firmflaws

Firmware analysis Website and API (JSON)

Upload firmware and run static analysis (parse firmware, grep strings, search for interesting files (conf, certs, db files...), etc.).

Usage

Upload a new firmware
PROFIT !

WEB INTERFACE

Homepage (upload)

Firmware summary

PHP file summary

ELF file summary

Picture file

API

POST /api/upload

description : test
brand : text
model : text
version : text
file :file (firmware archive (bin, zip))

GET /api/stats

Return global stats

nb of firmwares in db
nb of password grepped
nb of certificates
etc

GET /api/latest

Return 10 latests firmwares analysis

GET /api/firmware/#hash#

Return firmware informations (files, etc.)

GET /api/firmware/summary/#hash#

Return firmware informations without files

GET /api/firmware/hierarchy/#hash#

Return firmware informations + hierarchy as string for treeeJS frontend

GET /api/firmware/#hash#?raw

Download firmware

GET /api/file/#hash#/

Return file informations

GET /api/file/#hash#?raw

Download File

GET /api/file/#hash#?graph

If file is ELF and graph=true, return a png call graph (generated by radare2)

GET /api/search?keyword=

Search firmwares for given keyword

Dependencies

Radare2 from github : https://github.com/radare/radare2.git
Binwalk from github : https://github.com/devttys0/binwalk
rats : https://security.web.cern.ch/security/recommendations/en/codetools/rats.shtml
graphviz
pydot
Django
r2pipe
python-magic
squashfs-tools
python3-openssl

Contributors

MisterCh0c (@MisterCh0c)
Ganapati (@G4N4P4T1)
Geoffrey (@geoffreyvdberge)

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Ganapati / firmflaws

Programming Languages