certcc / trommel Goto Github PK
View Code? Open in Web Editor NEWTROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators
License: Other
TROMMEL: Sift Through Embedded Device Files to Identify Potential Vulnerable Indicators
License: Other
So, TROMMEL now cannot inspect known vulnerabilities in the extracted files?
A minimal documentation should be done to explain how things work even if the tool is easy to use.
The documentation must specify how to download and deploy the vFeed Database CE (in root directory of the tool)
Maybe add a requirements.txt with list of all required libs (magic).
Got an error first time.
Under MAC, i had to install libmagic and python-magic
brew install libmagic
pip install python-magic
It will be great to refactor the code and optimize it into different functions
got stuck.
where and what is nvd_db?
Traceback (most recent call last): File "trommel.py", line 161, in <module> main() File "trommel.py", line 146, in main indicators.kw(ff, trommel_output, trommel_vfeed_output, names, bin_search) File "/home/dosi/IoT/trommel-master/indicators.py", line 603, in kw text_search(mm, trommel_vfeed_output) File "/home/dosi/IoT/trommel-master/indicators.py", line 109, in text_search search_text = Search(search_term).text() File "/home/dosi/IoT/trommel-master/lib/core/search.py", line 131, in text ('%' + self.entry + '%',)) sqlite3.OperationalError: no such table: nvd_db
"Due to some people misuse of our data and reusing it for commercial purposes without neither our consent nor paying the fees, we are discontinuing the vFeed Community Edition."
bad news for community and all embedded to this repo projects.
luckily we have alternatives https://alternativeto.net/software/vfeed/
better to have all keywords such root_kw = "root" and ssh_bin = "ssh" into a config file or a dictionary. It will be easy to loop / extract / add without touching the code.
Your license file at https://github.com/CERTCC/trommel/blob/a6d6edc9ddef3d96f1269d526709097d8d2c1c96/LICENSE.md is rather confusing as it is rather impossible to figure what are the license terms that apply.
Furthermore, it contains a modified text of the GPL which may not be OK because the text of the GPL may not be modified since the original contains this:
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
This is FYI, as this tripped the license detection tool I maintain (scancode-toolkit)
Kyle,
I noticed the code is being updated ๐ฅ .. That's awesome !!!
can you add a changelog.md file, just to notify what changes you've done so far. I was unable to see what was added in indicator.py without digging into diffs :)
Anyway, great job !!!!!!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.