A simple bash script for searching the extracted or mounted firmware file system.
It will search through the extracted or mounted firmware file system for things of interest such as:
-
etc/shadow and etc/passwd
-
list out the etc/ssl directory
-
search for SSL related files such as .pem, .crt, etc.
-
search for configuration files
-
look for script files
-
search for other .bin files
-
look for keywords such as admin, password, remote, etc.
-
search for common web servers used on IoT devices
-
search for common binaries such as ssh, tftp, dropbear, etc.
-
NOTE: Some of the data written to the file may be quite verbose. It that case, the data can be reviewed and then deleted if desired from the file.
- Firstly instal eslint:
npm i -g eslint
./firmwalker {path to root file system}
- Example:
./firmwalker linksys/fmk/rootfs
- A file
firmwalker.txt
will be created in the same directory as the script file unless you specify a different filename as the second argument - Do not put the firmwalker.sh file inside the directory to be searched, this will cause the script to search itself and the file it is creating
chmod 0700 firmwalker.sh
- Have a look under data where the checks live or add eslint rules- feel free to extend as you see fit