Nester420/Firmware_Hunter_Pro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Advanced offline firmware triage and analysis tool for routers, IoT devices, DVRs, IP cameras, and embedded Linux firmware.
9 Commits 1 Branch 0 Tags 61 KiB
Python 100%
main
Go to file
Nester420 9c75d2e71c Update README.md
2026-06-05 03:09:57 +00:00
.gitignore Initial commit 2026-05-20 17:14:16 -07:00
firmware_hunter_pro_v4.py Add files via upload 2026-05-20 18:26:13 -07:00
LICENSE Initial commit 2026-05-20 17:14:16 -07:00
README.md Update README.md 2026-06-05 03:09:57 +00:00

README.md

Firmware Hunter Pro

Firmware Hunter Pro is an offline firmware analysis and triage tool designed for embedded Linux devices such as:

  • Routers
  • IP cameras
  • DVRs
  • Smart home devices
  • IoT hardware
  • Other Linux-based embedded systems

The tool scans extracted firmware filesystems or raw firmware images and generates reports to help identify:

  • Hardcoded credentials
  • Sensitive files
  • Embedded web interfaces
  • Interesting binaries
  • Suspicious strings
  • Possible malware indicators
  • Component versions
  • Potential attack surfaces

Firmware Hunter Pro is intended for:

  • Firmware research
  • Hardware hacking labs
  • Embedded Linux analysis
  • Educational use
  • Authorized security testing

What the Tool Does

Firmware Hunter Pro performs offline filesystem analysis.

It does NOT:

  • Execute firmware binaries
  • Exploit devices
  • Automatically attack systems
  • Emulate firmware
  • Connect to external systems automatically

The tool reads files and searches for patterns, indicators, configuration data, and embedded components.

Main Features

Automatic Firmware Extraction

Supports automatic extraction using Binwalk.

Example:

python3 firmware_hunter_pro_v4.py firmware.bin --extract

The tool will:

  1. Run Binwalk
  2. Extract embedded filesystems
  3. Attempt to locate the root filesystem
  4. Scan the extracted contents
  5. Generate reports

Credential Discovery

Searches for:

  • Hardcoded passwords
  • Wi-Fi keys
  • API keys
  • JWT tokens
  • MQTT credentials
  • Admin usernames
  • Secrets stored in configs

Web Interface Mapping

Searches for:

  • CGI scripts
  • Login pages
  • Admin routes
  • Firmware update pages
  • API endpoints
  • JavaScript references

Useful for identifying embedded web management interfaces.

Firmware Component Detection

Attempts to identify:

  • BusyBox versions
  • Linux kernel versions
  • OpenSSL references
  • Dropbear references
  • dnsmasq references
  • Embedded web servers

The tool uses string and configuration analysis for detection.

IOC and Suspicious String Detection

Searches for suspicious strings and known indicators associated with:

  • Mirai
  • Gafgyt/Bashlite
  • Mozi
  • XorDDoS
  • Crypto miners
  • Reverse shell behavior

Detection is heuristic and string-based.

The tool does NOT perform behavioral malware analysis.

ELF and Architecture Analysis

Identifies:

  • ELF binaries
  • CPU architecture hints
  • Endianness
  • Binary metadata

Entropy Analysis

Flags high-entropy files that may contain:

  • Packed data
  • Encrypted data
  • Compressed blobs
  • Binary firmware components

YARA Integration

Optional YARA scanning support.

Example:

python3 firmware_hunter_pro_v4.py firmware.bin --extract --yara rules.yar

Plugin Support

Supports simple Python plugins.

Plugins can be used for:

  • Vendor-specific parsing
  • Custom IOC checks
  • Additional scanning logic

Output

The tool generates:

File Description
firmware_report.html HTML report
firmware_report.txt Main text report
summary.txt Quick summary
full_report.json JSON report
findings.csv CSV export
firmware_report.md Markdown report
categorized evidence files Separate findings

Examples:

  • credential_findings.txt
  • web_routes.txt
  • components.txt
  • malware_iocs.txt
  • interesting_binaries.txt

Installation

Requirements

  • Python 3.9+
  • Linux recommended

Install Dependencies

Required

sudo apt install python3 binwalk

Recommended

sudo apt install squashfs-tools mtd-utils p7zip-full xz-utils

Optional

sudo apt install yara

Usage

Scan Extracted Firmware

python3 firmware_hunter_pro_v4.py squashfs-root

Scan Raw Firmware Image

python3 firmware_hunter_pro_v4.py firmware.bin --extract

Quick Mode

Skips files larger than 10 MB.

python3 firmware_hunter_pro_v4.py firmware.bin --extract --quick

Multi-threading

python3 firmware_hunter_pro_v4.py firmware.bin --extract -j 16

Use Plugins

python3 firmware_hunter_pro_v4.py firmware.bin --extract --plugins plugins/

Example Workflow

1. Obtain Firmware

Example:

flash_dump.bin

2. Run Firmware Hunter Pro

python3 firmware_hunter_pro_v4.py flash_dump.bin --extract

3. Review Reports

Recommended starting points:

  1. summary.txt
  2. credential_findings.txt
  3. web_routes.txt
  4. components.txt
  5. firmware_report.html

Notes About Detection

Firmware Hunter Pro primarily uses:

  • String analysis
  • Regex matching
  • File inspection
  • Metadata extraction
  • Heuristic analysis

The tool may produce:

  • False positives
  • Incomplete detections
  • Generic matches

All findings should be manually reviewed.

The tool is intended as a triage and research aid, not a replacement for manual firmware analysis.

Safety

Avoid running analysis tools on sensitive production systems.

Intended Use

Firmware Hunter Pro is intended for:

  • Educational use
  • Firmware research
  • Reverse engineering
  • Hardware security testing
  • Authorized security analysis

Users are responsible for complying with all applicable laws and regulations.

Do not use the tool on devices or firmware you do not own or have permission to analyze.