Skip to content

Releases: e-m-b-a/emba

EMBA v1.5.1 - Rise from the dead or Binwalk is back in town

17 Dec 12:11
7676311
Compare
Choose a tag to compare

Let's travel back in time ... In EMBA version 1.2.3 we started removing the old, rusty and unmaintained binwalk (v2) as main extractor from EMBA. See here. Big thanks to the great folks of unblob for jumping in with the most powerful extraction engine that is currently available.

And now fast forward to September 2024 ... Check this bomb

image

Great news! The new binwalk was not just a quick update, it was a complete rewritten version in rust! As usual we are trying to implement cool projects quite early to get hands on experience ... especially if these are the projects from our own IoT hacking beginnings years ago ;)

Fast forward to Dezember 2024 ...

As the new binwalk is damn fast, EMBA got it as initial extractor into the extraction pipeline! Check it out and let us and Craig know how it performs and how you like it. In this place it is also quite easy to see where binwalk is failing and Unblob is jumping in. Btw. this does not mean that Binwalk is better compared to Unblob! In most of our testcases it was faster but from the success rate Unblob is currently the most powerful extraction engine which automatically jumps in as 2nd extraction engine and is also used for our deep-extraction mode.

The best extraction frameworks together in EMBA ... this must be true love :-D

Beside this big update we have a bunch of other little and big things for you:

  • The SBOM engine which was introduced in version 1.5.0 got updates everywhere (new json engine, dependencies are now handled, untracked files can be included, improved package manager integration, optimised static version detection ...)
  • EMBA is getting more and more powerful and faster, faster, faster
  • Our huge code refactoring part 1 of X is finished
  • Regular docker base image update (new capa version, new Ghidra version, ...)
  • Kali Linux 2024.4 supported

Beside the technical updates, we were at BlackHat MEA with an Arsenal demo of EMBA. We talked to a lot of interested and interesting people and got some cool ideas for EMBA. You can check our Arsenal slides here and some pictures here


Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image

Check it out here and start being an essential part of the future of EMBA


It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:


How can you reach us and stay up to date? Just take one of these channels:


Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the CVE database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

For updating your oudated EMBA installation, please check the update section in our wiki.


What's Changed

New Contributors

Full Changelog: v1.5.0-SBOMdorado...v1.5.1-rise-from-the-dead

EMBA v1.5.0 - SBOMdorado

22 Oct 11:07
c531641
Compare
Choose a tag to compare

The main goal of EMBA was always to get an accurate real life overview of the threats of a firmware image. While a few years ago the target audience were only pentesters, in today’s EMBA world also software developers, product owners and product security teams are using her to achieve different goals.

Over the time EMBA is grown and today she is not only a firmware analyzer anymore. Nowadays, EMBA is used to test every little piece of unknown binary. While the main interest stays on analyzing Linux based firmware, we have seen that EMBA is also used for UEFI, Windows binaries, Linux binaries, different Scripts, Android APKs and a lot of other stuff. Beside the high fragmentation of the targets under test, we have seen a growing demand for SBOM generation. EMBA includes some kind of basic SBOM support for ages, but as most of our analyzed binaries do not rely on some kind of package managers, we have not seen the demand for supporting them on a broad base - until today.

We have now adjusted our approach to support a broad range of package managers, packet types and further sources for getting an accurate SBOM out of every testing candidate.

Beside our binary analysis mechanism as the only source of truth, EMBA is now able to extract further details from the following sources:

  • Binaries and libraries
  • Linux Kernel
  • Kernel modules
  • Linux distribution identification
  • RPM package management system
  • Debian package management system
  • OpenWRT Package management system
  • Python PIP package management system
  • Python requirements files
  • RPM packages
  • DEB packages
  • FreeBSD pkg packages
  • Java archives
  • Alpine APK
  • Python poetry
  • Python wheel
  • Rust (cargo.lock)
  • Ruby (gem)
  • JavaScript - npm
  • Windows binary exif data
  • Windows binary extraction and analysis

Further details can be found in our wiki

Additionally, we did something more:

  • FLOSS interview - check it out here
  • Ubuntu 24.04 LTS support
  • Switching from docker-compose to docker compose
  • Bug fixing
  • Refactoring
  • Docker base image updates

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image

A big kudos goes to to offchain-audit for his sponsoring and to n0x08 for his ongoing support.

Check it out here and start being an essential part of the future of EMBA


It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:


Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

What's Changed

  • #1073 by @m-1-k-3 in #1076
  • restart EMBA functionality by @m-1-k-3 in #1078
  • make the quick mode quick by @m-1-k-3 in #1081
  • Make the updater work again by @m-1-k-3 in #1082
  • fix hardening log for s16 by @m-1-k-3 in #1084
  • Quick version identifier update by @github-actions in #1089
  • Metasploit database update by @github-actions in #1087
  • CISA known exploited database update by @github-actions in #1088
  • Snyk database update by @github-actions in #1090
  • Packetstorm database update by @github-actions in #1091
  • fix day cnt by @m-1-k-3 in #1085
  • fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
  • Metasploit database update by @github-actions in #1094
  • full names and working tagging for packetstorm script by @HoxhaEndri in #1061
  • add md5sum to binaries by @m-1-k-3 in #1096
  • installer srecord by @m-1-k-3 in #1097
  • Firmware/binary handling again by @m-1-k-3 in #1099
  • little fixes by @m-1-k-3 in #1102
  • Quick version identifier update by @github-actions in #1105
  • CISA known exploited database update by @github-actions in #1104
  • Metasploit database update by @github-actions in #1103
  • Packetstorm database update by @github-actions in #1107
  • Snyk database update by @github-actions in #1106
  • Packetstorm database update by @github-actions in #1113
  • CISA known exploited database update by @github-actions in #1111
  • Metasploit database update by @github-actions in #1110
  • Snyk database update by @github-actions in #1112
  • xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
  • FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
  • Workflow docker builder updates by @m-1-k-3 in #1115
  • Remove Arachni / refactoring by @m-1-k-3 in #1117
  • Packetstorm database update by @github-actions in #1122
  • CISA known exploited database update by @github-actions in #1120
  • csv issues #1116 by @m-1-k-3 in #1118
  • Metasploit database update by @github-actions in #1119
  • Snyk database update by @github-actions in #1121
  • csv issues #1116 by @m-1-k-3 in #1123
  • f10 csv fix by @m-1-k-3 in #1124
  • Vars check by @m-1-k-3 in #1126
  • Metasploit database update by @github-actions in #1128
  • CISA known exploited database update by @github-actions in #1129
  • Packetstorm database update by @github-actions in #1131
  • Snyk database update by @github-actions in #1130
  • further vars cleanup, kev in f20 by @m-1-k-3 in #1127
  • var cleanup, status_bar fix by @m-1-k-3 in #1132
  • S36 updates, l10 fixes by @m-1-k-3 in #1133
  • CISA known exploited database update by @github-actions in #1135
  • Packetstorm database update by @github-actions in #1137
  • Metasploit database update by @github-actions in #1134
  • Snyk database update by @github-actions in #1136
  • Emulation updates by @m-1-k-3 in #1140
  • Packetstorm database update by @github-actions in #1144
  • CISA known exploited database update by @github-actions in #1142
  • Metasploit database update by @github-actions in #1141
  • s115 qemu command output by @m-1-k-3 in #1145
  • Snyk database update by @github-actions in #1143
  • Packetstorm database update by @github-actions in #1149
  • CISA known exploited database update by @github-actions in #1147
  • Metasploit database update by @github-actions in #1146
  • Snyk database update by @github-actions in #1148
  • Metasploit database update by @github-actions in #1151
  • Packetstorm database update by @github-actions in #1153
  • Snyk database update by @github-actions in #1152
  • Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
  • Update default-scan-no-notify.emba by @BenediktMKuehne in https://g...
Read more

EMBA v1.4.2-Summertime

09 Aug 07:39
69c72b1
Compare
Choose a tag to compare

image

This release includes one new module as well as a huge amount of little updates, bug fixes and refactoring for your smooth summer time:


Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image
Check it out here and start being an essential part of the future of EMBA


It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

What's Changed

New Contributors

Full Changelog: 1.4.1-white-rabbit...1.4.2-Summertime

EMBA v1.4.1 - Follow the white rabbit

17 Jun 12:28
ce738a1
Compare
Choose a tag to compare

Probably you all know that it is the 25th anniversary of the legendary Matrix movie! With the latest release EMBA got massive improvements in building the Matrix via emulation.

image

This release reflects the recent updates in our system emulation engine.

Short summary of the latest highlights:

  • We started rebuilding and upgrading the toolchain of the system emulation engine - With the current work in place we can further update the outdated FirmAE and firmadyne environment which our emulation engine is originally based on
  • Linux kernel upgraded from version 4.1.17 (the original firmadyne and FirmAE version) to version 4.1.52 - The original firmadyne kernel is from 01/2016 and a bit rusty. With the update to 4.1.52 (which is from 05/2018) we moved forward in time for more than 2 years. In the future we plan further updates to include more modern kernels.
  • Busybox updated from 1.29.3 to the current version 1.36.1
  • Multiple libnvram patches were merged from the rehosting repo of libnvram which is maintained primarly by @AndrewFasano
  • Including an optional netcat listener to the system emulation engine
  • Further debugging possibilities via strace, gdb and gdbserver added to the system emulation engine
  • Handling of time64/time32 support in firmware via updated musl libc for libnvram - This hopefully results in an improved handling on more modern firmware
  • Improved environment for ARM64 and MIPS64 architecture
  • FIRST EPSS (Exploit Prediction Scoring System) integration - see #1109
  • Updated docker base image to Kali 2024-2
  • @gluesmith2021 fixed multiple bugs in our version detection and CVE engine - see here

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image
Check it out here and start being an essential part of the future of EMBA


It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

What's Changed

  • #1073 by @m-1-k-3 in #1076
  • restart EMBA functionality by @m-1-k-3 in #1078
  • make the quick mode quick by @m-1-k-3 in #1081
  • Make the updater work again by @m-1-k-3 in #1082
  • fix hardening log for s16 by @m-1-k-3 in #1084
  • Quick version identifier update by @github-actions in #1089
  • Metasploit database update by @github-actions in #1087
  • CISA known exploited database update by @github-actions in #1088
  • Snyk database update by @github-actions in #1090
  • Packetstorm database update by @github-actions in #1091
  • fix day cnt by @m-1-k-3 in #1085
  • fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
  • Metasploit database update by @github-actions in #1094
  • full names and working tagging for packetstorm script by @HoxhaEndri in #1061
  • add md5sum to binaries by @m-1-k-3 in #1096
  • installer srecord by @m-1-k-3 in #1097
  • Firmware/binary handling again by @m-1-k-3 in #1099
  • little fixes by @m-1-k-3 in #1102
  • Quick version identifier update by @github-actions in #1105
  • CISA known exploited database update by @github-actions in #1104
  • Metasploit database update by @github-actions in #1103
  • Packetstorm database update by @github-actions in #1107
  • Snyk database update by @github-actions in #1106
  • Packetstorm database update by @github-actions in #1113
  • CISA known exploited database update by @github-actions in #1111
  • Metasploit database update by @github-actions in #1110
  • Snyk database update by @github-actions in #1112
  • xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
  • FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
  • Workflow docker builder updates by @m-1-k-3 in #1115
  • Remove Arachni / refactoring by @m-1-k-3 in #1117
  • Packetstorm database update by @github-actions in #1122
  • CISA known exploited database update by @github-actions in #1120
  • csv issues #1116 by @m-1-k-3 in #1118
  • Metasploit database update by @github-actions in #1119
  • Snyk database update by @github-actions in #1121
  • csv issues #1116 by @m-1-k-3 in #1123
  • f10 csv fix by @m-1-k-3 in #1124
  • Vars check by @m-1-k-3 in #1126
  • Metasploit database update by @github-actions in #1128
  • CISA known exploited database update by @github-actions in #1129
  • Packetstorm database update by @github-actions in #1131
  • Snyk database update by @github-actions in #1130
  • further vars cleanup, kev in f20 by @m-1-k-3 in #1127
  • var cleanup, status_bar fix by @m-1-k-3 in #1132
  • S36 updates, l10 fixes by @m-1-k-3 in #1133
  • CISA known exploited database update by @github-actions in #1135
  • Packetstorm database update by @github-actions in #1137
  • Metasploit database update by @github-actions in #1134
  • Snyk database update by @github-actions in #1136
  • Emulation updates by @m-1-k-3 in #1140
  • Packetstorm database update by @github-actions in #1144
  • CISA known exploited database update by @github-actions in #1142
  • Metasploit database update by @github-actions in #1141
  • s115 qemu command output by @m-1-k-3 in #1145
  • Snyk database update by @github-actions in #1143
  • Packetstorm database update by @github-actions in #1149
  • CISA known exploited database update by @github-actions in #1147
  • Metasploit database update by @github-actions in #1146
  • Snyk database update by @github-actions in #1148
  • Metasploit database update by @github-actions in #1151
  • Packetstorm database update by @github-actions in #1153
  • Snyk database update by @github-actions in #1152
  • Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
  • Update default-scan-no-notify.emba by @BenediktMKuehne in #1156
  • Packetstorm database update by @github-actions in #1161
  • Quick version identifier update by @github-actions in #1160
  • CISA known exploited database update by @github-actions in #1158
  • fix zlib (unzip) version string by @gluesmith2021 in #1164
  • JTR hash sorting by @BenediktMKuehne in https://github.com/...
Read more

EMBA v1.4.0 - ICS testing Edt.

05 Mar 10:04
c98898e
Compare
Choose a tag to compare

As we do a lot of ICS/OT testing in our daily business, we thought this release should reflect our usual EMBA usage scenario. Welcome to another huge EMBA release with a lot new features: EMBA v1.4.0 - ICS testing Editition

image

This time we have collected the following highlights for you:

  • less bugs -> more code -> more bugs? -> report all our bugs here
  • Extended binary analysis via semgrep (see module s16)
  • New static perl analysis via zarn (see module s27)
  • Toolchain identification (see wiki)
  • Improved update checking (see wiki)
  • New scan interface (with integrated status bar) automatically enabled in most scan-profiles
  • Improved multiple backend workflows
  • Massive speedup of multiple EMBA modules (see #1006 / #996)
  • Updated docker base image (see wiki)
  • You can get in contact with us on the following social networks: X / Mastodon / NEW: Bluesky
  • We can meet in real life at BlackHat Asia this year (see Arsenal schedule)
  • Special thanks to our awesome community for releasing multiple new articles around EMBA - see our dedicated section in the wiki

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image
Check it out here and start being an essential part of the future of EMBA


It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

Welcome to the EMBA firmware analysis environment and thank you for your valuable contribution.


What's Changed

Read more

EMBA v1.3.2 - EMBArk is out

12 Dec 13:07
04a97e1
Compare
Choose a tag to compare

The last EMBA release is not too long ago but in the mean time there was so much going on ... The most important thing is ...


The first official EMBArk release is out now!

Everything started as an idea in the beginning of 2021. The idea was to build an enterprise ready open source firmware analysis environment on top of EMBA. This environment should allow every product security team as well as every penetration tester and security researcher to use professional firmware analysis to improve the security of IoT/OT/ICS ... (you name it) devices as easy as possible. This idea was mixed up to an AMOS research project, where a team of students built a first PoC of EMBArk. You can find the original project here. From there on continuous work, improvement and testing was running more or less under the radar. Until today ... EMBArk is stable and ready for more! Kudos to @BenediktMKuehne for pushing it to the next level.


Say hi to our centralized firmware security analysis environment EMBArk! Check it out here, use it, give us feedback or improve it and start being part of this open source environment.


On EMBA side we have some "bumpy" weeks in the neck:

  • As the NIST API is currently changing and we had some serious issues with our cve-search integration we decided to rewrite it by ourself. This process took us some time to get the CVE identification feature fully working again. Thanks for all your testing and feedback during this process. With the new integration EMBA is faster, more stable and the installation is not that error prone anymore.
  • UEFI analysis integration was massively improved - see here
  • A lot of code cleanup was done by @HoxhaEndri
  • A new update check functionality by @HoxhaEndri
  • Improved firmware diffing environment - see here
  • Updated and new reporting templates by @413x8
  • Your great feedback is now collected in our wiki
  • Further public online resources are available and collected here
  • New support possibilities via patreon or buymeacoffee

Thank you for all your feedback and your testing since version 1.3.1!

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome two of them:

Welcome to the EMBA environment and thank you for your valuable contribution.


We are looking for (release) sponsors here


What's Changed

New Contributors

  • @413x8 made their first contribution in h...
Read more

EMBA v1.3.1 - Diff it

01 Nov 14:06
42ed908
Compare
Choose a tag to compare

What happened since the last EMBA release?

There was the absolute great #Hackersummercamp with our talks at BSidesLV, ICS Village (DEF CON) and Black Hat (Arsenal). The recording of the BSides talk is already available here. Beside this, Nate did a really great talk at BruCON – see here.

Beside a lot of code cleanup, bug fixing and some little improvements the new firmware diffing mode is one of the highlights in version 1.3.1.
In 1 day bug hunting, exploit development and the identification of silent patching it is quite common to identify the differences between two firmware releases.
To use this new feature (as usual in a very early alpha state) it is now possible to define a second firmware with the -o parameter. EMBA starts with some basic analysis of both firmware images, extracts both images and finds the differences between these firmware images:

image

If the file is some ASCII file a nice diff is shown:

image

If the file is a binary file we use radare2 for further analysis:

image

For further details check our Wiki

Happy bug hunting :)


Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.
image
Check it out here and start being an essential part of the future of EMBA


What's Changed

Full Changelog: 1.3.0-AI-for-EMBA...1.3.1-diff-all-the-firmwares

EMBA v1.3.0 - AI-Assisted Firmware Analysis

25 Jul 09:49
8bcb671
Compare
Choose a tag to compare

Q: Can we use AI for firmware analysis?
A: Sure, let's do it! EMBA now supports AI-assisted firmware analysis.

Again, we rise the bar in the field of Open-Source firmware security analysis. After establishing user-mode emulation or system emulation this time we moved to AI-assisted firmware analysis. More details about our AI integration are available in our Wiki


#Hackersummercamp ahead!
We got the amazing opportunity to show EMBA at the BSides conference in Las Vegas. The schedule is available here.

Additionally, you will find us with a live EMBA demo at Black Hat Arsenal

See you all in Vegas


Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

image

Check it out here and start being an essential part of the future of EMBA


What's Changed

Read more

EMBA v1.2.3 - R.I.P. Binwalk

11 May 13:53
02fd6ab
Compare
Choose a tag to compare

Binwalk, it was a long and great time with you. Now, you are a bit old and rusty and we had some issues in the past. Looks like we need to change our relationship a little bit ...

image

The binwalk extractor is already unmaintained for a quite long time period. In this time, we jumped in with multiple extractor modules within EMBA to keep the great extraction up. In the last year we have looked quite interested at the development process of Unblob.
We already integrated Unblob as an evaluation module a while ago. Currently it is integrated as the second extraction framework beside binwalk to jump in if our main binwalk/EMBA approach failed.

Now, it is time to change the game and to make Unblob to our main extractor and use binwalk only in the rare case Unblob failed.

Another very cool highlight is the acceptance of EMBA in the embedded research environment. Nate released a great article around analysing IoT devices here

image

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also become a sponsor.

image

Check it out here and start being an essential part of the future of EMBA

What's Changed

  • L25 improvements / multiple little fixes by @m-1-k-3 in #535
  • L10 module improvements by @m-1-k-3 in #543
  • New version strings (Flex and NBTscan) by @HoxhaEndri in #549
  • L10 improvement round x by @m-1-k-3 in #550
  • links in templates by @m-1-k-3 in #555
  • Freetz extraction module deprecated by @m-1-k-3 in #554
  • fix for #551 by @m-1-k-3 in #553
  • Testing workflows by @BenediktMKuehne in #541
  • Improve web crawler (L25) by @m-1-k-3 in #557
  • Updated installer.sh for "ubuntu debian" /etc/os-release and new version string by @HoxhaEndri in #552
  • SNMP module improvements by @m-1-k-3 in #565
  • Remove warning apt-key is deprecated by @HoxhaEndri in #564
  • update entropy output by @BenediktMKuehne in #566
  • Ignore files containing the following paths: /dev/ /proc/ /sys/ by @HoxhaEndri in #569
  • Fix arch detection in f50 by @m-1-k-3 in #567
  • Install fixes by @m-1-k-3 in #570
  • fix l10 error case by @m-1-k-3 in #571
  • Improved default profile handling / running modules script by @m-1-k-3 in #572
  • Fail fetch aspnetcore-targeting-pack when cleaning up by @m-1-k-3 in #579
  • Metasploit database update by @github-actions in #581
  • CISA known exploited database update by @github-actions in #582
  • Packetstorm database update by @github-actions in #585
  • Snyk database update by @github-actions in #584
  • Trickest PoC database update by @github-actions in #583
  • fix actions, fix l10 lnk fixer by @m-1-k-3 in #580
  • remove unneeded resource by @BenediktMKuehne in #586
  • Revert "remove unneeded resource" by @m-1-k-3 in #587
  • SBOM generation fix for non vuln components by @m-1-k-3 in #589
  • Avoiding /proc and /sys paths (-xdev) in symlink script and check for missing symlinks in s115 by @HoxhaEndri in #590
  • Packetstorm database update by @github-actions in #597
  • Snyk database update by @github-actions in #596
  • CISA known exploited database update by @github-actions in #594
  • Metasploit database update by @github-actions in #593
  • Lua script analysis support, UPnP live module, improvements by @m-1-k-3 in #591
  • R.I.P. binwalk by @m-1-k-3 in #598
  • ignore named pipe by @HoxhaEndri in #601
  • Packetstorm database update by @github-actions in #607
  • Snyk database update by @github-actions in #606
  • Metasploit database update by @github-actions in #604
  • apk extraction fix by @m-1-k-3 in #603
  • R2 decompiler integration by @m-1-k-3 in #608
  • url update for sasquatch deb by @m-1-k-3 in #609
  • update ubuntu libssl source by @BenediktMKuehne in #610
  • Small cleanup fixes by @m-1-k-3 in #611
  • Packetstorm database update by @github-actions in #616
  • Snyk database update by @github-actions in #615
  • CISA known exploited database update by @github-actions in #614
  • Metasploit database update by @github-actions in #613
  • Hnap detection support for system emulator by @m-1-k-3 in #612
  • Version 1.2.3 by @m-1-k-3 in #621

New Contributors

Full Changelog: 1.2.2-bluehat...1.2.3-RIP-binwalk

EMBA v1.2.2 - Blue Hat edt.

14 Mar 20:26
01bbd50
Compare
Choose a tag to compare

EMBA was shown at Microsoft Blue Hat Conference by Nate. See here for a picture of Nate himself on the stage and here you can find his slides.

image

It is so awesome to see that EMBA gets more and more used from the research community.


Spread the word and secure the Internet of Things with EMBA!


As usual we have fixed a huge number of little bugs everywhere within EMBA. Beside these fixes we also introduced the following highlights:

  • New analysis module for better Lighttpd analysis (see #469)
  • New analysis module for Android apk analysis (see #495)
  • Multiple improvements of the JTR password cracking module (includes the possibility to use a word list) (see #473 and #482)
  • More modules supporting csv exports
  • Better disk space monitoring
  • Multiple improvements for the system emulator
  • Installer has now PIPv23 support (with this also the latest Kali builds are supported)
  • Improved restart mechanism
  • Further Unblob extractor integration
  • Multiple workflow improvements
  • regular PoC and Exploit updates

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now become a sponsor.

image

Check it out here and start being an essential part of the future of EMBA

Additionally, I want to highlight our second project EMBArk which got some huge updates in the last time! Great work @BenediktMKuehne

What's Changed

  • Lighttpd analysis module by @m-1-k-3 in #469
  • s08 safe_echo fix by @m-1-k-3 in #470
  • p35 - true to not fail, s26 - check for files by @m-1-k-3 in #471
  • JTR crack multiple hash types by @m-1-k-3 in #473
  • deprecated -l option by @m-1-k-3 in #476
  • s36 fixes, renamed p61 by @m-1-k-3 in #477
  • System emulator improvements by @m-1-k-3 in #478
  • Respect module blacklist in waiting state / Installer fix by @m-1-k-3 in #479
  • Exploit database update, debug mode, command line tests by @m-1-k-3 in #481
  • Add wordlist mechanism to s109 by @m-1-k-3 in #482
  • csv export of p59, p60 and p70 by @m-1-k-3 in #483
  • disk space monitor, rpm package analysis by @m-1-k-3 in #485
  • Improve output of help command by @m-1-k-3 in #492
  • Setup further workflows by @m-1-k-3 in #490
  • Remove timezone setting by @m-1-k-3 in #494
  • Refactor, PID log, Github actions, APKHunt by @m-1-k-3 in #495
  • Packetstorm database update by @github-actions in #498
  • Snyk database update by @github-actions in #497
  • Metasploit database update by @github-actions in #496
  • Improve restart EMBA analysis feature by @m-1-k-3 in #499
  • Fix install with pip v23+ by @m-1-k-3 in #500
  • Another PIPv23 fix by @m-1-k-3 in #501
  • return if empty by @m-1-k-3 in #502
  • Input validation by @m-1-k-3 in #505
  • Check for update setting by @m-1-k-3 in #504
  • Routersploit update workflow by @m-1-k-3 in #503
  • Dependency checker, workflow by @m-1-k-3 in #506
  • Metasploit database update by @github-actions in #509
  • Snyk database update by @github-actions in #510
  • CISA known exploited database update by @github-actions in #512
  • Packetstorm database update by @github-actions in #514
  • System emulation improvements, workflow by @m-1-k-3 in #515
  • CVE state message printing by @m-1-k-3 in #518
  • Packetstorm database update by @github-actions in #528
  • Snyk database update by @github-actions in #527
  • CISA known exploited database update by @github-actions in #525
  • Routersploit database update by @github-actions in #524
  • Metasploit database update by @github-actions in #523
  • Trickest PoC database update by @github-actions in #526
  • Input adjustment by @m-1-k-3 in #529
  • version validation by @m-1-k-3 in #530
  • PATH variable bug by @m-1-k-3 in #531

New Contributors

  • @github-actions made their first contribution in #498

Full Changelog: 1.2.1...1.2.2-bluehat