Merge pull request e-m-b-a#253 from m-1-k-3/master

config/bin_version_strings.cfg

@@ -140,7 +140,7 @@ dropbear;;mit;"Dropbear\ SSH\ multi-purpose\ v[0-9]+\.[0-9]+";"sed -r 's/Dropbea
 dropbear;;mit;"^Dropbear\ SSH\ multi-purpose\ v20[0-9][0-9]\.[0-9]+$";"sed -r 's/Dropbear\ SSH\ multi-purpose\ v([0-9]+(\.[0-9]+)+?)$/dropbear_ssh:\1/'";
 dropbear;;mit;"^Dropbear\ sshd\ v20[0-9][0-9]\.[0-9][0-9]$";"sed -r 's/Dropbear\ sshd\ v([0-9]+(\.[0-9]+)+?)$/dropbear_ssh:\1/'";
 dropbear;;mit;"^Dropbear\ v20[0-9][0-9]\.[0-9][0-9]$";"sed -r 's/Dropbear\ v([0-9]+(\.[0-9]+)+?)$/dropbear_ssh:\1/'";
-dropbear;live;mit;"Dropbear\ sshd\ 20[0-9]+\.[0-9]+\ \(protocol\2\.0\)$";"sed -r 's/Dropbear\ sshd\ (20[0-9]+(\.[0-9]+)+?).*/dropbear_ssh:\1/'";
+dropbear;live;mit;"Dropbear\ sshd\ 20[0-9]+\.[0-9]+\ \(protocol\ 2\.0\)$";"sed -r 's/Dropbear\ sshd\ (20[0-9]+(\.[0-9]+)+?).*/dropbear_ssh:\1/'";
 dumpe2fs;;unknown;"dumpe2fs\ [0-9](\.[0-9]+)+?\ ";"sed -r 's/dumpe2fs\ ([0-9](\.[0-9]+)+?).*/e2fsprogs:\1/'";
 dumpimage;;gplv2+;"^dumpimage\ version\ 20[0-9]+(\.[0-9]+)+?";"sed -r 's/dumpimage\ version\ ([0-9]+(\.[0-9]+)+?).*/uboot:dumpimage:\1/'";
 dxml;;unknown;"^dxml\ version\ [0-9]\.[0-9]b[0-9]+$";"sed -r 's/dxml\ version\ ([0-9](\.[0-9]+)+?(b[0-9]+)?)$/dxml:\1/'";
@@ -336,6 +336,7 @@ libreswan;;gplv2;"^Libreswan\ [\.0-9]+";"sed -r 's/Libreswan\ ([0-9](\.[0-9]+)+?
 libsensors;;unknown;"libsensors\ version\ [.\0-9]+$";"sed -r 's/libsensors\ version\ ([0-9](\.[0-9]+)+?)$/libsensors:\1/'";
 libtiff;;unknown;"^LIBTIFF,\ Version\ [0-9](\.[0-9]+)+?$";"sed -r 's/LIBTIFF,\ Version\ ([0-9](\.[0-9]+)+?)$/libtiff:libtiff:\1/'";
 lighttpd;;bsd;"^lighttpd\/[0-9](\.[0-9]+)+?\ .*\ -\ a\ light\ and\ fast\ webserver$";"sed -r 's/lighttpd\/([0-9](\.[0-9]+)+?)\ .*/lighttpd:\1/'";
+lighttpd;live;bsd;"^lighttpd\/[0-9](\.[0-9]+)+?(-devel-[0-9]+[A-Z])?$";"sed -r 's/lighttpd\/([0-9](\.[0-9]+)+?).*/lighttpd:\1/'";
 lighttpd;;bsd;"^lighttpd-[0-9](\.[0-9]+)+?\ \-\ a\ light\ and\ fast\ webserver$";"sed -r 's/lighttpd-([0-9](\.[0-9]+)+?)\ .*/lighttpd:\1/'";
 lighttpd;;bsd;"^lighttpd-[0-9](\.[0-9]+)+?\ \(.*\)\ \-\ a\ light\ and\ fast\ webserver$";"sed -r 's/lighttpd-([0-9](\.[0-9]+)+?)\ .*/lighttpd:\1/'";
 lighttpd;;bsd;"lighttpd-[0-9](\.[0-9]+)+?$";"sed -r 's/lighttpd-([0-9](\.[0-9]+)+?)$/lighttpd:\1/'";
@@ -392,7 +393,8 @@ minicom;;gplv2;"minicom\ version\ [0-9](\.[0-9]+)+?";"sed -r 's/minicom\ version
 minidlna;strict;gplv2;"^Version\ [0-9](\.[0-9]+)+?$";"sed -r 's/Version\ ([0-9](\.[0-9]+)+?)$/minidlna:\1/'";
 minidlna;strict;gplv2;"Version\ [0-9]\.[0-9]+\.[0-9]+";"sed -r 's/Version\ ([0-9](\.[0-9]+)+?).*/minidlna:\1/'";
 minidlna;;gplv2;"^Starting\ MiniDLNA\ version\ [0-9](\.[0-9]+)+?";"sed -r 's/Starting\ MiniDLNA\ version\ ([0-9](\.[0-9]+)+?)/minidlna:\1/'";
-mini_httpd;;unknown;"mini_httpd\/[0-9](\.[0-9]+)+?(\ [0-9]+)?";"sed -r 's/mini_httpd\/([0-9](\.[0-9]+)+?).*/mini_httpd:\1/'";
+mini_httpd;;unknown;"mini_httpd\/[0-9](\.[0-9]+)+?(\ [0-9]+)?";"sed -r 's/mini_httpd\/([0-9](\.[0-9]+)+?).*/acme:mini_httpd:\1/'";
+mini_httpd;live;unknown;"mini_httpd\ [0-9](\.[0-9]+)+?(\ [0-9]+)?";"sed -r 's/mini_httpd\ ([0-9](\.[0-9]+)+?).*/acme:mini_httpd:\1/'";
 miniupnpd;;unknown;"SERVER:.*UPnP\/[0-9](\.[0-9]+)+?\ MiniUPnPd\/[0-9](\.[0-9]+)+?$";"sed -r 's/SERVER:.*UPnP\/[0-9](\.[0-9]+)+?\ MiniUPnPd\/([0-9](\.[0-9]+)+?)$/miniupnpd:\2/'";
 mkconfig;;unknown;"^mkconfig\ version\ [0-9](\.[0-9]+)+?$";"sed -r 's/mkconfig\ version\ ([0-9](\.[0-9]+)+?)$/mkconfig:\1/'";
 mke2fs;;unknown;"^mke2fs\ [0-9](\.[0-9]+)+?";"sed -r 's/mke2fs\ ([0-9](\.[0-9]+)+?)/e2fsprogs:\1/'";
@@ -666,6 +668,7 @@ unrar;;unknown;"^UNRAR\ [0-9]\.[0-9]+\ freeware\ .*\ Copyright\ \(c\)\ [0-9]+-[0
 upnpc-ddns;;unknown;"upnpc-ddns\ version:\ [0-9](\.[0-9]+)+?:\ ";""sed -r 's/upnpc-ddns\ version:\ ([0-9]+(\.[0-9]+)+?):\ /upnpc-ddns:\1/';
 upnp_igd;;unknown;"UPnP\ ControlPoint\ [0-9](\.[0-9]+)+?\ for\ IGD";"sed -r 's/UPnP\ ControlPoint\ ([0-9](\.[0-9]+)+?)\ for\ IGD/upnp_controlpoint:\1/'";
 upnp_sdk;;unknown;"Intel\ SDK\ for\ UPnP\ devices\ \/[0-9](\.[0-9]+)+?$";"sed -r 's/Intel\ SDK\ for\ UPnP\ devices\ \/([0-9](\.[0-9]+)+?)$/portable_sdk_for_upnp:\1/'";
+upnp_sdk;;unknown;"Portable\ SDK\ for\ UPnP\ devices\ [0-9](\.[0-9]+)+?\ .*";"sed -r 's/Portable\ SDK\ for\ UPnP\ devices\ ([0-9](\.[0-9]+)+?)\ .*/portable_sdk_for_upnp:\1/'";
 usb-modeswitch;strict;unknown;"Version\ [0-9]\.[0-9]+\.[0-9]+\ ";"sed -r 's/Version\ ([0-9]+(\.[0-9]+)+?)\ .*/usb-modeswitch:\1/'";
 usbhid-dump;;unknown;"^usbhid-dump [0-9]\.[0-9]$";"sed -r 's/usbhid-dump\ ([0-9]+(\.[0-9]+)+?)$/usbhid:\1/'";
 util-linux;;gpl;"util-linux\ [0-9](\.[0-9]+)+?$";"sed -r 's/util-linux\ ([0-9](\.[0-9]+)+?)$/util-linux:\1/'";

config/msf_cve-db.txt

@@ -4,8 +4,6 @@
 /usr/share/metasploit-framework/modules/auxiliary/admin/backupexec/registry.rb:CVE-2005-0771
 /usr/share/metasploit-framework/modules/auxiliary/admin/db2/db2rcmd.rb:CVE-2004-0795
 /usr/share/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2020_1472_zerologon.rb:CVE-2020-1472
-/usr/share/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2021_1675_printnightmare.rb:CVE-2021-1675
-/usr/share/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2021_1675_printnightmare.rb:CVE-2021-34527
 /usr/share/metasploit-framework/modules/auxiliary/admin/edirectory/edirectory_dhost_cookie.rb:CVE-2009-4655
 /usr/share/metasploit-framework/modules/auxiliary/admin/edirectory/edirectory_edirutil.rb:CVE-2008-0926
 /usr/share/metasploit-framework/modules/auxiliary/admin/emc/alphastor_devicemanager_exec.rb:CVE-2008-2157
@@ -667,6 +665,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/f5_bigip_tmui_rce.rb:CVE-2020-5902
 /usr/share/metasploit-framework/modules/exploits/linux/http/f5_icall_cmd.rb:CVE-2015-3628
 /usr/share/metasploit-framework/modules/exploits/linux/http/f5_icontrol_exec.rb:CVE-2014-2928
+/usr/share/metasploit-framework/modules/exploits/linux/http/f5_icontrol_rce.rb:CVE-2022-1388
 /usr/share/metasploit-framework/modules/exploits/linux/http/f5_icontrol_rest_ssrf_rce.rb:CVE-2021-22986
 /usr/share/metasploit-framework/modules/exploits/linux/http/foreman_openstack_satellite_code_exec.rb:CVE-2013-2121
 /usr/share/metasploit-framework/modules/exploits/linux/http/fritzbox_echo_exec.rb:CVE-2014-9727
@@ -810,6 +809,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/vmware_view_planner_4_6_uploadlog_rce.rb:CVE-2021-21978
 /usr/share/metasploit-framework/modules/exploits/linux/http/vmware_vrops_mgr_ssrf_rce.rb:CVE-2021-21975
 /usr/share/metasploit-framework/modules/exploits/linux/http/vmware_vrops_mgr_ssrf_rce.rb:CVE-2021-21983
+/usr/share/metasploit-framework/modules/exploits/linux/http/vmware_workspace_one_access_cve_2022_22954.rb:CVE-2022-22954
 /usr/share/metasploit-framework/modules/exploits/linux/http/wd_mycloud_multiupload_upload.rb:CVE-2017-17560
 /usr/share/metasploit-framework/modules/exploits/linux/http/webcalendar_settings_exec.rb:CVE-2012-1495
 /usr/share/metasploit-framework/modules/exploits/linux/http/webmin_backdoor.rb:CVE-2019-15107
@@ -819,6 +819,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/http/zabbix_sqli.rb:CVE-2013-5743
 /usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_xxe_rce.rb:CVE-2019-9621
 /usr/share/metasploit-framework/modules/exploits/linux/http/zimbra_xxe_rce.rb:CVE-2019-9670
+/usr/share/metasploit-framework/modules/exploits/linux/http/zyxel_ztp_rce.rb:CVE-2022-30525
 /usr/share/metasploit-framework/modules/exploits/linux/ids/alienvault_centerd_soap_exec.rb:CVE-2014-3804
 /usr/share/metasploit-framework/modules/exploits/linux/ids/snortbopre.rb:CVE-2005-3252
 /usr/share/metasploit-framework/modules/exploits/linux/imap/imap_uw_lsub.rb:CVE-2000-0284
@@ -876,6 +877,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/local/vmware_mount.rb:CVE-2013-1662
 /usr/share/metasploit-framework/modules/exploits/linux/misc/aerospike_database_udf_cmd_exec.rb:CVE-2020-13151
 /usr/share/metasploit-framework/modules/exploits/linux/misc/asus_infosvr_auth_bypass_exec.rb:CVE-2014-9583
+/usr/share/metasploit-framework/modules/exploits/linux/misc/cisco_rv340_sslvpn.rb:CVE-2022-20699
 /usr/share/metasploit-framework/modules/exploits/linux/misc/cve_2020_13160_anydesk.rb:CVE-2020-13160
 /usr/share/metasploit-framework/modules/exploits/linux/misc/cve_2021_38647_omigod.rb:CVE-2021-38647
 /usr/share/metasploit-framework/modules/exploits/linux/misc/gld_postfix.rb:CVE-2005-1099
@@ -914,6 +916,7 @@
 /usr/share/metasploit-framework/modules/exploits/linux/postgres/postgres_payload.rb:CVE-2007-3280
 /usr/share/metasploit-framework/modules/exploits/linux/pptp/poptop_negative_read.rb:CVE-2003-0213
 /usr/share/metasploit-framework/modules/exploits/linux/proxy/squid_ntlm_authenticate.rb:CVE-2004-0541
+/usr/share/metasploit-framework/modules/exploits/linux/redis/redis_debian_sandbox_escape.rb:CVE-2022-0543
 /usr/share/metasploit-framework/modules/exploits/linux/samba/chain_reply.rb:CVE-2010-2063
 /usr/share/metasploit-framework/modules/exploits/linux/samba/is_known_pipename.rb:CVE-2017-7494
 /usr/share/metasploit-framework/modules/exploits/linux/samba/lsa_transnames_heap.rb:CVE-2007-2446
@@ -1032,6 +1035,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/cups_bash_env_exec.rb:CVE-2014-6271
 /usr/share/metasploit-framework/modules/exploits/multi/http/cups_bash_env_exec.rb:CVE-2014-6278
 /usr/share/metasploit-framework/modules/exploits/multi/http/cve_2021_35464_forgerock_openam.rb:CVE-2021-35464
+/usr/share/metasploit-framework/modules/exploits/multi/http/dotcms_file_upload_rce.rb:CVE-2022-26352
 /usr/share/metasploit-framework/modules/exploits/multi/http/drupal_drupageddon.rb:CVE-2014-3704
 /usr/share/metasploit-framework/modules/exploits/multi/http/eventlog_file_upload.rb:CVE-2014-6037
 /usr/share/metasploit-framework/modules/exploits/multi/http/familycms_less_exec.rb:CVE-2011-5130
@@ -1098,6 +1102,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/movabletype_upgrade_exec.rb:CVE-2012-6315
 /usr/share/metasploit-framework/modules/exploits/multi/http/movabletype_upgrade_exec.rb:CVE-2013-0209
 /usr/share/metasploit-framework/modules/exploits/multi/http/mutiny_subnetmask_exec.rb:CVE-2012-3001
+/usr/share/metasploit-framework/modules/exploits/multi/http/mybb_rce_cve_2022_24734.rb:CVE-2022-24734
 /usr/share/metasploit-framework/modules/exploits/multi/http/nas4free_php_exec.rb:CVE-2013-3631
 /usr/share/metasploit-framework/modules/exploits/multi/http/navigate_cms_rce.rb:CVE-2018-17552
 /usr/share/metasploit-framework/modules/exploits/multi/http/navigate_cms_rce.rb:CVE-2018-17553
@@ -1154,6 +1159,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/sonicwall_scrutinizer_methoddetail_sqli.rb:CVE-2014-4977
 /usr/share/metasploit-framework/modules/exploits/multi/http/splunk_mappy_exec.rb:CVE-2011-4642
 /usr/share/metasploit-framework/modules/exploits/multi/http/spring_cloud_function_spel_injection.rb:CVE-2022-22963
+/usr/share/metasploit-framework/modules/exploits/multi/http/spring_framework_rce_spring4shell.rb:CVE-2022-22965
 /usr/share/metasploit-framework/modules/exploits/multi/http/struts2_code_exec_showcase.rb:CVE-2017-9791
 /usr/share/metasploit-framework/modules/exploits/multi/http/struts2_content_type_ognl.rb:CVE-2017-5638
 /usr/share/metasploit-framework/modules/exploits/multi/http/struts2_multi_eval_ognl.rb:CVE-2019-0230
@@ -1221,6 +1227,7 @@
 /usr/share/metasploit-framework/modules/exploits/multi/http/wp_plugin_modern_events_calendar_rce.rb:CVE-2021-24145
 /usr/share/metasploit-framework/modules/exploits/multi/http/wp_plugin_sp_project_document_rce.rb:CVE-2021-24347
 /usr/share/metasploit-framework/modules/exploits/multi/http/wp_popular_posts_rce.rb:CVE-2021-42362
+/usr/share/metasploit-framework/modules/exploits/multi/http/wso2_file_upload_rce.rb:CVE-2022-29464
 /usr/share/metasploit-framework/modules/exploits/multi/http/x7chat2_php_exec.rb:CVE-2014-8998
 /usr/share/metasploit-framework/modules/exploits/multi/http/zabbix_script_exec.rb:CVE-2013-3628
 /usr/share/metasploit-framework/modules/exploits/multi/http/zenworks_configuration_management_upload.rb:CVE-2015-0779
@@ -1457,6 +1464,7 @@
 /usr/share/metasploit-framework/modules/exploits/unix/webapp/xymon_useradm_cmd_exec.rb:CVE-2016-2056
 /usr/share/metasploit-framework/modules/exploits/unix/webapp/zeroshell_exec.rb:CVE-2009-0545
 /usr/share/metasploit-framework/modules/exploits/unix/webapp/zimbra_lfi.rb:CVE-2013-7091
+/usr/share/metasploit-framework/modules/exploits/unix/webapp/zoneminder_lang_exec.rb:CVE-2022-29806
 /usr/share/metasploit-framework/modules/exploits/unix/webapp/zoneminder_packagecontrol_exec.rb:CVE-2013-0232
 /usr/share/metasploit-framework/modules/exploits/windows/antivirus/ams_hndlrsvc.rb:CVE-2010-0111
 /usr/share/metasploit-framework/modules/exploits/windows/antivirus/ams_xfr.rb:CVE-2009-1429
@@ -1709,6 +1717,8 @@
 /usr/share/metasploit-framework/modules/exploits/windows/browser/yahoomessenger_server.rb:CVE-2007-3147
 /usr/share/metasploit-framework/modules/exploits/windows/browser/zenturiprogramchecker_unsafe.rb:CVE-2007-2987
 /usr/share/metasploit-framework/modules/exploits/windows/browser/zenworks_helplauncher_exec.rb:CVE-2011-2657
+/usr/share/metasploit-framework/modules/exploits/windows/dcerpc/cve_2021_1675_printnightmare.rb:CVE-2021-1675
+/usr/share/metasploit-framework/modules/exploits/windows/dcerpc/cve_2021_1675_printnightmare.rb:CVE-2021-34527
 /usr/share/metasploit-framework/modules/exploits/windows/dcerpc/ms03_026_dcom.rb:CVE-2003-0352
 /usr/share/metasploit-framework/modules/exploits/windows/dcerpc/ms05_017_msmq.rb:CVE-2005-0059
 /usr/share/metasploit-framework/modules/exploits/windows/dcerpc/ms07_029_msdns_zonename.rb:CVE-2007-1748

config/report_templates/P60_firmware_bin_extractor-pre.sh

@@ -1,5 +1,4 @@
 #!/bin/bash
 
 print_output "This module extracts firmware with binwalk, checks if a root filesystem can be found."
-print_output "If binwalk fails to extract the firmware, FACT-extractor is used."
 print_output "As last resort binwalk will try to extract every available file multiple times."

emba.sh

@@ -40,9 +40,12 @@ import_module()
   local MODULES_LOCAL=()
   local MODULES_EMBA=()
   local MODULE_COUNT=0
-  mapfile -t MODULES_EMBA < <(find "$MOD_DIR" -name "*.sh" | sort -V 2> /dev/null)
+  # to ensure we are only auto load modules from the modules main directory we set maxdepth
+  # with this in place we can create sub directories per module. For using/loading stuff from
+  # these sub directories the modules are responsible!
+  mapfile -t MODULES_EMBA < <(find "$MOD_DIR" -maxdepth 1 -name "*.sh" | sort -V 2> /dev/null)
   if [[ -d "${MOD_DIR_LOCAL}" ]]; then
-    mapfile -t MODULES_LOCAL < <(find "${MOD_DIR_LOCAL}" -name "*.sh" 2>/dev/null | sort -V 2> /dev/null)
+    mapfile -t MODULES_LOCAL < <(find "${MOD_DIR_LOCAL}" -maxdepth 1 -name "*.sh" 2>/dev/null | sort -V 2> /dev/null)
   fi
   MODULES=( "${MODULES_EMBA[@]}" "${MODULES_LOCAL[@]}" )
   for MODULE_FILE in "${MODULES[@]}" ; do

helpers/helpers_emba_dependency_check.sh

@@ -139,6 +139,7 @@ check_cve_search() {
     export CVE_SEARCH=1
   fi
 }
+
 print_cve_search_failure() {
   print_output "[-] The needed CVE database is not responding as expected." "no_log"
   print_output "[-] CVE checks are currently not possible!" "no_log"
@@ -149,6 +150,18 @@ print_cve_search_failure() {
 # Source: https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash
 version() { echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
 
+check_emulation_port() {
+  TOOL_NAME="${1:-}"
+  PORT_NR="${2:-}"
+  print_output "    ""$TOOL_NAME"" - \\c" "no_log"
+  if netstat -anpt | grep -q "$PORT_NR"; then
+    echo -e "$RED""not ok""$NC"
+    echo -e "$RED""    System emulation services detected - check for running Qemu processes""$NC"
+  else
+    echo -e "$GREEN""ok""$NC"
+  fi
+}
+
 dependency_check() 
 {
   module_title "Dependency check" "no_log"
@@ -308,10 +321,6 @@ dependency_check()
     check_dep_tool "ubireader image extractor" "ubireader_extract_images"
     check_dep_tool "ubireader file extractor" "ubireader_extract_files"
 
-    # CVE and CVSS databases
-    check_dep_file "CVE database" "$EXT_DIR""/allitems.csv"
-    check_dep_file "CVSS database" "$EXT_DIR""/allitemscvss.csv"
-
     if function_exists F20_vul_aggregator; then
       # CVE-search
       # TODO change to portcheck and write one for external hosts
@@ -369,12 +378,6 @@ dependency_check()
       check_dep_tool "radare2" "r2"
     fi
 
-    # php - currently not used
-    # check_dep_tool "php"
-
-    # pylint - currently not used
-    # check_dep_tool "pylint"
-
     # bandit python security tester
     check_dep_tool "bandit - python vulnerability scanner" "bandit"
 
@@ -389,19 +392,39 @@ dependency_check()
       check_dep_tool "STACS hash detection" "stacs"
     fi
 
-    # firmadyne / FirmAE
+    # Full system emulation modules (L*)
     if [[ $FULL_EMULATION -eq 1 ]]; then
-      # check only some of the needed files
-      check_dep_file "console.mipsel" "$EXT_DIR""/firmae/binaries/console.mipsel"
-      check_dep_file "vmlinux.mipseb" "$EXT_DIR""/firmae/binaries/vmlinux.mipseb.4"
-      check_dep_file "fixImage.sh" "$EXT_DIR""/firmae/scripts/fixImage.sh"
-      check_dep_file "preInit.sh" "$EXT_DIR""/firmae/scripts/preInit.sh"
       check_dep_tool "Qemu system emulator ARM" "qemu-system-arm"
       check_dep_tool "Qemu system emulator MIPS" "qemu-system-mips"
       check_dep_tool "Qemu system emulator MIPSel" "qemu-system-mipsel"
 
+      # check only some of the needed files
+      check_dep_file "console.*" "$EXT_DIR""/firmae/binaries/console.mipsel"
+      check_dep_file "busybox.*" "$EXT_DIR""/firmae/binaries/busybox.mipsel"
+      check_dep_file "libnvram.*" "$EXT_DIR""/firmae/binaries/libnvram.so.armel"
+      check_dep_file "vmlinux.mips*" "$EXT_DIR""/firmae/binaries/vmlinux.mipseb.4"
+      check_dep_file "vmlinux.armel" "$EXT_DIR""/firmae/binaries/vmlinux.armel"
+
+      # re-enable this with the PR
+      #check_dep_file "fixImage.sh" "$MOD_DIR""/L10_system_emulation/fixImage.sh"
+      #check_dep_file "preInit.sh" "$MOD_DIR""/L10_system_emulation/preInit.sh"
+      #check_dep_file "inferFile.sh" "$MOD_DIR""/L10_system_emulation/inferFile.sh"
+      #check_dep_file "inferService.sh" "$MOD_DIR""/L10_system_emulation/inferService.sh"
+
       # routersploit for full system emulation
       check_dep_file "Routersploit installation" "$EXT_DIR""/routersploit/rsf.py"
+
+      check_dep_file "Arachni web scanner installation" "$EXT_DIR""/arachni/arachni-1.6.1.3-0.6.1.1/bin/arachni"
+      check_dep_file "TestSSL.sh installation" "$EXT_DIR""/testssl.sh/testssl.sh"
+      check_dep_tool "Nikto web server analyzer" "nikto"
+      check_dep_tool "Cutycapt screenshot tool" "cutycapt"
+      check_dep_tool "snmp-check tool" "snmp-check"
+      check_dep_tool "Nmap portscanner" "nmap"
+      check_dep_tool "hping3" "hping3"
+      check_dep_tool "ping" "ping"
+      # This port is used by our Qemu installation and should not be used by another process.
+      # This check is not a blocker for the test. It is checked again by the emulation module:
+      check_emulation_port "Running Qemu service" "2001"
     fi
 
     if function_exists S120_cwe_checker; then
@@ -415,7 +438,6 @@ dependency_check()
         DEP_ERROR=1
       fi
     fi
-
   fi
 
   if [[ $DEP_ERROR -gt 0 ]] || [[ $DEP_EXIT -gt 0 ]]; then

helpers/helpers_emba_print.sh

@@ -540,7 +540,7 @@ module_start_log() {
     #strip final slash from log dir
     LOG_DIR="${LOG_DIR:: -1}"
   fi
-  LOG_PATH_MODULE="$LOG_DIR""/""$(echo "$MODULE_MAIN_NAME" | tr '[:upper:]' '[:lower:]')"
+  LOG_PATH_MODULE=$(abs_path "$LOG_DIR""/""$(echo "$MODULE_MAIN_NAME" | tr '[:upper:]' '[:lower:]')")
   if ! [[ -d "$LOG_PATH_MODULE" ]] ; then mkdir "$LOG_PATH_MODULE" || true; fi
 }
 

installer.sh

@@ -171,8 +171,6 @@ if [[ "$CVE_SEARCH" -ne 1 ]] || [[ "$DOCKER_SETUP" -ne 1 ]] || [[ "$IN_DOCKER" -
 
   I20_php_check
 
-  I30_version_vulnerability_check
-
   I108_stacs_password_search
 
   I110_yara_check
@@ -183,11 +181,6 @@ if [[ "$CVE_SEARCH" -ne 1 ]] || [[ "$DOCKER_SETUP" -ne 1 ]] || [[ "$IN_DOCKER" -
 
   IL10_system_emulator
 
-  # for testing only:
-  #IL21_firmae_system_emulator
-  # for testing only:
-  #IL22_firmadyne_system_emulator
-
   IL15_emulated_checks_init
 
   IF50_aggregator_common