}${lTYPE}${GREEN})." "" "${lLOG_PATH_}"
       write_csv_log "${lBINARY_PATH}" "${lBINARY}" "${lVERSION_DETECTED}" "${lCSV_RULE}" "${lAPP_LIC}" "${lTYPE}"
       lBIN_NAME=$(basename "${lBINARY_PATH}")

modules/S16_ghidra_decompile_checks.sh

@@ -53,7 +53,7 @@ S16_ghidra_decompile_checks()
   if [[ -f "${S13_CSV_LOG}" ]] || [[ -f "${S14_CSV_LOG}" ]]; then
     # usually binaries with strcpy or system calls are more interesting for further analysis
     # to keep analysis time low we only check these bins
-    mapfile -t lBINARIES_ARR < <(grep -h "strcpy\|system" "${S13_CSV_LOG}" "${S14_CSV_LOG}" | sort -k 3 -t ';' -n -r | awk '{print $1}' || true)
+    mapfile -t lBINARIES_ARR < <(grep -h "strcpy\|system" "${S13_CSV_LOG}" "${S14_CSV_LOG}" 2>/dev/null | sort -k 3 -t ';' -n -r | awk '{print $1}' || true)
   else
     mapfile -t lBINARIES_ARR < <(grep -v "ASCII text\|Unicode text" "${P99_CSV_LOG}" | grep ";ELF" | cut -d ';' -f1 || true)
   fi
@@ -68,11 +68,16 @@ S16_ghidra_decompile_checks()
       fi
     fi
 
+    # from s13 and s14 we get a path like ./path/to/file
+    # let's remove the ^.
+    lBIN_TO_CHECK="${lBIN_TO_CHECK#\.}"
+
     if ! [[ -f "${lBIN_TO_CHECK}" ]]; then
-      lBIN_TO_CHECK=$(grep "${lBIN_TO_CHECK}" "${P99_CSV_LOG}" | cut -d ';' -f1 | sort -u | head -1 || true)
+      lBIN_TO_CHECK=$(grep "$(escape_echo "${lBIN_TO_CHECK}")" "${P99_CSV_LOG}" | cut -d ';' -f1 | sort -u | head -1 || true)
+    fi
+    if ! [[ -f "${lBIN_TO_CHECK}" ]]; then
+      continue
     fi
-
-    print_output "[*] S16 - Testing ${lBIN_TO_CHECK}"
     # ensure we have not tested this binary entry
     local lBIN_MD5=""
     lBIN_MD5="$(md5sum "${lBIN_TO_CHECK}" | awk '{print $1}')"

modules/S17_cwe_checker.sh

@@ -67,7 +67,7 @@ cwe_check() {
   if [[ -f "${S13_CSV_LOG}" ]] || [[ -f "${S14_CSV_LOG}" ]]; then
     # usually binaries with strcpy or system calls are more interesting for further analysis
     # to keep analysis time low we only check these bins
-    mapfile -t lBINARIES_ARR < <(grep -h "strcpy\|system" "${S13_CSV_LOG}" "${S14_CSV_LOG}" | sort -k 3 -t ';' -n -r | awk '{print $1}' || true)
+    mapfile -t lBINARIES_ARR < <(grep -h "strcpy\|system" "${S13_CSV_LOG}" "${S14_CSV_LOG}" 2>/dev/null | sort -k 3 -t ';' -n -r | awk '{print $1}' || true)
     # we usually get a path like /sbin/httpd which is not resolvable and needs to queried again in the P99_CSV_LOG later on
   else
     mapfile -t lBINARIES_ARR < <(grep -v "ASCII text\|Unicode text" "${P99_CSV_LOG}" | grep "ELF" | cut -d ';' -f1 || true)
@@ -85,11 +85,13 @@ cwe_check() {
 
     # do not try to analyze kernel modules:
     [[ "${lBIN_TO_CHECK}" == *".ko" ]] && continue
+    lBIN_TO_CHECK="${lBIN_TO_CHECK#\.}"
     if ! [[ -f "${lBIN_TO_CHECK}" ]]; then
-      lBIN_TO_CHECK=$(grep "${lBIN_TO_CHECK}" "${P99_CSV_LOG}" | cut -d ';' -f1 | sort -u | head -1 || true)
+      lBIN_TO_CHECK=$(grep "$(escape_echo "${lBIN_TO_CHECK}")" "${P99_CSV_LOG}" | cut -d ';' -f1 | sort -u | head -1 || true)
+    fi
+    if ! [[ -f "${lBIN_TO_CHECK}" ]]; then
+      continue
     fi
-    # ensure we have not tested this binary entry
-    print_output "[*] S17 - Testing ${lBIN_TO_CHECK}"
     local lBIN_MD5=""
     lBIN_MD5="$(md5sum "${lBIN_TO_CHECK}" | awk '{print $1}')"
     if [[ "${lBINS_CHECKED_ARR[*]}" == *"${lBIN_MD5}"* ]]; then
@@ -155,6 +157,7 @@ cwe_checker_threaded() {
     mapfile -t lCWE_OUT < <( jq -r '.[] | "\(.name) \(.description)"' "${LOG_PATH_MODULE}"/cwe_"${lNAME}".log | cut -d\) -f1 | tr -d '(' | sort -u || true)
     # this is the logging after every tested file
     if [[ ${#lCWE_OUT[@]} -ne 0 ]] ; then
+      print_ln
       print_output "[+] cwe-checker found a total of ${ORANGE}${lCWE_TOTAL_CNT:-0}${GREEN} and ${ORANGE}${#lCWE_OUT[@]}${GREEN} different security issues in ${ORANGE}${lNAME}${GREEN}:" "" "${LOG_PATH_MODULE}"/cwe_"${lNAME}".log
       for lCWE_LINE in "${lCWE_OUT[@]}"; do
         lCWE="$(echo "${lCWE_LINE}" | awk '{print $1}')"
@@ -172,8 +175,6 @@ cwe_checker_threaded() {
     fi
   fi
 
-  print_ln
-
   if [[ -f "${LOG_FILE}" ]]; then
     cat "${LOG_FILE}" >> "${lOLD_LOG_FILE}"
     rm "${LOG_FILE}" 2> /dev/null

modules/S22_php_check.sh

@@ -34,6 +34,7 @@ S22_php_check()
 
   if [[ ${PHP_CHECK} -eq 1 ]] ; then
     mapfile -t lPHP_SCRIPTS_ARR < <(grep "PHP script" "${P99_CSV_LOG}" | cut -d ';' -f1 | sort -u || true)
+    write_csv_log "Script path" "PHP issue" "source (e.g. semgrep)" "common linux file"
     s22_vuln_check_caller "${lPHP_SCRIPTS_ARR[@]}"
 
     s22_vuln_check_semgrep "${lPHP_SCRIPTS_ARR[@]}"
@@ -127,6 +128,7 @@ s22_vuln_check_semgrep() {
 
       sed -i -r "${lSEMG_LINE_NR}s/.*/\x1b[32m&\x1b[0m/" "${LOG_PATH_MODULE}"/semgrep_sources/"${lSEMG_SOURCE_FILE_NAME}".log || true
       print_output "[+] Found possible PHP vulnerability ${ORANGE}${lSEMG_ISSUE_NAME}${GREEN} in ${ORANGE}${lSEMG_SOURCE_FILE_NAME}${GREEN}" "" "${LOG_PATH_MODULE}/semgrep_sources/${lSEMG_SOURCE_FILE_NAME}.log"
+      write_csv_log "${lSEMG_SOURCE_FILE}" "${lSEMG_ISSUE_NAME}" "semgrep" "unknown"
 
       if [[ "${GPT_OPTION}" -gt 0 ]]; then
         lGPT_ANCHOR_="$(openssl rand -hex 8)"
@@ -150,7 +152,6 @@ s22_vuln_check_semgrep() {
 
 s22_vuln_check_caller() {
   sub_module_title "PHP script vulnerabilities (progpilot)"
-  write_csv_log "Script path" "PHP issues detected" "common linux file"
   local lPHP_SCRIPTS_ARR=("$@")
   local lVULNS=0
   local lPHP_SCRIPT=""
@@ -225,7 +226,8 @@ s22_vuln_check() {
       lCFF="NA"
     fi
     print_output "[+] Found ""${ORANGE}""${lVULNS}"" vulnerabilities""${GREEN}"" in php file"": ""${ORANGE}""$(print_path "${lPHP_SCRIPT_}")""${GREEN}""${lCOMMON_FILES_FOUND}""${NC}" "" "${lPHP_LOG}"
-    write_csv_log "$(print_path "${lPHP_SCRIPT_}")" "${lVULNS}" "${lCFF}" "NA"
+    write_csv_log "${lPHP_SCRIPT_}" "TODO" "progpilot" "${lCFF}"
+
     if [[ "${GPT_OPTION}" -gt 0 ]]; then
       lGPT_ANCHOR_="$(openssl rand -hex 8)"
       # "${GPT_INPUT_FILE_}" "${lGPT_ANCHOR_}" "GPT-Prio-$lGPT_PRIO_" "${GPT_QUESTION_}" "${GPT_OUTPUT_FILE_}" "cost=$GPT_TOKENS_" "${GPT_RESPONSE_}"

modules/S26_kernel_vuln_verifier.sh

@@ -272,8 +272,28 @@ S26_kernel_vuln_verifier()
     print_output "[*] Checking vulnerabilities for kernel version ${ORANGE}${lK_VERSION}${NC}" "" "${LOG_PATH_MODULE}/kernel_verification_${lK_VERSION}_detailed.log"
     print_ln
 
+    local lVULN=""
     for lVULN in "${lALL_KVULNS_ARR[@]}"; do
       NEG_LOG=1
+      vuln_checker_threader "${lVULN}" &
+      local lTMP_PID="$!"
+      store_kill_pids "${lTMP_PID}"
+      lWAIT_PIDS_S26_ARR_MAIN+=( "${lTMP_PID}" )
+      ((VULN_CNT+=1))
+      max_pids_protection "${MAX_MOD_THREADS}" "${lWAIT_PIDS_S26_ARR_MAIN[@]}"
+    done
+
+    wait_for_pid "${lWAIT_PIDS_S26_ARR_MAIN[@]}"
+
+    final_log_kernel_vulns "${lK_VERSION}" "${lALL_KVULNS_ARR[@]}"
+  done
+
+  module_end_log "${FUNCNAME[0]}" "${NEG_LOG}"
+}
+
+
+vuln_checker_threader() {
+  local lVULN="${1:-}"
       local lK_PATHS_ARR=()
       local lK_PATHS_FILES_TMP_ARR=()
       local lSUMMARY=""
@@ -358,15 +378,7 @@ S26_kernel_vuln_verifier()
         write_log "${lOUTx}" "${LOG_PATH_MODULE}/kernel_verification_${lK_VERSION}_detailed.log"
         ((CNT_PATHS_UNK+=1))
       fi
-      ((VULN_CNT+=1))
-    done
-
     wait_for_pid "${lWAIT_PIDS_S26_ARR[@]}"
-
-    final_log_kernel_vulns "${lK_VERSION}" "${lALL_KVULNS_ARR[@]}"
-  done
-
-  module_end_log "${FUNCNAME[0]}" "${NEG_LOG}"
 }
 
 split_symbols_file() {

scan-profiles/default-scan-emulation.emba

@@ -19,8 +19,7 @@ export SHORT_PATH=1
 export HTML=1
 export QEMULATION=1
 export FULL_EMULATION=1
-# export SELECT_MODULES+=( "S05" "S21" "S22" "S23" "S24" "F20" "F50" )
-export SELECT_MODULES+=( "S05" "S21" "S22" "S23" "S24" )
+export SELECT_MODULES+=( "S05" "S21" "S22" "S23" "S24" "F50" )
 
 # enable silent mode and status bar
 export DISABLE_STATUS_BAR=0