Minor Updates

Config and architecture check updates
CERTCC · Dec 6, 2018 · fc54242 · fc54242
1 parent 7a673af
commit fc54242
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 1 deletion.
diff --git a/indicator_config.py b/indicator_config.py
@@ -69,6 +69,8 @@ def check_arch(ff, trommel_output):
 secret_kw = "secret"
 shell_kw = "shell"
 
+port_kw = "^port"
+
 mime_kw = 'x-executable|x-sharedlib|octet-stream|x-object|x-pie-executable'
 
 private_key_kw = "private.*key"

diff --git a/indicators.py b/indicators.py
@@ -336,6 +336,9 @@ def kw(ff, trommel_output, trommel_vfeed_output, names, bin_search):
 	read_search_kw(ff, secret_kw, trommel_output, bin_search)
 	read_search_kw(ff, shell_kw, trommel_output, bin_search)
 
+	read_search_kw(ff, port_kw, trommel_output, bin_search)
+
+
 
 	#Search for keywords "private key", IP addresses, URLs, and email addresses
 	try:

diff --git a/trommel.py b/trommel.py
@@ -132,7 +132,8 @@ def main():
 
 				if '/bin/busybox' in ff:
 					value = indicator_config.check_arch(ff, trommel_output)
-					print ("Based on the binary 'busybox' the instruction set architecture is %s.\n" % value)
+					if value != None:
+						print ("Based on the binary 'busybox' the instruction set architecture is %s.\n" % value)
 
 				#Ignore any symlinks
 				if not os.path.islink(ff):