Nester420/Firmware_Hunter_Pro
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
87d712cb5a
Firmware_Hunter_Pro/README.md
Nester f85f9c68a8
Update README.md
2026-05-20 18:05:25 -07:00

362 lines
5.7 KiB
Markdown
Raw Blame History

<img width="1801" height="873" alt="Firmware_Hunter" src="https://github.com/user-attachments/assets/82f2e151-5b34-4140-88ca-e20d9f5ab0e5" />
# Firmware Hunter Pro
Firmware Hunter Pro is an offline firmware analysis and triage tool designed for embedded Linux devices such as:
* Routers
* IP cameras
* DVRs
* Smart home devices
* IoT hardware
* Other Linux-based embedded systems
The tool scans extracted firmware filesystems or raw firmware images and generates reports to help identify:
* Hardcoded credentials
* Sensitive files
* Embedded web interfaces
* Interesting binaries
* Suspicious strings
* Possible malware indicators
* Component versions
* Potential attack surfaces
Firmware Hunter Pro is intended for:
* Firmware research
* Hardware hacking labs
* Embedded Linux analysis
* Educational use
* Authorized security testing
---
# What the Tool Does
Firmware Hunter Pro performs offline filesystem analysis.
It does NOT:
* Execute firmware binaries
* Exploit devices
* Automatically attack systems
* Emulate firmware
* Connect to external systems automatically
The tool reads files and searches for patterns, indicators, configuration data, and embedded components.
---
# Main Features
## Automatic Firmware Extraction
Supports automatic extraction using Binwalk.
Example:
```bash
python3 firmware_hunter_pro_v4.py firmware.bin --extract
```
The tool will:
1. Run Binwalk
2. Extract embedded filesystems
3. Attempt to locate the root filesystem
4. Scan the extracted contents
5. Generate reports
---
## Credential Discovery
Searches for:
* Hardcoded passwords
* Wi-Fi keys
* API keys
* JWT tokens
* MQTT credentials
* Admin usernames
* Secrets stored in configs
---
## Web Interface Mapping
Searches for:
* CGI scripts
* Login pages
* Admin routes
* Firmware update pages
* API endpoints
* JavaScript references
Useful for identifying embedded web management interfaces.
---
## Firmware Component Detection
Attempts to identify:
* BusyBox versions
* Linux kernel versions
* OpenSSL references
* Dropbear references
* dnsmasq references
* Embedded web servers
The tool uses string and configuration analysis for detection.
---
## IOC and Suspicious String Detection
Searches for suspicious strings and known indicators associated with:
* Mirai
* Gafgyt/Bashlite
* Mozi
* XorDDoS
* Crypto miners
* Reverse shell behavior
Detection is heuristic and string-based.
The tool does NOT perform behavioral malware analysis.
---
## ELF and Architecture Analysis
Identifies:
* ELF binaries
* CPU architecture hints
* Endianness
* Binary metadata
---
## Entropy Analysis
Flags high-entropy files that may contain:
* Packed data
* Encrypted data
* Compressed blobs
* Binary firmware components
---
## YARA Integration
Optional YARA scanning support.
Example:
```bash
python3 firmware_hunter_pro_v4.py firmware.bin --extract --yara rules.yar
```
---
## Plugin Support
Supports simple Python plugins.
Plugins can be used for:
* Vendor-specific parsing
* Custom IOC checks
* Additional scanning logic
---
# Output
The tool generates:
| File | Description |
| -------------------------- | ----------------- |
| firmware_report.html | HTML report |
| firmware_report.txt | Main text report |
| summary.txt | Quick summary |
| full_report.json | JSON report |
| findings.csv | CSV export |
| firmware_report.md | Markdown report |
| categorized evidence files | Separate findings |
Examples:
* credential_findings.txt
* web_routes.txt
* components.txt
* malware_iocs.txt
* interesting_binaries.txt
---
# Installation
## Requirements
* Python 3.9+
* Linux recommended
---
## Install Dependencies
### Required
```bash
sudo apt install python3 binwalk
```
### Recommended
```bash
sudo apt install squashfs-tools mtd-utils p7zip-full xz-utils
```
### Optional
```bash
sudo apt install yara
```
---
# Usage
## Scan Extracted Firmware
```bash
python3 firmware_hunter_pro_v4.py squashfs-root
```
---
## Scan Raw Firmware Image
```bash
python3 firmware_hunter_pro_v4.py firmware.bin --extract
```
---
## Quick Mode
Skips files larger than 10 MB.
```bash
python3 firmware_hunter_pro_v4.py firmware.bin --extract --quick
```
---
## Multi-threading
```bash
python3 firmware_hunter_pro_v4.py firmware.bin --extract -j 16
```
---
## Use Plugins
```bash
python3 firmware_hunter_pro_v4.py firmware.bin --extract --plugins plugins/
```
---
# Example Workflow
## 1. Obtain Firmware
Example:
```text
flash_dump.bin
```
---
## 2. Run Firmware Hunter Pro
```bash
python3 firmware_hunter_pro_v4.py flash_dump.bin --extract
```
---
## 3. Review Reports
Recommended starting points:
1. summary.txt
2. credential_findings.txt
3. web_routes.txt
4. components.txt
5. firmware_report.html
---
# Notes About Detection
Firmware Hunter Pro primarily uses:
* String analysis
* Regex matching
* File inspection
* Metadata extraction
* Heuristic analysis
The tool may produce:
* False positives
* Incomplete detections
* Generic matches
All findings should be manually reviewed.
The tool is intended as a triage and research aid, not a replacement for manual firmware analysis.
---
# Safety
Recommended environment:
* Linux VM
* Isolated lab system
* Non-production environment
Avoid running analysis tools on sensitive production systems.
---
# Intended Use
Firmware Hunter Pro is intended for:
* Educational use
* Firmware research
* Reverse engineering
* Hardware security testing
* Authorized security analysis
Users are responsible for complying with all applicable laws and regulations.
Do not use the tool on devices or firmware you do not own or have permission to analyze.
---
Reference in New Issue View Git Blame Copy Permalink