Restart emulation improvements

helpers/helpers_emba_system_emulation.sh

@@ -19,7 +19,7 @@ restart_emulation() {
   local IMAGE_NAME_="${2:-}"
   # restart_scan is used to indicate a restarted scan. For this we do not need to restart the network
   local RESTART_SCAN="${3:-0}"
-  local STATE_CHECK="${4:-"PING"}"
+  local STATE_CHECK_MECHANISM="${4:-"PING"}"
 
   if ping -c 1 "$IP_ADDRESS_" &> /dev/null; then
     print_output "[+] System with $ORANGE$IP_ADDRESS_$GREEN responding again - probably it recovered automatically.$NC"
@@ -44,63 +44,97 @@ restart_emulation() {
   ./run.sh &
   cd "$HOME_PATH" || (print_output "[-] EMBA path not available?")
 
-  if [[ "$STATE_CHECK" == "PING" ]]; then
-    ping_check "${IP_ADDRESS_}"
-  elif [[ "$STATE_CHECK" == "HPING" ]]; then
-    hping_check "${IP_ADDRESS_}"
-  elif [[ "$STATE_CHECK" == "TCP" ]]; then
+  if [[ "$STATE_CHECK_MECHANISM" == "PING" ]]; then
+    ping_check "${IP_ADDRESS_}" 1
+    return "$?"
+  elif [[ "$STATE_CHECK_MECHANISM" == "HPING" ]]; then
+    hping_check "${IP_ADDRESS_}" 1
+    return "$?"
+  elif [[ "$STATE_CHECK_MECHANISM" == "TCP" ]]; then
     # local PORT=80
-    print_output "[-] Check currently not implemented!"
+    print_output "[-] Check currently not implemented!" "no_log"
     # tcp_check "${IP_ADDRESS_}" "${PORT}"
   fi
+  return 0
 }
 
-ping_check() {
+system_online_check() {
   local IP_ADDRESS_="${1:-}"
+
+  if [[ "$STATE_CHECK_MECHANISM" == "PING" ]]; then
+    ping_check "${IP_ADDRESS_}" 0
+    return "$?"
+  elif [[ "$STATE_CHECK_MECHANISM" == "HPING" ]]; then
+    hping_check "${IP_ADDRESS_}" 0
+    return "$?"
+  elif [[ "$STATE_CHECK_MECHANISM" == "TCP" ]]; then
+    # local PORT=80
+    print_output "[-] Check currently not implemented ... we do a hping check" "no_log"
+    # tcp_check "${IP_ADDRESS_}" "${PORT}"
+    hping_check "${IP_ADDRESS_}" 0
+    return "$?"
+  fi
+}
+
+hping_check() {
+  local IP_ADDRESS_="${1:-}"
+  # print details or do it silent
+  local PRINT_OUTPUT="${2:-1}"
   local COUNTER=0
+  # RESTARTER is used to indicate a non reachable system for another wait period after the system is recovered
+  local RESTARTER=0
 
   while ! [[ "$(hping3 -n -c 1 "$IP_ADDRESS_" 2> /dev/null | grep -c "^len=")" -gt 0 ]]; do
-    print_output "[*] Waiting for restarted system ..."
+    RESTARTER=1
+    [[ "${PRINT_OUTPUT}" -eq 1 ]] && print_output "[*] Waiting for restarted system ... hping mode" "no_log"
     ((COUNTER+=1))
     if [[ "$COUNTER" -gt 50 ]]; then
-      print_output "[-] System not recovered"
+      [[ "${PRINT_OUTPUT}" -eq 1 ]] && print_output "[-] System not recovered" "no_log"
       break
     fi
     sleep 6
   done
 
   if [[ "$(hping3 -n -c 1 "$IP_ADDRESS_" 2>/dev/null | grep -c "^len=")" -gt 0 ]]; then
-    print_output "[*] System automatically maintained and should be available again in a few moments ... check ip address $ORANGE$IP_ADDRESS_$NC"
-    sleep 60
+    [[ "${PRINT_OUTPUT}" -eq 1 || "${RESTARTER}" -eq 1 ]] && print_output "[*] System automatically maintained and should be available again in a few moments ... check ip address $ORANGE$IP_ADDRESS_$NC" "no_log"
+    [[ "$RESTARTER" -eq 1 ]] && sleep 60
     export SYS_ONLINE=1
     export TCP="ok"
+    return 0
   else
     export SYS_ONLINE=0
     export TCP="not ok"
+    return 1
   fi
 }
 
-hping_check() {
+ping_check() {
   local IP_ADDRESS_="${1:-}"
+  # print details or do it silent
+  local PRINT_OUTPUT="${2:-1}"
   local COUNTER=0
+  local RESTARTER=0
 
   while ! ping -c 1 "$IP_ADDRESS_" &> /dev/null; do
-    print_output "[*] Waiting for restarted system ..."
+    RESTARTER=1
+    [[ "${PRINT_OUTPUT}" -eq 1 ]] && print_output "[*] Waiting for restarted system ..." "no_log"
     ((COUNTER+=1))
     if [[ "$COUNTER" -gt 50 ]]; then
-      print_output "[-] System not recovered"
+      [[ "${PRINT_OUTPUT}" -eq 1 ]] && print_output "[-] System not recovered" "no_log"
       break
     fi
     sleep 6
   done
 
   if ping -c 1 "$IP_ADDRESS_" &> /dev/null; then
-    print_output "[*] System automatically maintained and should be available again in a few moments ... check ip address $ORANGE$IP_ADDRESS_$NC"
-    sleep 60
+    [[ "${PRINT_OUTPUT}" -eq 1 || "${RESTARTER}" -eq 1 ]] && print_output "[*] System automatically maintained and should be available again in a few moments ... check ip address $ORANGE$IP_ADDRESS_$NC" "no_log"
+    [[ "$RESTARTER" -eq 1 ]] && sleep 60
     export SYS_ONLINE=1
     export TCP="ok"
+    return 0
   else
     export SYS_ONLINE=0
     export TCP="not ok"
+    return 1
   fi
 }

helpers/trickest_db_update.sh

@@ -68,8 +68,8 @@ if [[ -d "$EMBA_EXT_DIR"/trickest-cve ]]; then
         echo "$TRICKEST_FS:$TRICKEST_URL" >> "$TRICKEST_DB_PATH"
       fi
     done < /tmp/trickest_db-cleaned.txt
-  else
-    exit 1
+  # else
+  #  exit 1
   fi
 
   if [[ -f "$TRICKEST_DB_PATH" ]]; then

modules/F20_vul_aggregator.sh

@@ -1181,10 +1181,11 @@ get_systemmode_webchecks() {
   local L25_LOG="${1:-}"
   export VERSIONS_SYS_EMULATOR_WEB=()
 
-  if [[ -f "$L25_LOG" ]]; then
-    print_output "[*] Collect version details of module $(basename "$L25_LOG")."
-    readarray -t VERSIONS_SYS_EMULATOR_WEB < <(cut -d\; -f4 "$L25_LOG" | grep -v "csv_rule" | sort -u || true)
-  fi
+  # disabled for now
+  # if [[ -f "$L25_LOG" ]]; then
+  #  print_output "[*] Collect version details of module $(basename "$L25_LOG")."
+  #  readarray -t VERSIONS_SYS_EMULATOR_WEB < <(cut -d\; -f4 "$L25_LOG" | grep -v "csv_rule" | sort -u || true)
+  # fi
 }
 
 get_msf_verified() {

modules/L10_system_emulation.sh

@@ -32,6 +32,7 @@ L10_system_emulation() {
   export TCP=""
   local MODULE_END=0
   local UNSUPPORTED_ARCH=0
+  export STATE_CHECK_MECHANISM="PING"
 
   if [[ "$FULL_EMULATION" -eq 1 && "$RTOS" -eq 0 ]]; then
     pre_module_reporter "${FUNCNAME[0]}"
@@ -57,19 +58,30 @@ L10_system_emulation() {
         export IP_ADDRESS_=""
         export IMAGE_NAME=""
         export ARCHIVE_PATH=""
+        export HOSTNETDEV_0=""
+        local EMULATION_ENTRY=""
 
+        EMULATION_ENTRY="$(grep "TCP ok" "$LOG_DIR"/emulator_online_results.log | sort -k 7 -t ';' | tail -1)"
         IP_ADDRESS_=$(grep "TCP ok" "$LOG_DIR"/emulator_online_results.log | sort -k 7 -t ';' | tail -1 | cut -d\; -f8 | awk '{print $3}')
         IMAGE_NAME="$(grep "TCP ok" "$LOG_DIR"/emulator_online_results.log | sort -k 7 -t ';' | tail -1 | cut -d\; -f10)"
         ARCHIVE_PATH="$OLD_LOG_DIR""/""$IMAGE_NAME"
+
         print_output "[*] Recovered IP address: $ORANGE$IP_ADDRESS_$NC"
         print_output "[*] Recovered IMAGE_NAME: $ORANGE$IMAGE_NAME$NC"
         print_output "[*] Recovered ARCHIVE_PATH: $ORANGE$ARCHIVE_PATH$NC"
 
         if [[ -v ARCHIVE_PATH ]] && [[ -f "$ARCHIVE_PATH"/run.sh ]]; then
           print_output "[+] Startup script (run.sh) found in old logs ... restarting emulation process now"
+          HOSTNETDEV_0=$(grep "ip link set.*up" "$ARCHIVE_PATH"/run.sh | awk '{print $4}' | sort -u)
 
-          restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME" 1
+          if [[ "${EMULATION_ENTRY}" == *"ICMP not ok"* ]]; then
+            print_output "[*] Testing system recovery with hping instead of ping" "no_log"
+            STATE_CHECK_MECHANISM="HPING"
+          fi
           # we should get TCP="ok" and SYS_ONLINE=1 back
+          if ! restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME" 1 "${STATE_CHECK_MECHANISM}"; then
+            print_output "[-] System recovery went wrong. No further analysis possible" "no_log"
+          fi
         else
           print_output "[-] No archive path found in old logs ... restarting emulation process not possible"
         fi
@@ -78,7 +90,7 @@ L10_system_emulation() {
       if [[ "$SYS_ONLINE" -ne 1 ]] && [[ "$TCP" != "ok" ]]; then
         for R_PATH in "${ROOT_PATH[@]}" ; do
           print_output "[*] Testing root path ($ORANGE$R_PATH_CNT$NC/$ORANGE${#ROOT_PATH[@]}$NC): $ORANGE$R_PATH$NC"
-          write_link "p59"
+          [[ -f "$LOG_DIR"/p55_unblob_extractor.txt ]] && write_link "p55"
 
           if [[ -n "$D_END" ]]; then
             TAPDEV_0="tap0_0"
@@ -94,7 +106,7 @@ L10_system_emulation() {
 
             if [[ "$ARCH_END" == "armbe"* ]] || [[ "$ARCH_END" == "mips64r2"* ]] || [[ "$ARCH_END" == "mips64_3"* ]]; then
               print_output "[-] Found NOT supported architecture $ORANGE$ARCH_END$NC"
-              write_link "p99"
+              [[ -f "$LOG_DIR"/p99_prepare_analyzer.txt ]] && write_link "p99"
               print_output "[-] Please open a new issue here: https://github.com/e-m-b-a/emba/issues"
               UNSUPPORTED_ARCH=1
               return
@@ -137,6 +149,7 @@ L10_system_emulation() {
     if [[ $(grep -c "TCP ok" "$LOG_DIR"/emulator_online_results.log || true) -gt 0 ]]; then
       print_ln
       print_output "[+] Identified the following system emulation results (with running network services):"
+      export HOSTNETDEV_0=""
       local SYS_EMUL_POS_ENTRY=""
       SYS_EMUL_POS_ENTRY="$(grep "TCP ok" "$LOG_DIR"/emulator_online_results.log | sort -t ';' -k7 -n -r | head -1 || true)"
       print_output "$(indent "$(orange "$SYS_EMUL_POS_ENTRY")")"
@@ -145,25 +158,24 @@ L10_system_emulation() {
       IMAGE_NAME="$(echo "$SYS_EMUL_POS_ENTRY" | grep "TCP ok" | sort -k 7 -t ';' | tail -1 | cut -d\; -f10)"
       ARCHIVE_PATH="$LOG_PATH_MODULE""/""$IMAGE_NAME"
       print_ln
-      print_output "[*] Identified IP address: $ORANGE$IP_ADDRESS_$NC"
-      print_output "[*] Identified IMAGE_NAME: $ORANGE$IMAGE_NAME$NC"
-      print_output "[*] Identified ARCHIVE_PATH: $ORANGE$ARCHIVE_PATH$NC"
+      print_output "[*] Identified IP address: $ORANGE$IP_ADDRESS_$NC" "no_log"
+      print_output "[*] Identified IMAGE_NAME: $ORANGE$IMAGE_NAME$NC" "no_log"
+      print_output "[*] Identified ARCHIVE_PATH: $ORANGE$ARCHIVE_PATH$NC" "no_log"
 
       if [[ -v ARCHIVE_PATH ]] && [[ -f "$ARCHIVE_PATH"/run.sh ]]; then
-        print_output "[+] Identified emulation startup script (run.sh) in ARCHIVE_PATH ... starting emulation process for further analysis"
+        print_output "[+] Identified emulation startup script (run.sh) in ARCHIVE_PATH ... starting emulation process for further analysis" "no_log"
         print_ln
-        if grep -q "ICMP not ok" "$LOG_DIR"/emulator_online_results.log; then
-          restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME" 1 "HPING"
-        else
-          restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME" 1 "PING"
+        HOSTNETDEV_0=$(grep "ip link set.*up" "$ARCHIVE_PATH"/run.sh | awk '{print $4}' | sort -u)
+        if [[ "${SYS_EMUL_POS_ENTRY}" == *"ICMP not ok"* ]]; then
+          print_output "[*] Testing system recovery with hping instead of ping" "no_log"
+          STATE_CHECK_MECHANISM="HPING"
         fi
-
         # we should get TCP="ok" and SYS_ONLINE=1 back
-        if [[ "$SYS_ONLINE" -ne 1 ]]; then
-          print_output "[-] System recovery went wrong. No further analysis possible"
+        if ! restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME" 1 "${STATE_CHECK_MECHANISM}"; then
+          print_output "[-] System recovery went wrong. No further analysis possible" "no_log"
         fi
       else
-        print_output "[-] ${ORANGE}WARNING:$NC No archive path found in logs ... restarting emulation process for further analysis not possible"
+        print_output "[-] ${ORANGE}WARNING:$NC No archive path found in logs ... restarting emulation process for further analysis not possible" "no_log"
       fi
     fi
    fi
@@ -1617,7 +1629,7 @@ write_network_config_to_filesystem() {
         [[ "${FILE_PATH_MISSING}" == *"/proc/"* ]] && continue
         [[ "${FILE_PATH_MISSING}" == *"/sys/"* ]] && continue
         [[ "${FILE_PATH_MISSING}" == *"/dev/"* ]] && continue
-        print_output "[!] MISSING_FILE: ${FILE_PATH_MISSING}"
+        [[ "${FILE_PATH_MISSING}" == *"reboot"* ]] && continue
 
         FILENAME_MISSING=$(basename "${FILE_PATH_MISSING}")
         [[ "${FILENAME_MISSING}" == '*' ]] && continue

modules/L15_emulated_checks_nmap.sh

@@ -69,9 +69,8 @@ check_live_nmap_basic() {
     done
   else
     # if no Nmap results are found we initiate a scan
-    if ! ping -c 1 "$IP_ADDRESS_" &> /dev/null; then
-      restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME"
-      if ! ping -c 1 "$IP_ADDRESS_" &> /dev/null; then
+    if ! system_online_check "${IP_ADDRESS_}" ; then
+      if ! restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME" 1 "${STATE_CHECK_MECHANISM}"; then
         print_output "[-] System not responding - Not performing Nmap checks"
         return
       fi

modules/L20_snmp_checks.sh

@@ -30,16 +30,19 @@ L20_snmp_checks() {
     fi
 
     if [[ -v IP_ADDRESS_ ]]; then
-      if ! ping -c 2 "$IP_ADDRESS_" &> /dev/null; then
-        restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME"
-        if ! ping -c 2 "$IP_ADDRESS_" &> /dev/null; then
+      if ! system_online_check "${IP_ADDRESS_}" ; then
+        if ! restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME" 1 "${STATE_CHECK_MECHANISM}"; then
           print_output "[-] System not responding - Not performing SNMP checks"
           module_end_log "${FUNCNAME[0]}" "$SNMP_UP"
           return
         fi
       fi
-      check_basic_snmp "$IP_ADDRESS_"
-      check_snmp_vulns "$IP_ADDRESS_"
+      if [[ "${NMAP_PORTS_SERVICES[*]}" == *"snmp"* ]]; then
+        check_basic_snmp "$IP_ADDRESS_"
+        check_snmp_vulns "$IP_ADDRESS_"
+      else
+        print_output "[*] No SNMP services detected"
+      fi
     else
       print_output "[!] No IP address found"
     fi

modules/L22_upnp_hnap_checks.sh

@@ -31,9 +31,8 @@ L22_upnp_hnap_checks() {
     fi
 
     if [[ -v IP_ADDRESS_ ]]; then
-      if ! ping -c 2 "$IP_ADDRESS_" &> /dev/null; then
-        restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME"
-        if ! ping -c 2 "$IP_ADDRESS_" &> /dev/null; then
+      if ! system_online_check "${IP_ADDRESS_}"; then
+        if ! restart_emulation "$IP_ADDRESS_" "$IMAGE_NAME" 1 "${STATE_CHECK_MECHANISM}"; then
           print_output "[-] System not responding - Not performing UPnP/HNAP checks"
           module_end_log "${FUNCNAME[0]}" "$UPNP_UP"
           return
@@ -61,7 +60,7 @@ check_basic_upnp() {
   sub_module_title "UPnP enumeration for emulated system with IP $ORANGE$IP_ADDRESS_$NC"
 
   if command -v upnpc > /dev/null; then
-    print_output "[*] UPnP scan with upnpc"
+    print_output "[*] UPnP scan with upnpc on interface $ORANGE$INTERFACE$NC"
     upnpc -m "$INTERFACE" -P >> "$LOG_PATH_MODULE"/upnp-discovery-check.txt || true
     if [[ -f "$LOG_PATH_MODULE"/upnp-discovery-check.txt ]]; then
       print_ln
@@ -124,7 +123,8 @@ check_basic_hnap() {
 
       if [[ -f "$LOG_PATH_MODULE"/hnap-discovery-check.txt ]]; then
         print_ln
-        tee -a "$LOG_FILE" < "$LOG_PATH_MODULE"/hnap-discovery-check.txt
+        # tee -a "$LOG_FILE" < "$LOG_PATH_MODULE"/hnap-discovery-check.txt
+        sed 's/></>\n</g' "$LOG_PATH_MODULE"/hnap-discovery-check.txt | tee -a "$LOG_FILE"
         print_ln
 
         HNAP_UP=$(grep -c "HNAP1" "$LOG_PATH_MODULE"/hnap-discovery-check.txt || true)