Awesome Open Source
Awesome Open Source

EMBA

The security analyzer for embedded device firmware

EMBA is designed as the central firmware analysis tool for penetration testers. It supports the complete security analysis process starting with the firmware extraction process, doing static analysis and dynamic analysis via emulation and finally generating a report. EMBA automatically discovers possible weak spots and vulnerabilities in firmware. Examples are insecure binaries, old and outdated software components, potentially vulnerable scripts or hard-coded passwords. EMBA is a command line tool with the option to generate an easy to use web report for further analysis.

EMBA combines multiple established analysis tools and can be started with one simple command. Afterwards it tests the firmware for possible security risks and interesting areas for further investigation. No manual installation of all helpers, once the integrated installation script has been executed, you are ready to test your firmware.

EMBA is designed to assist penetration testers and not as a standalone tool without human interaction. EMBA should provide as much information as possible about the firmware, that the tester can decide on focus areas and is responsible for verifying and interpreting the results.

Watch EMBA


Links to the wiki for more detailed information

Installation

Before running EMBA make sure, that you have installed all dependencies with the installation script and met the prerequisites

git clone https://github.com/e-m-b-a/emba.git
cd emba
sudo ./installer.sh -d

Usage


Classic (Docker mode):

sudo ./emba.sh -l ./log -f /firmware

Profile support:

sudo ./emba.sh -l ./log -f /firmware -p ./scan-profiles/default-scan.emba


Developer mode (WARNING: EMBA runs on your host and could harm your host!):

./emba.sh -l ./log -f ./firmware -D

WARNING: Before using the developer mode you need a full installation of emba with sudo ./installer.sh -F. This installation mode needs more than 14gig of disk space.


EMBA supports multiple testing and reporting options. For more details check the wiki.

Get involved

The IoT is growing, the development is ongoing, and there are many new features that we want to add. We welcome pull requests and issues on GitHub.


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
Shell (229,479
Linux (17,091
Security (9,030
Iot (5,835
Hacking (2,469
Reverse Engineering (2,055
Security Tools (1,759
Pentesting (1,388
Firmware (1,002
Penetration Testing (843
Infosec (765
Embedded Systems (749
Vulnerability Scanners (348
Security Automation (230
Security Scanner (229
Binary Analysis (161
Embedded Linux (117
Static Analyzer (91
Firmware Tools (39
Firmware Analysis (19
Related Projects