Closed Aiming-future closed 1 year ago
Aiming-future
commented
1 year ago Hi, Your work is great, but I noticed that every firmware scan analyzes the kernel, which takes too much time. If you can eliminate kernel analysis, it will greatly reduce the time spent on each firmware analysis.
m-1-k-3
commented
1 year ago Thank you for reaching us. Which firmware you are talking about? Could you provide a download link? We have multiple modules dealing with Kernel analysis. Which module you are refering?
Aiming-future
commented
1 year ago no matter what kind of firmware ,eachscan takses more than two hour and each scan report has this "kernel" moudle which i think takes a lot of time.
m-1-k-3
commented
1 year ago I see it ;) You have an old kernel with a lot of CVEs (1734) and it takes time to query the CVE database.
BenediktMKuehne
commented
1 year ago related to #62 work in progress 👍
Aiming-future
commented
1 year ago I see it ;) You have an old kernel with a lot of CVEs (1734) and it takes time to query the CVE database.
Okay, so would it help if I changed my version of Kali? And by the way, which version of the kernel do you recommend?
m-1-k-3
commented
1 year ago Sorry for the misunderstanding. I mean the firmware you are testing. This firmware has a very old kernel (version 2.6.30.9 with 1700++ vulnerabilities). To query these details takes some time.
Aiming-future
commented
1 year ago related to #62 work in progress 👍
It seems that there is no file named module_blacklist.txt in the config directory. Then I manually added this file, but it didn't work. Otherwise, the -m paramter also didn't work. By the way, emba sometimes may stuck like this all night:
At present,only the embark work well,but the kernel analysis really takes too much time.
m-1-k-3
commented
1 year ago Aiming-future
commented
1 year ago
- Module blacklisting is documented here: https://github.com/e-m-b-a/emba/wiki/Tweak-your-scan#blacklist-modules => But (!!!) we are talking about the vulnerability aggregator (module f20). If you exclude this module you will not get any vulnerability details anymore. Not for the kernel, not for any other software component. There is not option like "do not check for kernel but for all others". If you need somthing like this you need to disable modules like s24 and s25 and the the regexes for kernel stuff from config/bin_version_strings.cfg.
- -m parameter is for activating modules. If you are only activating some module e.g., sXYZ the f modules and the p modules are not affected. If you really want to deactivate all of these modules you need to define something like this -m p02 -m pXYZ -m sXYZ -m fXYZ. I do not think this is what you really want.
- For the stucked analysis I need more details e.g., which firmware, which command line you are using to start this analysis.
- Currently it is not possible to disable the kernel aggregation for known vulnerabilities just for the kernel.
Appreciate your answer!!!I finally made it by removing the module outside. And the module_blacklist file actually works without using the -m paramter which conflicts with it. Now my report is like this:
A lot of time is saved! Appreciate you again. By the way the 'stucked' problem probably arised from command conflict.
m-1-k-3
commented
1 year ago Cool. If you have further bugs or questions feel free to open further issues.
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like A clear and concise description of what you want to happen.
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
Additional context Add any other context or screenshots about the feature request here.