-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirmware_check_yml.sh
159 lines (140 loc) · 4.74 KB
/
firmware_check_yml.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
#!/bin/sh
INSTALLED_SERVICES=""
SERVICE_VERSIONS=""
C=$(printf '\033')
RED="${C}[0;31m"
GREEN="${C}[1;32m"
YELLOW="${C}[1;33m"
BLUE="${C}[1;34m"
GREY="${C}[0;90m"
WHITE="${C}[1;37m"
NC="${C}[0m" # No Colour
banner() {
echo -n $WHITE
echo '┌─┐┬┬─┐┌┬┐┬ ┬┌─┐┬─┐┌─┐ ┌─┐┬ ┬┌─┐┌─┐┬┌─'
echo '├┤ │├┬┘││││││├─┤├┬┘├┤ │ ├─┤├┤ │ ├┴┐'
echo '└ ┴┴└─┴ ┴└┴┘┴ ┴┴└─└─┘ └─┘┴ ┴└─┘└─┘┴ ┴'
echo -n $NC
}
nl() {
echo "" # for busbybox-ash compatible newlines
}
heading() { nl && echo -n "${WHITE}>>> ${1}${NC}" && nl; }
subheading() { echo "${WHITE}> ${NC}${1}"; }
log_grey() { echo -n "${GREY}${1}$NC"; }
log_b() { echo -n "${BLUE}${1}${NC}"; }
log_g() { echo "${GREEN}[+]${NC} ${1}"; }
log_y() { echo "${YELLOW}[!]${NC} ${1}"; }
log_r() { echo "${RED}[-]${NC} ${1}"; }
log() { echo " ${1}"; }
check_version() {
if [ $(which $2) ]; then
echo -n "$1: "
VERSION=$($2 $3 0>&1 2>&1)
VERSION=$(echo $VERSION | grep -Eo '[0-9\*.]+' | head -1)
log_b "$VERSION" && nl
INSTALLED_SERVICES="$INSTALLED_SERVICES $1"
SERVICE_VERSIONS="$SERVICE_VERSIONS $VERSION"
fi
}
check_existence() {
if [ "$(which $1)" ]; then
echo -n "$1: "
log_b "$(which $1)" && nl
return 0
else
return 1
fi
}
output_to_yaml() {
echo " $1" >> fc_output.yaml
}
# =====================================
banner
echo "FirmwareCheck:" > fc_output.yaml
# general info
echo "Running on: " && log_grey "$(uname -a)"
KERNEL_VERSION=$(uname -r | awk -F'-' '{ print $1 }')
output_to_yaml "Kernel: ${KERNEL_VERSION}"
nl
heading "Looking for useful binaries"
BINARIES="socat nc netcat curl wget php xterm telnet gcc python python3 perl ruby"
FOUND_BINARIES=""
for BIN in $BINARIES; do
check_existence $BIN && FOUND_BINARIES="${FOUND_BINARIES} $BIN"
done
if [ "$FOUND_BINARIES" ]; then
output_to_yaml "Useful_Binaries:"
for BIN in $FOUND_BINARIES; do
output_to_yaml "- $(which $BIN)"
done
fi
heading "Checking versions"
check_version Apache apache2 -v
check_version Nginx nginx -v
check_version Lighttpd lighttpd --version
check_version MySQL mysql --version
check_version MongoDB mongo --version
check_version PostgreSQL postgres --version
check_version SQLite sqlite --version
check_version Dropbear dropbear --version
check_version SSH sshd --version
check_version FTP ftpd --version
check_version vsFTP vsftpd -v
check_version Memcached memcached --version
check_version Redis redis --version
check_version Mosquitto mosquitto -v
output_to_yaml "Services:$INSTALLED_SERVICES"
output_to_yaml "Versions:$SERVICE_VERSIONS"
# default passwords:
# ---------------------------------------------------
## mysql
if [ "$(which mysql)" ]; then
heading "Enumerating MySQL"
if [ "$(mysqladmin -uroot version 2>/dev/null)" ]; then
log_r "MySQL allows login without password"
mysql -u root -e "SELECT User,Host,authentication_string FROM mysql.user;" 2>/dev/null
output_to_yaml "MySQL_pwless-root: true"
else
log_g "Root login without password not allowed"
output_to_yaml "MySQL_pwless-root: false"
fi
DEBIAN_CONF=$(find $d -name debian.cnf 2>/dev/null)
FOUND_CONF=0
for f in $DEBIAN_CONF; do
if [ -r $f ]; then
log_r "Found passwords in debian.cnf:"
cat $DEBIAN_CONF | grep -i passw -A 1 -B 1 | while read -r line; do log "$line"; done
FOUND_CONF=1
fi
done
[ $FOUND_CONF ] || log_g "No readable debian.cnf found containing MySQL-Passwords"
fi
heading "Looking for ssh files"
SSH_FILES=$(find / -name 'id_rsa*' 2>/dev/null)
if [ $SSH_FILES ]; then
echo $SSH_FILES
output_to_yaml "SSH_files: $SSH_FILES"
fi
heading "Open ports"
[ "$(which netstat)" ] && NETSTAT=netstat
[ "$(which ss)" ] && NETSTAT=ss
if [ $NETSTAT ]; then
$NETSTAT -ntaup | grep -i listen | grep -v '127.0.0.1' || log_g "No applications listening on 0.0.0.0:*"
PORTS=$($NETSTAT -ntaup | grep -i listen | grep -v '127.0.0.1' | base64 --wrap=0)
output_to_yaml "OpenPorts: >"
output_to_yaml " $PORTS"
else
log_r "netstat/ss not installed, could not check for ports"
fi
heading "Processes running as root"
ps aux | grep -i root | grep -vE 'grep|ps aux|\[*\]'
PROCESSES=$(ps auxc | grep root | grep -vE 'grep|firmware_check_|bash|sh|ps|\[*\]|awk|base64' | awk '{ print $11 }' | base64 --wrap=0)
output_to_yaml "RunningAsRoot: >"
output_to_yaml " $PROCESSES"
heading "Looking for serial ports"
[ "$(cat /proc/tty/driver/serial | grep -vE 'unknown|revision')" ] && echo "[!] Serial connection open"
SERIALS=$(cat /proc/tty/driver/serial | grep -vE 'unknown|revision' | base64)
output_to_yaml "SerialPorts: >"
output_to_yaml " $SERIALS"
heading "Finished. Output written to fc_output.yaml"