Updates

See Changelog.md for specific updates.

Changelog.md

@@ -1,6 +1,13 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+#2019-08-02
+### Changed
+- Added dependency of Pyfiglet for banner printing
+- Removed one-off search capability. If you want new search items create an issue to have me add it to the config
+### Added
+- Added parsing of passwd files to highlight users with shell access
+
 ## 2019-04-23
 ### Changed
 - Removed vFeed db dependency. Updated documentation for this change.

Documentation.md

@@ -31,8 +31,9 @@
 # Handling Dependencies
 * Download TROMMEL
 * Python3-magic
-	* For Linux:
-		* apt-get install python3-magic
+	* For Linux: apt-get install python3-magic
+* Pyfiglet
+	* For linux: pip3 install pyfiglet
 
 # Usage
 ```
@@ -46,12 +47,8 @@ Output TROMMEL results to a file based on a given directory. Search both binary
 ```
 $ trommel.py -p /extracted_firmware_directory -o output_file -d output_file_dir -b
 ```
-One-off text search of directory
-```
-$ trommel.py -p /extracted_firmware_directory -s user_search_term
-```
 
 # Suggested usage:
 * Steps:
 	* Once TROMMEL is installed, down a firmware binary, extract the contents of the firmware binary to expose the files/file system using [binwalk](https://github.com/devttys0/binwalk) or something similar.
-	* Run TROMMEL on the extracted firmware file system directory
+	* Run TROMMEL on the extracted firmware root file system directory

README.md

@@ -1,7 +1,5 @@
 # TROMMEL
 
-## MAJOR UPDATES Coming Soon!!! 
-
 TROMMEL sifts through embedded device files to identify potential vulnerable indicators. <br />
 
 TROMMEL identifies the following indicators related to:
@@ -23,27 +21,24 @@ TROMMEL identifies the following indicators related to:
 * [Python-Magic](https://pypi.python.org/pypi/python-magic) - See documentation for instructions for Python3-magic installation
 
 # Usage
+TROMMEL help menu.
 ```
 $ trommel.py --help
 ```
-Output TROMMEL results to a file based on a given directory. By default, only searches plain text files.
-```
-$ trommel.py -p /directory -o output_file
-```
-Output TROMMEL results to a file based on a given directory. Search both binary and plain text files.
+Output TROMMEL results to a specific file and a specific directory based on a given root file system directory.
 ```
-$ trommel.py -p /directory -o output_file -b
+$ trommel.py -p <root file system directory> -o results_output_file -d <directory to save results output file>
 ```
 
 ## Notes
-* The intended to assist researchers during firmware analysis to find potential vulnerabilities
-* Network defenders can benefit as well to assess devices on their network or for devices they plan to add to their network
-* Devices can include IoT (web cams, smart devices (light bulbs, plugs, switches, TVs, fridge, coffee maker, etc.)), SCADA/ICS, routers, really anything with an embedded flash chip that boots an OS on startup.
+* Red Team point of view: researchers during firmware analysis to find potential vulnerabilities
+* Blue Team point of view: Network defenders can benefit as well to assess devices on their network or for devices they plan to add to their network
+* Devices can include IoT (web cams, smart devices (light bulbs, plugs, switches, TVs, fridge, coffee maker, etc.)), SCADA/ICS, routers, really anything with an embedded flash chip that boots an OS (or like an OS) on startup.
 * TROMMEL has been tested using Python3 on Kali Linux x86_64.
 
 ## References
 * [Firmwalker](https://github.com/craigz28/firmwalker)
 * [Lua Code: Security Overview and Practical Approaches to Static Analysis by Andrei Costin](http://firmware.re/lua/)
 
 ## Author
-* Kyle O'Meara - komeara AT cert DOT org and @cool_breeze26
+* Kyle O'Meara - Contact: komeara AT cert DOT org, via Twitter @cool_breeze26, or submit an [Issue](https://github.com/CERTCC/trommel/issues)

indicator_config.py

@@ -100,7 +100,7 @@ def check_arch(ff, trommel_output):
 sftp_bin = "sftp"
 tftp_bin = "tftp"
 dropbear_bin = "dropbear"
-busybox_bin = "busybox"
+busybox_bin = "busybox.*"
 telnet_bin = "telnet"
 telnetd_bin = "telnetd"
 openssl_bin = "openssl"