https://github.com/e-m-b-a/emba

EMBA - The firmware security analyzer
https://github.com/e-m-b-a/emba

artificial-intelligence binary-analysis embedded-linux embedded-systems firmware firmware-analysis firmware-tools hacking infosec iot linux penetration-testing pentesting reverse-engineering sbom security security-tools static-analyzer vulnerability-scanner vulnerability-scanners

Last synced: 3 days ago
JSON representation

EMBA - The firmware security analyzer

• Host: GitHub
• URL: https://github.com/e-m-b-a/emba
• Owner: e-m-b-a
• License: gpl-3.0
• Created: 2020-08-25T07:59:12.000Z (over 4 years ago)
• Default Branch: master
• Last Pushed: 2024-10-27T08:29:03.000Z (3 months ago)
• Last Synced: 2024-10-29T15:34:27.827Z (3 months ago)
• Topics: artificial-intelligence, binary-analysis, embedded-linux, embedded-systems, firmware, firmware-analysis, firmware-tools, hacking, infosec, iot, linux, penetration-testing, pentesting, reverse-engineering, sbom, security, security-tools, static-analyzer, vulnerability-scanner, vulnerability-scanners
• Language: Shell
• Homepage: https://www.securefirmware.de
• Size: 21.5 MB
• Stars: 2,666
• Watchers: 44
• Forks: 232
• Open Issues: 10
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

• awesome-iot-security-resource - emba
• awesome-embedded-and-iot-security - emba - Analyze Linux-based firmware of embedded devices. (Software Tools / Analysis Tools)
• awesome-rainmana - e-m-b-a/emba - EMBA - The firmware security analyzer (Shell)
• awesome-hacking-lists - e-m-b-a/emba - EMBA - The firmware security analyzer (Shell)
• awesome-security-vul-llm - e-m-b-a/emba - m-b-a/emba?style=flat-square) - EMBA是一款开源的安全扫描器，能够对嵌入式设备的固件进行静态和动态分析，识别弱点和漏洞。它生成Web报告以供进一步分析，并具有系统仿真和AI辅助分析选项。 (LLM分析过程)

README

        




  





  

  

  

  

  

  

  

  



# EMBA

## The security analyzer for firmware of embedded devices

*EMBA* is designed as the central firmware analysis and SBOM tool for penetration testers, product security teams, developers and responsible product managers. It supports the complete security analysis process starting with *firmware extraction*, doing *static analysis* and *dynamic analysis* via emulation, building the SBOM and finally generating a web based vulnerability report. *EMBA* automatically discovers possible weak spots and vulnerabilities in firmware. Examples are insecure binaries, old and outdated software components, potentially vulnerable scripts, or hard-coded passwords. *EMBA* is a command line tool with the possibility to generate an easy-to-use web report for further analysis.

*EMBA* assists the penetration testers, product security teams and developers in the identification of weak spots and vulnerabilities in the firmware image. *EMBA* provides as much information as possible about the firmware, that the tester can decide on focus areas and is responsible for verifying and interpreting the results.

[![Watch EMBA](https://raw.githubusercontent.com/wiki/e-m-b-a/emba/images/youtube-emba.png)](https://youtu.be/_dvdy3klFFY "Watch EMBA")

----------------------

#### Links to the wiki for more detailed information

- [Home](https://github.com/e-m-b-a/emba/wiki)

- [Feature overview](https://github.com/e-m-b-a/emba/wiki/Feature-overview)

- [Installation](https://github.com/e-m-b-a/emba/wiki/Installation)

- [Usage](https://github.com/e-m-b-a/emba/wiki/Usage)

- [FAQ](https://github.com/e-m-b-a/emba/wiki/FAQ)

## Installation

Before running *EMBA* make sure, that you have [installed](https://github.com/e-m-b-a/emba/wiki/Installation) all dependencies with the installation script and met the [prerequisites](https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites)

```console

git clone https://github.com/e-m-b-a/emba.git

cd emba

sudo ./installer.sh -d

```

## Quick start with default scan profile:

```console

sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-scan.emba

```

## Quick start with default SBOM profile:

For further details on EMBA's SBOM capabilities check the [wiki](https://github.com/e-m-b-a/emba/wiki/SBOM-environment)

```console

sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-sbom.emba

```

## Quick start with system-emulation scan profile:

For further details on EMBA's system-emulation engine check the [wiki](https://github.com/e-m-b-a/emba/wiki/System-emulation).

```console

sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-scan-emulation.emba

```

---

*EMBA* supports multiple testing and reporting [options](https://github.com/e-m-b-a/emba/wiki/Usage#arguments). For more details check the [wiki](https://github.com/e-m-b-a/emba/wiki/Usage).

## Get involved

The IoT is growing, the development is ongoing, and there are many new features that we want to add.

We welcome [pull requests](https://github.com/e-m-b-a/emba/pulls) and [issues](https://github.com/e-m-b-a/emba/issues) on GitHub. Also check the [CONTRIBUTING](./CONTRIBUTING.md) and [CONTRIBUTORS](./CONTRIBUTORS.md) documentation for further details on how to get part of the _EMBA_ commmunity.

## Team

[The core EMBA Team](https://github.com/orgs/e-m-b-a/people)

[Contributors](https://github.com/e-m-b-a/emba/blob/master/CONTRIBUTORS.md)