Merge pull request #1410 from m-1-k-3/helpers_refactor

Improve entropy pic integration

Author: m-1-k-3

helpers/helpers_emba_defaults.sh

@@ -230,6 +230,7 @@ set_log_paths() {
   export S95_LOG="${LOG_DIR}/s95_interesting_files_check.txt"
   export S107_LOG="${LOG_DIR}/s107_deep_password_search.txt"
   export S108_LOG="${LOG_DIR}/s108_stacs_password_search.txt"
+  export S108_CSV_LOG="${CSV_DIR}/s108_stacs_password_search.csv"
   export S109_LOG="${LOG_DIR}/s109_jtr_local_pw_cracking.txt"
   export S110_LOG="${LOG_DIR}/s110_yara_check.txt"
   export S116_CSV_LOG="${CSV_DIR}/s116_qemu_version_detection.csv"

modules/F20_vul_aggregator.sh

@@ -1132,7 +1132,6 @@ cve_extractor() {
 
   # normally we only print the number of CVEs. If we have verified CVEs in the Linux Kernel or BusyBox we also add this detail
   local lCVEs="${lCVE_COUNTER_VERSION}"
-  print_output "[!] BINARY: ${lBINARY} / lKERNEL_VERIFIED_VULN: ${lKERNEL_VERIFIED_VULN}"
   if [[ "${lKERNEL_VERIFIED_VULN}" -gt 0 ]] && [[ "${lBINARY}" == *"kernel"* ]]; then
     lCVEs+=" (${lKERNEL_VERIFIED_VULN})"
   fi

modules/F50_base_aggregator.sh

@@ -1090,7 +1090,7 @@ print_os() {
     print_output "[+] Operating system detected (""${ORANGE}""verified${GREEN}): ${ORANGE}${lSYSTEM}${NC}"
     if [[ "${VERIFIED_S03}" -eq 1 ]]; then
       write_link "s03"
-    elif [[ -f "${S24_LOG}" ]]; then
+    elif [[ -s "${S24_LOG}" ]] && ! (grep -q "nothing reported" "${S24_LOG}"); then
       write_link "s24"
     else
       write_link "s25"

modules/P02_firmware_bin_file_check.sh

@@ -132,11 +132,15 @@ set_p02_default_exports() {
 
 generate_entropy_graph() {
   local lFIRMWARE_PATH_BIN="${1:-}"
+  local lENTROPY_PIC_PATH="${LOG_DIR}/firmware_entropy.png"
 
   # we use the original FIRMWARE_PATH for entropy testing, just if it is a file
-  if [[ -f "${lFIRMWARE_PATH_BIN}" ]] && ! [[ -f "${LOG_DIR}"/firmware_entropy.png ]]; then
+  if [[ -f "${lFIRMWARE_PATH_BIN}" ]] && ! [[ -f "${lENTROPY_PIC_PATH}" ]]; then
     print_output "[*] Entropy testing with binwalk ... "
-    print_output "$("${BINWALK_BIN[@]}" -E -p "${LOG_DIR}"/firmware_entropy.png "${lFIRMWARE_PATH_BIN}")"
+    print_output "$("${BINWALK_BIN[@]}" -E -p "${lENTROPY_PIC_PATH}" "${lFIRMWARE_PATH_BIN}")"
+    if [[ -s "${lENTROPY_PIC_PATH}" ]]; then
+      write_link "${lENTROPY_PIC_PATH}"
+    fi
   fi
 }
 

modules/S108_stacs_password_search.sh

@@ -31,6 +31,7 @@ S108_stacs_password_search()
   local lPW_HASH=""
   local lPW_HASH_REAL=""
   local lMESSAGE=""
+  local lHASHES_FOUND=0
 
   if command -v stacs > /dev/null ; then
     stacs --skip-unprocessable --rule-pack "${lSTACS_RULES_DIR}"/credential.json "${FIRMWARE_PATH}" 2> "${TMP_DIR}"/stacs.err 1> "${lSTACS_LOG_FILE}" || true
@@ -57,16 +58,19 @@ S108_stacs_password_search()
         lPW_HASH_REAL=$(jq ".runs[0] .results[${ELEMENT}] .locations[] .physicalLocation[].snippet.text" "${lSTACS_LOG_FILE}" \
           | grep -v null | head -2 | tail -1 | sed 's/\\n//g' | tr -d '[:blank:]' || true)
 
-        print_output "[+] PATH: ${ORANGE}/${lPW_PATH}${GREEN}\t-\tHash: ${ORANGE}${lPW_HASH}${GREEN}."
-        write_csv_log "${lMESSAGE}" "/${lPW_PATH}" "${lPW_HASH}" "${lPW_HASH_REAL}"
+        if [[ -s "${S108_CSV_LOG}" ]] && ! (grep -q "/${lPW_PATH};${lPW_HASH}" "${S108_CSV_LOG}"); then
+          print_output "[+] PATH: ${ORANGE}/${lPW_PATH}${GREEN}\t-\tHash: ${ORANGE}${lPW_HASH}${GREEN}."
+          write_csv_log "${lMESSAGE}" "/${lPW_PATH}" "${lPW_HASH}" "${lPW_HASH_REAL}"
+          lHASHES_FOUND=$((lHASHES_FOUND+1))
+        fi
       done
 
       print_ln
-      print_output "[*] Found ${ORANGE}${lELEMENTS_}${NC} password hashes."
+      print_output "[*] Found ${ORANGE}${lHASHES_FOUND}${NC} password hashes."
     fi
     write_log ""
-    write_log "[*] Statistics:${lELEMENTS_}"
+    write_log "[*] Statistics:${lHASHES_FOUND}"
   fi
 
-  module_end_log "${FUNCNAME[0]}" "${lELEMENTS_}"
+  module_end_log "${FUNCNAME[0]}" "${lHASHES_FOUND}"
 }