{"id":13798141,"url":"https://github.com/binarly-io/fwhunt-scan","last_synced_at":"2026-03-03T19:12:20.350Z","repository":{"id":39639370,"uuid":"268312085","full_name":"binarly-io/fwhunt-scan","owner":"binarly-io","description":"Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules","archived":false,"fork":false,"pushed_at":"2025-05-02T18:17:19.000Z","size":784,"stargazers_count":242,"open_issues_count":0,"forks_count":32,"subscribers_count":18,"default_branch":"master","last_synced_at":"2026-01-14T10:37:38.178Z","etag":null,"topics":["efi-guid","efi-protocols","radare2","reverse-engineering","uefi","uefi-firmware","uefi-firmware-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/binarly-io.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-05-31T15:50:20.000Z","updated_at":"2026-01-13T11:19:28.000Z","dependencies_parsed_at":"2022-07-13T10:30:41.555Z","dependency_job_id":"6f531262-e575-4818-ab5a-0be2c31d5dae","html_url":"https://github.com/binarly-io/fwhunt-scan","commit_stats":null,"previous_names":["binarly-io/uefi_r2"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/binarly-io/fwhunt-scan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binarly-io%2Ffwhunt-scan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binarly-io%2Ffwhunt-scan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binarly-io%2Ffwhunt-scan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binarly-io%2Ffwhunt-scan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/binarly-io","download_url":"https://codeload.github.com/binarly-io/fwhunt-scan/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/binarly-io%2Ffwhunt-scan/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30056056,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-03T18:21:05.932Z","status":"ssl_error","status_checked_at":"2026-03-03T18:20:59.341Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["efi-guid","efi-protocols","radare2","reverse-engineering","uefi","uefi-firmware","uefi-firmware-analysis"],"created_at":"2024-08-04T00:00:39.458Z","updated_at":"2026-03-03T19:12:20.321Z","avatar_url":"https://github.com/binarly-io.png","language":"Python","funding_links":[],"categories":["Tools :hammer:","***BIOS UEFI***","Firmware Security","Python"],"sub_categories":["***Tools***","Static Analysis Tools"],"readme":"[![License: GPL v3](https://img.shields.io/badge/License-GPL%20v3-blue.svg)](http://www.gnu.org/licenses/gpl-3.0)\n[![fwhunt-scan CI](https://github.com/binarly-io/fwhunt-scan/actions/workflows/ci.yml/badge.svg)](https://github.com/binarly-io/fwhunt-scan/actions)\n[![fwhunt-scan pypi](https://img.shields.io/pypi/v/fwhunt-scan.svg)](https://pypi.org/project/fwhunt-scan)\n\n\u003cp align=\"center\"\u003e\n  \u003cimg alt=\"fwhunt Logo\" src=\"https://raw.githubusercontent.com/binarly-io/fwhunt-scan/master/pics/fwhunt_logo.png\" width=\"35%\"\u003e\n\u003c/p\u003e\n\n# FwHunt Community Scanner\n\nTools for analyzing UEFI firmware and checking UEFI modules with [FwHunt rules](https://github.com/binarly-io/fwhunt).\n\n# Dependencies\n\nrizin (v0.6.2)\n\n# Installation\n\nInstall with `pip` (tested on `python3.6` and above):\n\n```\n$ python -m pip install fwhunt-scan\n```\n\nInstall manually:\n\n```\n$ git clone https://github.com/binarly-io/fwhunt-scan.git \u0026\u0026 cd fwhunt-scan\n$ python setup.py install\n```\n\n# Example\n\n### With script\n\nAnalyze/scan separate module:\n\n```\n$ python3 fwhunt_scan_analyzer.py analyze-module {image_path} -o out.json\n$ python3 fwhunt_scan_analyzer.py scan-module --rule {rule_path} {image_path}\n```\n\nScan the entire firmware image:\n\n```\n$ python3 fwhunt_scan_analyzer.py scan-firmware -r rules/BRLY-2021-001.yml -r rules/BRLY-2021-004.yml -r rules/RsbStuffingCheck.yml test/fw.bin\n```\n\n### With docker\n\nTo avoid installing dependencies, you can use the docker image.\n\nYou can build a docker image locally as follows:\n\n```\ndocker build -t fwhunt_scan .\n```\n\nOr pull the latest image from [ghcr](https://github.com/binarly-io/fwhunt-scan/pkgs/container/fwhunt-scan).\n\nExample of use:\n\n```\ndocker run --rm -it -v {module_path}:/tmp/image:ro \\\n  fwhunt_scan analyze-module /tmp/image # to analyze EFI module\n\ndocker run --rm -it -v {module_path}:/tmp/image:ro -v {rule_path}:/tmp/rule.yml:ro \\\n  fwhunt_scan scan-module /tmp/image -r /tmp/rule.yml # to scan EFI module with specified FwHunt rule\n\ndocker run --rm -it -v {module_path}:/tmp/image:ro -v {rule_path}:/tmp/rule.yml:ro \\\n  fwhunt_scan scan-firmware /tmp/image -r /tmp/rule.yml # to scan firmware image with specified FwHunt rule\n\ndocker run --rm -it -v {module_path}:/tmp/image:ro -v {rules_directory}:/tmp/rules:ro \\\n  fwhunt_scan scan-firmware /tmp/image --rules_dir /tmp/rules # to scan firmware image with specified rules directory\n```\n\nAll these steps are automated in the `fwhunt_scan_docker.py` script:\n\n```\npython3 fwhunt_scan_docker.py analyze-module {module_path} # to analyze EFI module\n\npython3 fwhunt_scan_docker.py scan-module -r {rule_path} {module_path} # to scan EFI module with specified FwHunt rule\n\npython3 fwhunt_scan_docker.py scan-firmware -r {rule_path} {firmware_path} # to scan firmware image with specified FwHunt rule\n\npython3 fwhunt_scan_docker.py scan-firmware --rules_dir {rules_directory} {firmware_path} # to scan firmware image with specified rules directory\n```\n\n### From code\n\n#### UefiAnalyzer\n\nBasic usage examples:\n\n```python\nfrom fwhunt_scan import UefiAnalyzer\n\n...\nuefi_analyzer = UefiAnalyzer(image_path=module_path)\nprint(uefi_analyzer.get_summary())\nuefi_analyzer.close()\n```\n\n```python\nfrom fwhunt_scan import UefiAnalyzer\n\n...\nwith UefiAnalyzer(image_path=module_path) as uefi_analyzer:\n    print(uefi_analyzer.get_summary())\n```\n\nOn Linux platforms, you can pass blob for analysis instead of file:\n\n```python\nfrom fwhunt_scan import UefiAnalyzer\n\n...\nwith UefiAnalyzer(blob=data) as uefi_analyzer:\n    print(uefi_analyzer.get_summary())\n```\n\n#### UefiScanner\n\n```python\nfrom fwhunt_scan import UefiAnalyzer, UefiRule, UefiScanner\n\n...\nuefi_analyzer = UefiAnalyzer(module_path)\n\n# rule1 and rule2 - contents of the rules on YAML format\nuefi_rules = [UefiRule(rule1), UefiRule(rule2)]\n\nscanner = UefiScanner(uefi_analyzer, uefi_rules)\nresult = scanner.result\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinarly-io%2Ffwhunt-scan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbinarly-io%2Ffwhunt-scan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbinarly-io%2Ffwhunt-scan/lists"}