https://github.com/e-m-b-a/emba
EMBA - The firmware security analyzer
https://github.com/e-m-b-a/emba
artificial-intelligence binary-analysis embedded-linux embedded-systems firmware firmware-analysis firmware-tools hacking infosec iot linux penetration-testing pentesting reverse-engineering sbom security security-tools static-analyzer vulnerability-scanner vulnerability-scanners
Last synced: about 1 year ago
JSON representation
EMBA - The firmware security analyzer
- Host: GitHub
- URL: https://github.com/e-m-b-a/emba
- Owner: e-m-b-a
- License: gpl-3.0
- Created: 2020-08-25T07:59:12.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-10-27T08:29:03.000Z (over 1 year ago)
- Last Synced: 2024-10-29T15:34:27.827Z (over 1 year ago)
- Topics: artificial-intelligence, binary-analysis, embedded-linux, embedded-systems, firmware, firmware-analysis, firmware-tools, hacking, infosec, iot, linux, penetration-testing, pentesting, reverse-engineering, sbom, security, security-tools, static-analyzer, vulnerability-scanner, vulnerability-scanners
- Language: Shell
- Homepage: https://www.securefirmware.de
- Size: 21.5 MB
- Stars: 2,666
- Watchers: 44
- Forks: 232
- Open Issues: 10
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
- awesome-iot-security-resource - emba
- awesome-iot-and-hardware-security - EMBA The security analyzer for firmware of embedded devices - EMBA is designed as the central firmware analysis tool for penetration testers and product security teams. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation and finally generating a web report (Testing Tools / Firmware Analysis and Exploit Frameworks)
- awesome-security-vul-llm - e-m-b-a/emba - m-b-a/emba?style=flat-square) - EMBA是一款开源的安全扫描器,能够对嵌入式设备的固件进行静态和动态分析,识别弱点和漏洞。它生成Web报告以供进一步分析,并具有系统仿真和AI辅助分析选项。 (LLM分析过程)
- awesome-hacking-lists - e-m-b-a/emba - EMBA - The firmware security analyzer (Shell)
- awesome-csirt - EMBA
- awesome-software-supply-chain-security - e-m-b-a/emba: Security analyzer for firmware of embedded devices, supporting static and dynamic analysis via emulation, SBOM generation, and vulnerability reporting
- awesome-drone-hacking - emba - Analyze Linux-based firmware of embedded devices. (💽 Autopilot Firmware / Firmware Analysis)
- awesome-embedded-and-iot-security - emba - Analyze Linux-based firmware of embedded devices. (Software Tools / Analysis Tools)
- awesome-rainmana - e-m-b-a/emba - EMBA - The firmware security analyzer (Shell)
- awesome-embedded-security - emba - Efficient malware analysis framework for embedded firmware with scanning and reporting. (Software Tools / Firmware Malware Analysis)
README
# EMBA
## The security analyzer for firmware of embedded devices
*EMBA* is designed as the central firmware analysis and SBOM tool for penetration testers, product security teams, developers and responsible product managers. It supports the complete security analysis process starting with *firmware extraction*, doing *static analysis* and *dynamic analysis* via emulation, building the SBOM and finally generating a web based vulnerability report. *EMBA* automatically discovers possible weak spots and vulnerabilities in firmware. Examples are insecure binaries, old and outdated software components, potentially vulnerable scripts, or hard-coded passwords. *EMBA* is a command line tool with the possibility to generate an easy-to-use web report for further analysis.
*EMBA* assists the penetration testers, product security teams and developers in the identification of weak spots and vulnerabilities in the firmware image. *EMBA* provides as much information as possible about the firmware, that the tester can decide on focus areas and is responsible for verifying and interpreting the results.
[](https://youtu.be/_dvdy3klFFY "Watch EMBA")
----------------------
#### Links to the wiki for more detailed information
- [Home](https://github.com/e-m-b-a/emba/wiki)
- [Feature overview](https://github.com/e-m-b-a/emba/wiki/Feature-overview)
- [Installation](https://github.com/e-m-b-a/emba/wiki/Installation)
- [Usage](https://github.com/e-m-b-a/emba/wiki/Usage)
- [FAQ](https://github.com/e-m-b-a/emba/wiki/FAQ)
## Installation
Before running *EMBA* make sure, that you have [installed](https://github.com/e-m-b-a/emba/wiki/Installation) all dependencies with the installation script and met the [prerequisites](https://github.com/e-m-b-a/emba/wiki/Installation#prerequisites)
```console
git clone https://github.com/e-m-b-a/emba.git
cd emba
sudo ./installer.sh -d
```
## Quick start with default scan profile:
```console
sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-scan.emba
```
## Quick start with default SBOM profile:
For further details on EMBA's SBOM capabilities check the [wiki](https://github.com/e-m-b-a/emba/wiki/SBOM-environment)
```console
sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-sbom.emba
```
## Quick start with system-emulation scan profile:
For further details on EMBA's system-emulation engine check the [wiki](https://github.com/e-m-b-a/emba/wiki/System-emulation).
```console
sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/default-scan-emulation.emba
```
---
*EMBA* supports multiple testing and reporting [options](https://github.com/e-m-b-a/emba/wiki/Usage#arguments). For more details check the [wiki](https://github.com/e-m-b-a/emba/wiki/Usage).
## Get involved
The IoT is growing, the development is ongoing, and there are many new features that we want to add.
We welcome [pull requests](https://github.com/e-m-b-a/emba/pulls) and [issues](https://github.com/e-m-b-a/emba/issues) on GitHub. Also check the [CONTRIBUTING](./CONTRIBUTING.md) and [CONTRIBUTORS](./CONTRIBUTORS.md) documentation for further details on how to get part of the _EMBA_ commmunity.
## Team
[The core EMBA Team](https://github.com/orgs/e-m-b-a/people)
[Contributors](https://github.com/e-m-b-a/emba/blob/master/CONTRIBUTORS.md)