Aggregator
The aggregator is part of the finishing modules within emba. After the firmware testing process is finished, the aggregator collects all the relevant data, extracts version details, collects vulnerability data (CVE) and possible exploits. Additionally, it tries to show the relevant stuff in a nice and shiny report.
Some impressions of the aggregator:
To get all of this up and running some requirements are needed. First, run the installer script. It will setup the basic environment:
sudo apt-get install bc
sudo pip3 install cve-searchsploit
git clone https://github.com/cve-search/cve-search.git
If everything works fine, you should be able to use cve_searchsploit as root:
sudo cve_searchsploit CVE-2014-1912
The next step is cve-search: To get cve-search up and running you have to fulfill some dependencies.
The installation is quite straight:
cd external/cve-search
sudo pip3 install -r requirements.txt - you have to use sudo here, otherwise cve-search won't find the modules if emba is executed with root privileges.
xargs sudo apt-get install -y < requirements.system
wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu focal/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
sudo apt-get update
sudo apt-get install -y mongodb-org
sudo systemctl daemon-reload
sudo systemctl start mongod
Verify status of mongodb:
sudo systemctl status mongod
If everything is ok, enable the mongodb service to start on system boot
sudo systemctl enable mongod
And finally, you need to populate the CVE database:
sudo ./sbin/db_mgmt_cpe_dictionary.py -p
sudo ./sbin/db_mgmt_json.py -p
sudo ./sbin/db_updater.py -c --> This will take >45minutes on a decent machine, please be patient
Now it should be possible to use cve-search:
cd emba-directory
./external/cve-search/bin/search.py -p busybox