-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathafat.sh
executable file
·180 lines (169 loc) · 4.64 KB
/
afat.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/usr/bin/env bash
set -e
set -u
function usage {
echo "Usage:"
echo "$0 <path to extracted file system of firmware image>"
echo "Example: $0 <mount_path_to_root_filesystem>"
echo "To mount a Victor image type mount -o loop apq8009-robot-sysfs.img <mountdirector>"
exit 1
}
function msg {
echo "$1" | tee -a $FILE
}
function getArray {
array=() # Create array
while IFS= read -r line
do
array+=("$line")
done < "$1"
}
# Check arguments
if [[ $# -gt 2 || $# -lt 1 ]]; then
usage
fi
# Set variables
FIRMDIR=$1
if [[ $# -eq 2 ]]; then
FILE=$2
else
today=`date '+%Y%m%d%H%M%S'`;
FILE="afat$today.log"
fi
# Remove previous file if it exists, is a file and doesn't point somewhere
if [[ -e "$FILE" && ! -h "$FILE" && -f "$FILE" ]]; then
rm -f $FILE
fi
#mount filesystem
#MNTDIR="$1.mount"
#mkdir $MNTDIR
#udo mount -o loop $1 $MNTDIR
# Perform searches
msg "#Firmware Directory"
msg $FIRMDIR
msg "#Searching for password files"
getArray "data/passfiles"
passfiles=("${array[@]}")
for passfile in "${passfiles[@]}"
do
msg "# $passfile"
find $FIRMDIR -name $passfile | cut -c${#FIRMDIR}- | tee -a $FILE
msg ""
done
msg "#Searching for Unix-MD5 hashes#"
egrep -sro '\$1\$\w{8}\S{23}' $FIRMDIR | tee -a $FILE
msg ""
if [[ -d "$FIRMDIR/etc/ssl" ]]; then
msg "#List etc/ssl directory#"
ls -l $FIRMDIR/etc/ssl | tee -a $FILE
fi
msg ""
msg "#Searching for SSL related files#"
getArray "data/sslfiles"
sslfiles=("${array[@]}")
for sslfile in ${sslfiles[@]}
do
msg "#$sslfile"
certfiles=( $(find ${FIRMDIR} -name ${sslfile}) )
: "${certfiles:=empty}"
for certfile in "${certfiles[@]}"
do
if [ "${certfile##*.}" = "crt" ]; then
echo $certfile | cut -c${#FIRMDIR}- | tee -a $FILE
serialno=$(openssl x509 -in $certfile -serial -noout)
echo $serialno | tee -a $FILE
# Perform Shodan search. TOOD: Install Shodan CLI installed with an API key.
# serialnoformat=(ssl.cert.serial:${serialno##*=})
# shocount=$(shodan count $serialnoformat)
# echo "Number of devices found in Shodan =" $shocount | tee -a $FILE
cat $certfile | tee -a $FILE
else
# all other SSL related files
echo $certfile | cut -c${#FIRMDIR}- | tee -a $FILE
fi
done
msg ""
done
msg ""
msg "#Searching for SSH related files#"
getArray "data/sshfiles"
sshfiles=("${array[@]}")
for sshfile in ${sshfiles[@]}
do
msg "# $sshfile"
find $FIRMDIR -name $sshfile | cut -c${#FIRMDIR}- | tee -a $FILE
msg ""
done
msg ""
msg "#Searching for configuration files#"
getArray "data/conffiles"
conffiles=("${array[@]}")
for conffile in ${conffiles[@]}
do
msg "# $conffile"
find $FIRMDIR -name $conffile | cut -c${#FIRMDIR}- | tee -a $FILE
msg ""
done
msg ""
msg "#Searching for database related files#"
getArray "data/dbfiles"
dbfiles=("${array[@]}")
for dbfile in ${dbfiles[@]}
do
msg " $dbfile"
find $FIRMDIR -name $dbfile | cut -c${#FIRMDIR}- | tee -a $FILE
msg ""
done
msg ""
msg "#Search for shell scripts#"
msg "#Shell scripts"
find $FIRMDIR -name "*.sh" | cut -c${#FIRMDIR}- | tee -a $FILE
msg ""
msg "#Search for other .bin files#"
msg "#bin files"
find $FIRMDIR -name "*.bin" | cut -c${#FIRMDIR}- | tee -a $FILE
msg ""
msg "#Search for patterns in files#"
getArray "data/patterns"
patterns=("${array[@]}")
for pattern in "${patterns[@]}"
do
msg "# $pattern"
grep -lsirnw $FIRMDIR -e "$pattern" | cut -c${#FIRMDIR}- | tee -a $FILE
msg ""
done
msg ""
msg "#Searching for web servers#"
getArray "data/webservers"
webservers=("${array[@]}")
for webserver in ${webservers[@]}
do
msg "# $webserver"
find $FIRMDIR -name "$webserver" | cut -c${#FIRMDIR}- | tee -a $FILE
msg ""
done
msg ""
msg "#Searching for debug / priv binaries#"
msg "#Debug / Priv binaries"
getArray "data/binaries"
binaries=("${array[@]}")
for binary in "${binaries[@]}"
do
msg "# $binary"
find $FIRMDIR -name "$binary" | cut -c${#FIRMDIR}- | tee -a $FILE
msg ""
done
msg ""
msg "#Searching for ip addresses#"
msg "#IP Addresses"
grep -sRIEh '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' --exclude='console' $FIRMDIR | sort | uniq | tee -a $FILE
msg ""
msg "#Searching for urls#"
msg "#URLs"
grep -sRIEo '(http|https)://[^/"]+' --exclude='console' $FIRMDIR | sort | uniq | tee -a $FILE
msg ""
msg "#Searching for emails#"
msg "#Emails"
grep -sRIEo '([[:alnum:]_.-]+@[[:alnum:]_.-]+?\.[[:alpha:].]{2,6})' "$@" --exclude='console' $FIRMDIR | sort | uniq | tee -a $FILE
#Perform static code analysis
#eslint -c eslintrc.json $FIRMDIR | tee -a $FILE