EMBA v1.5.2 - SBOM - The next generation

We need to talk about serious SBOM tooling! The CRA will hit us all ... quite hard and very soon. Check the dates (from Wikipedia):

And check the SBOM requiremenents here:

To give it a bump there are also some penalties if you are not able to fulfill the CRA:

We have seen this coming a while ago and decided to move EMBA from the firmware analyzer to the SBOM tool (without loosing our main competence in firmware analysis). During the last months we have rewritten main parts of EMBA to ensure we can build SBOMs. The goal was not only to build some SBOM ... our goal was always to build SBOMs that provide more value, are reproducible and accurate. This also includes targets where no package manager is available but also systems with multiple package managers.

The following highlights happened somehow during the last weeks:

• cve-bin-tool integration for module f17 resulted in a rewrite of f20 (which was completely removed for this release)
• SBOM VEX support via module f17 (integrated into the main SBOM but also available seperated)
• Further sources for SBOM generation are supported - Check our wiki
• Improved S09 threading by @gluesmith2021
• Massive bug fixing - more and more bug reports from our fellow EMBA users are coming in
• More and more users are also helping in fixing stuff ... thank you for supporting EMBA
• Improved the system check on EMBA startup resulted in speeding up EMBA
• Improved our quality checking process of newly built EMBA base images
• Integrated auto generation of kernel and gcc data into our github pipeline (available in config directory)

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we welcome:

• @chconil made their first contribution in #1415

---

How can you reach us and stay up to date? Just take one of these channels:

• Bluesky
• Mastodon
• Github discussions
• Github issues
• LinkedIn
• X

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the CVE database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

For updating your oudated EMBA installation, please check the update section in our wiki.

---

What's Changed

• Fix missing kernel config analysis because of lKCONFIG_EXTRACTED/KCON… by @chconil in #1415
• Metasploit database update by @github-actions in #1417
• CISA known exploited database update by @github-actions in #1418
• Snyk database update by @github-actions in #1419
• Snyk database update by @github-actions in #1421
• CISA known exploited database update by @github-actions in #1420
• Version identifier bugs / New binwalk with improved decryptor by @m-1-k-3 in #1416
• fix s118 threading output / p99 csv by @m-1-k-3 in #1423
• Snyk database update by @github-actions in #1427
• Metasploit database update by @github-actions in #1424
• CISA known exploited database update by @github-actions in #1425
• Quick version identifier update by @github-actions in #1426
• p65 rpm, fixes, cleanup by @m-1-k-3 in #1428
• Quick version identifier update by @github-actions in #1432
• CISA known exploited database update by @github-actions in #1431
• Metasploit database update by @github-actions in #1430
• add ipk module, fix rpm db module by @m-1-k-3 in #1429
• remove grep log by @m-1-k-3 in #1437
• fix x86 run script by @m-1-k-3 in #1435
• update copyright 2025 by @m-1-k-3 in #1438
• Metasploit database update by @github-actions in #1440
• CISA known exploited database update by @github-actions in #1441
• Snyk database update by @github-actions in #1442
• Initial json logger by @m-1-k-3 in #1444
• Little error handling updates by @m-1-k-3 in #1443
• Snyk database update by @github-actions in #1447
• CISA known exploited database update by @github-actions in #1446
• Metasploit database update by @github-actions in #1445
• Metasploit database update by @github-actions in #1449
• CISA known exploited database update by @github-actions in #1450
• Snyk database update by @github-actions in #1451
• CISA known exploited database update by @github-actions in #1454
• Snyk database update by @github-actions in #1455
• Update grype.yml by @BenediktMKuehne in #1456
• Manual update GCC and kernel release configs by @m-1-k-3 in #1457
• Add gcc and linux workflow by @m-1-k-3 in #1460
• Fix empty results from S09 because of "grep: Argument list too long" by @gluesmith2021 in #1461
• CVE bin tool integration, VEX support -> F20 replacement by @m-1-k-3 in #1452
• S09 unique bins by @m-1-k-3 in #1465
• Snyk database update by @github-actions in #1469
• CISA known exploited database update by @github-actions in #1468
• Metasploit database update by @github-actions in #1467
• Effective (and fast) S09 threading by @gluesmith2021 in #1462
• Linux kernel version database update by @github-actions in #1470
• SBOM: C/C++ Conan package management integration by @m-1-k-3 in #1473
• disabled status-bar for embark by @BenediktMKuehne in #1459
• Revert "disabled status-bar for embark" by @BenediktMKuehne in #1474
• fix results from race condition in MD5 list generation by @gluesmith2021 in #1471
• S115 #1476 by @m-1-k-3 in #1477
• CISA known exploited database update by @github-actions in #1481
• Metasploit database update by @github-actions in #1480
• Snyk database update by @github-actions in #1482
• Linux kernel version database update by @github-actions in #1479
• little fixes and cleanup by @m-1-k-3 in #1483
• Foscam extraction (P20) fixes by @m-1-k-3 in #1484
• CVE update db by @m-1-k-3 in #1486
• Metasploit database update by @github-actions in #1488
• Snyk database update by @github-actions in #1491
• Quick version identifier update by @github-actions in #1490
• CISA known exploited database update by @github-actions in #1489
• Linux kernel version database update by @github-actions in #1487
• fixing bugs by @m-1-k-3 in #1492
• SBOM cpan/php/python module...

EMBA v1.5.1 - Rise from the dead or Binwalk is back in town

Let's travel back in time ... In EMBA version 1.2.3 we started removing the old, rusty and unmaintained binwalk (v2) as main extractor from EMBA. See here. Big thanks to the great folks of unblob for jumping in with the most powerful extraction engine that is currently available.

And now fast forward to September 2024 ... Check this bomb

Great news! The new binwalk was not just a quick update, it was a complete rewritten version in rust! As usual we are trying to implement cool projects quite early to get hands on experience ... especially if these are the projects from our own IoT hacking beginnings years ago ;)

Fast forward to Dezember 2024 ...

As the new binwalk is damn fast, EMBA got it as initial extractor into the extraction pipeline! Check it out and let us and Craig know how it performs and how you like it. In this place it is also quite easy to see where binwalk is failing and Unblob is jumping in. Btw. this does not mean that Binwalk is better compared to Unblob! In most of our testcases it was faster but from the success rate Unblob is currently the most powerful extraction engine which automatically jumps in as 2nd extraction engine and is also used for our deep-extraction mode.

The best extraction frameworks together in EMBA ... this must be true love :-D

Beside this big update we have a bunch of other little and big things for you:

• The SBOM engine which was introduced in version 1.5.0 got updates everywhere (new json engine, dependencies are now handled, untracked files can be included, improved package manager integration, optimised static version detection ...)
• EMBA is getting more and more powerful and faster, faster, faster
• Our huge code refactoring part 1 of X is finished
• Regular docker base image update (new capa version, new Ghidra version, ...)
• Kali Linux 2024.4 supported

Beside the technical updates, we were at BlackHat MEA with an Arsenal demo of EMBA. We talked to a lot of interested and interesting people and got some cool ideas for EMBA. You can check our Arsenal slides here and some pictures here

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @0xr3act0r made their first contribution in #1376

---

How can you reach us and stay up to date? Just take one of these channels:

• Bluesky
• Mastodon
• Github discussions
• Github issues
• LinkedIn
• X

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the CVE database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

For updating your oudated EMBA installation, please check the update section in our wiki.

---

What's Changed

• Windows exe improvements by @m-1-k-3 in #1354
• Extend JSON SBOM by @m-1-k-3 in #1353
• SBOM - Duplicates / package files / dependencies by @m-1-k-3 in #1361
• SBOM - Add Poetry files by @m-1-k-3 in #1363
• Further SBOM updates (python pip, rpm, dependency tree) by @m-1-k-3 in #1368
• Json SBOM improvements by @m-1-k-3 in #1374
• Speedup find comands with exec threading / confidence level by @m-1-k-3 in #1375
• Added "apt install linux-modules-extra" package for proper installation of ubi and nandsim modules by @0xr3act0r in #1376
• exit on pre-checking selection by @m-1-k-3 in #1382
• Refactoring, enable threading by @m-1-k-3 in #1383
• Rename scan-profiles by @m-1-k-3 in #1395
• F50 refactoring by @m-1-k-3 in #1396
• helpers var refactor by @m-1-k-3 in #1397
• binwalk v3, refactoring, bugs, S09 speedup by @m-1-k-3 in #1398
• Unhandled files in SBOM by @m-1-k-3 in #1404
• Little fixes (csv, s25, s06, l25), s26 speedup by @m-1-k-3 in #1405
• Improve entropy pic integration by @m-1-k-3 in #1410
• bump version - v1.5.1 by @m-1-k-3 in #1412

New Contributors

• @0xr3act0r made their first contribution in #1376

Full Changelog: v1.5.0-SBOMdorado...v1.5.1-rise-from-the-dead

EMBA v1.5.0 - SBOMdorado

The main goal of EMBA was always to get an accurate real life overview of the threats of a firmware image. While a few years ago the target audience were only pentesters, in today’s EMBA world also software developers, product owners and product security teams are using her to achieve different goals.

Over the time EMBA is grown and today she is not only a firmware analyzer anymore. Nowadays, EMBA is used to test every little piece of unknown binary. While the main interest stays on analyzing Linux based firmware, we have seen that EMBA is also used for UEFI, Windows binaries, Linux binaries, different Scripts, Android APKs and a lot of other stuff. Beside the high fragmentation of the targets under test, we have seen a growing demand for SBOM generation. EMBA includes some kind of basic SBOM support for ages, but as most of our analyzed binaries do not rely on some kind of package managers, we have not seen the demand for supporting them on a broad base - until today.

We have now adjusted our approach to support a broad range of package managers, packet types and further sources for getting an accurate SBOM out of every testing candidate.

Beside our binary analysis mechanism as the only source of truth, EMBA is now able to extract further details from the following sources:

• Binaries and libraries
• Linux Kernel
• Kernel modules
• Linux distribution identification
• RPM package management system
• Debian package management system
• OpenWRT Package management system
• Python PIP package management system
• Python requirements files
• RPM packages
• DEB packages
• FreeBSD pkg packages
• Java archives
• Alpine APK
• Python poetry
• Python wheel
• Rust (cargo.lock)
• Ruby (gem)
• JavaScript - npm
• Windows binary exif data
• Windows binary extraction and analysis

Further details can be found in our wiki

Additionally, we did something more:

• FLOSS interview - check it out here
• Ubuntu 24.04 LTS support
• Switching from docker-compose to docker compose
• Bug fixing
• Refactoring
• Docker base image updates

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

A big kudos goes to to offchain-audit for his sponsoring and to n0x08 for his ongoing support.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @gluesmith2021 made their first contribution in #1150
• @Grezzo made their first contribution in #1222

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

---

What's Changed

• #1073 by @m-1-k-3 in #1076
• restart EMBA functionality by @m-1-k-3 in #1078
• make the quick mode quick by @m-1-k-3 in #1081
• Make the updater work again by @m-1-k-3 in #1082
• fix hardening log for s16 by @m-1-k-3 in #1084
• Quick version identifier update by @github-actions in #1089
• Metasploit database update by @github-actions in #1087
• CISA known exploited database update by @github-actions in #1088
• Snyk database update by @github-actions in #1090
• Packetstorm database update by @github-actions in #1091
• fix day cnt by @m-1-k-3 in #1085
• fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
• Metasploit database update by @github-actions in #1094
• full names and working tagging for packetstorm script by @HoxhaEndri in #1061
• add md5sum to binaries by @m-1-k-3 in #1096
• installer srecord by @m-1-k-3 in #1097
• Firmware/binary handling again by @m-1-k-3 in #1099
• little fixes by @m-1-k-3 in #1102
• Quick version identifier update by @github-actions in #1105
• CISA known exploited database update by @github-actions in #1104
• Metasploit database update by @github-actions in #1103
• Packetstorm database update by @github-actions in #1107
• Snyk database update by @github-actions in #1106
• Packetstorm database update by @github-actions in #1113
• CISA known exploited database update by @github-actions in #1111
• Metasploit database update by @github-actions in #1110
• Snyk database update by @github-actions in #1112
• xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
• FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
• Workflow docker builder updates by @m-1-k-3 in #1115
• Remove Arachni / refactoring by @m-1-k-3 in #1117
• Packetstorm database update by @github-actions in #1122
• CISA known exploited database update by @github-actions in #1120
• csv issues #1116 by @m-1-k-3 in #1118
• Metasploit database update by @github-actions in #1119
• Snyk database update by @github-actions in #1121
• csv issues #1116 by @m-1-k-3 in #1123
• f10 csv fix by @m-1-k-3 in #1124
• Vars check by @m-1-k-3 in #1126
• Metasploit database update by @github-actions in #1128
• CISA known exploited database update by @github-actions in #1129
• Packetstorm database update by @github-actions in #1131
• Snyk database update by @github-actions in #1130
• further vars cleanup, kev in f20 by @m-1-k-3 in #1127
• var cleanup, status_bar fix by @m-1-k-3 in #1132
• S36 updates, l10 fixes by @m-1-k-3 in #1133
• CISA known exploited database update by @github-actions in #1135
• Packetstorm database update by @github-actions in #1137
• Metasploit database update by @github-actions in #1134
• Snyk database update by @github-actions in #1136
• Emulation updates by @m-1-k-3 in #1140
• Packetstorm database update by @github-actions in #1144
• CISA known exploited database update by @github-actions in #1142
• Metasploit database update by @github-actions in #1141
• s115 qemu command output by @m-1-k-3 in #1145
• Snyk database update by @github-actions in #1143
• Packetstorm database update by @github-actions in #1149
• CISA known exploited database update by @github-actions in #1147
• Metasploit database update by @github-actions in #1146
• Snyk database update by @github-actions in #1148
• Metasploit database update by @github-actions in #1151
• Packetstorm database update by @github-actions in #1153
• Snyk database update by @github-actions in #1152
• Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
• Update default-scan-no-notify.emba by @BenediktMKuehne in https://g...

EMBA v1.4.2-Summertime

This release includes one new module as well as a huge amount of little updates, bug fixes and refactoring for your smooth summer time:

• New capa module with ATT&CK support introduced as S18 - see #1212
• Massive variable name refactoring
• Bash expansion refactoring
• Multiple bug fixes and improvements in the system emulation engine
• Medium article - Leveraging Automated Firmware Analysis with the Open-Source Firmware Analyzer EMBA

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @Grezzo made their first contribution in #1222

What's Changed

• Update EMBA VERSION.txt by @github-actions in #1203
• little updates by @m-1-k-3 in #1204
• Metasploit database update by @github-actions in #1205
• Snyk database update by @github-actions in #1206
• Packetstorm database update by @github-actions in #1207
• CISA known exploited database update by @github-actions in #1209
• more bash expansion refactoring by @m-1-k-3 in #1215
• P23 improvements of handling nbd devices by @m-1-k-3 in #1214
• Module documentation template by @m-1-k-3 in #1216
• New capa (identify capabilities in executable files) module with ATT&CK support (S18) by @m-1-k-3 in #1212
• fix p35 by @m-1-k-3 in #1221
• Fix spelling mistake in S23_lua_check.sh by @Grezzo in #1222
• fix s109, p35 by @m-1-k-3 in #1224
• Improve ssdeep command in EMBA by @m-1-k-3 in #1225
• Update docker-compose.yml by @BenediktMKuehne in #1232
• installer fix for #1226 by @m-1-k-3 in #1233
• Little updates by @m-1-k-3 in #1234
• Improve Patool error output by @m-1-k-3 in #1236
• ftp client by @m-1-k-3 in #1241
• L10 init recovery test mode by @m-1-k-3 in #1246
• docker compose install issue by @m-1-k-3 in #1248
• libmagic by @m-1-k-3 in #1249
• little s18 fix by @m-1-k-3 in #1251
• S08 / Installer by @m-1-k-3 in #1255
• docker compose vs docker-compose by @m-1-k-3 in #1260
• little l10 improvements by @m-1-k-3 in #1261
• log_bin_hardening improved by @m-1-k-3 in #1262
• refactoring, L10 fixes by @m-1-k-3 in #1263
• Service handling for lighttpd, debugging services by @m-1-k-3 in #1265
• bump version v1.4.2 by @m-1-k-3 in #1267

New Contributors

• @Grezzo made their first contribution in #1222

Full Changelog: 1.4.1-white-rabbit...1.4.2-Summertime

EMBA v1.4.1 - Follow the white rabbit

Probably you all know that it is the 25th anniversary of the legendary Matrix movie! With the latest release EMBA got massive improvements in building the Matrix via emulation.

This release reflects the recent updates in our system emulation engine.

Short summary of the latest highlights:

• We started rebuilding and upgrading the toolchain of the system emulation engine - With the current work in place we can further update the outdated FirmAE and firmadyne environment which our emulation engine is originally based on
• Linux kernel upgraded from version 4.1.17 (the original firmadyne and FirmAE version) to version 4.1.52 - The original firmadyne kernel is from 01/2016 and a bit rusty. With the update to 4.1.52 (which is from 05/2018) we moved forward in time for more than 2 years. In the future we plan further updates to include more modern kernels.
• Busybox updated from 1.29.3 to the current version 1.36.1
• Multiple libnvram patches were merged from the rehosting repo of libnvram which is maintained primarly by @AndrewFasano
• Including an optional netcat listener to the system emulation engine
• Further debugging possibilities via strace, gdb and gdbserver added to the system emulation engine
• Handling of time64/time32 support in firmware via updated musl libc for libnvram - This hopefully results in an improved handling on more modern firmware
• Improved environment for ARM64 and MIPS64 architecture
• FIRST EPSS (Exploit Prediction Scoring System) integration - see #1109
• Updated docker base image to Kali 2024-2
• @gluesmith2021 fixed multiple bugs in our version detection and CVE engine - see here

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @gluesmith2021 made their first contribution in #1150

What's Changed

• #1073 by @m-1-k-3 in #1076
• restart EMBA functionality by @m-1-k-3 in #1078
• make the quick mode quick by @m-1-k-3 in #1081
• Make the updater work again by @m-1-k-3 in #1082
• fix hardening log for s16 by @m-1-k-3 in #1084
• Quick version identifier update by @github-actions in #1089
• Metasploit database update by @github-actions in #1087
• CISA known exploited database update by @github-actions in #1088
• Snyk database update by @github-actions in #1090
• Packetstorm database update by @github-actions in #1091
• fix day cnt by @m-1-k-3 in #1085
• fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
• Metasploit database update by @github-actions in #1094
• full names and working tagging for packetstorm script by @HoxhaEndri in #1061
• add md5sum to binaries by @m-1-k-3 in #1096
• installer srecord by @m-1-k-3 in #1097
• Firmware/binary handling again by @m-1-k-3 in #1099
• little fixes by @m-1-k-3 in #1102
• Quick version identifier update by @github-actions in #1105
• CISA known exploited database update by @github-actions in #1104
• Metasploit database update by @github-actions in #1103
• Packetstorm database update by @github-actions in #1107
• Snyk database update by @github-actions in #1106
• Packetstorm database update by @github-actions in #1113
• CISA known exploited database update by @github-actions in #1111
• Metasploit database update by @github-actions in #1110
• Snyk database update by @github-actions in #1112
• xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
• FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
• Workflow docker builder updates by @m-1-k-3 in #1115
• Remove Arachni / refactoring by @m-1-k-3 in #1117
• Packetstorm database update by @github-actions in #1122
• CISA known exploited database update by @github-actions in #1120
• csv issues #1116 by @m-1-k-3 in #1118
• Metasploit database update by @github-actions in #1119
• Snyk database update by @github-actions in #1121
• csv issues #1116 by @m-1-k-3 in #1123
• f10 csv fix by @m-1-k-3 in #1124
• Vars check by @m-1-k-3 in #1126
• Metasploit database update by @github-actions in #1128
• CISA known exploited database update by @github-actions in #1129
• Packetstorm database update by @github-actions in #1131
• Snyk database update by @github-actions in #1130
• further vars cleanup, kev in f20 by @m-1-k-3 in #1127
• var cleanup, status_bar fix by @m-1-k-3 in #1132
• S36 updates, l10 fixes by @m-1-k-3 in #1133
• CISA known exploited database update by @github-actions in #1135
• Packetstorm database update by @github-actions in #1137
• Metasploit database update by @github-actions in #1134
• Snyk database update by @github-actions in #1136
• Emulation updates by @m-1-k-3 in #1140
• Packetstorm database update by @github-actions in #1144
• CISA known exploited database update by @github-actions in #1142
• Metasploit database update by @github-actions in #1141
• s115 qemu command output by @m-1-k-3 in #1145
• Snyk database update by @github-actions in #1143
• Packetstorm database update by @github-actions in #1149
• CISA known exploited database update by @github-actions in #1147
• Metasploit database update by @github-actions in #1146
• Snyk database update by @github-actions in #1148
• Metasploit database update by @github-actions in #1151
• Packetstorm database update by @github-actions in #1153
• Snyk database update by @github-actions in #1152
• Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
• Update default-scan-no-notify.emba by @BenediktMKuehne in #1156
• Packetstorm database update by @github-actions in #1161
• Quick version identifier update by @github-actions in #1160
• CISA known exploited database update by @github-actions in #1158
• fix zlib (unzip) version string by @gluesmith2021 in #1164
• JTR hash sorting by @BenediktMKuehne in https://github.com/...

EMBA v1.4.0 - ICS testing Edt.

As we do a lot of ICS/OT testing in our daily business, we thought this release should reflect our usual EMBA usage scenario. Welcome to another huge EMBA release with a lot new features: EMBA v1.4.0 - ICS testing Editition

This time we have collected the following highlights for you:

• less bugs -> more code -> more bugs? -> report all our bugs here
• Extended binary analysis via semgrep (see module s16)
• New static perl analysis via zarn (see module s27)
• Toolchain identification (see wiki)
• Improved update checking (see wiki)
• New scan interface (with integrated status bar) automatically enabled in most scan-profiles
• Improved multiple backend workflows
• Massive speedup of multiple EMBA modules (see #1006 / #996)
• Updated docker base image (see wiki)
• You can get in contact with us on the following social networks: X / Mastodon / NEW: Bluesky
• We can meet in real life at BlackHat Asia this year (see Arsenal schedule)
• Special thanks to our awesome community for releasing multiple new articles around EMBA - see our dedicated section in the wiki

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @413x8 made their first contribution in #931
• @mj138 made their first contribution in #939
• @jblu42 made their first contribution in #987
• @floyd-fuh made their first contribution in #1030

Welcome to the EMBA firmware analysis environment and thank you for your valuable contribution.

---

What's Changed

• Internet check not blocking by @m-1-k-3 in #722
• Fix docker build workflow by @m-1-k-3 in #723
• disable disk space monitor by @m-1-k-3 in #724
• print fix, http crawler by @m-1-k-3 in #732
• Code cleanup by @m-1-k-3 in #733
• Fix updater by @m-1-k-3 in #749
• Unblob v23.8.11 by @m-1-k-3 in #750
• PEM file with multiple certificates by @HoxhaEndri in #736
• Update README.md by @m-1-k-3 in #757
• add file-command to default deps by @BenediktMKuehne in #763
• Update semgrep workflow by @m-1-k-3 in #764
• Debian repos - https only for Kali by @m-1-k-3 in #766
• Curl online check by @m-1-k-3 in #774
• Improve PW cracking module s107 by @m-1-k-3 in #773
• Check container nr disable for dev mode by @m-1-k-3 in #776
• Set variable by @m-1-k-3 in #777
• Installer updates by @m-1-k-3 in #779
• fix gpt path by @m-1-k-3 in #789
• Improve web page crawler by @m-1-k-3 in #795
• little fix by @m-1-k-3 in #796
• disable the trickest exploit db by @m-1-k-3 in #797
• Debian installer support by @m-1-k-3 in #798
• grep -v -> tail by @m-1-k-3 in #812
• Proxy support by @m-1-k-3 in #811
• Firmware diffing preparation by @m-1-k-3 in #804
• nikto setup, compose cleanup by @m-1-k-3 in #814
• System emulation fs mount improvements by @m-1-k-3 in #815
• L10 Fix SC2250 shellcheck by @HoxhaEndri in #822
• Installer debian package file format by @m-1-k-3 in #826
• Cleanup of PS crawler by @m-1-k-3 in #833
• Check for arachni user and shellcheck braces by @HoxhaEndri in #834
• Try cve db update multiple times during installation by @m-1-k-3 in #837
• Firmware diffing modules by @m-1-k-3 in #838
• fix #839 by @m-1-k-3 in #844
• Semgrep checks and shellcheck braces checks by @HoxhaEndri in #835
• check for space at the end of a line by @HoxhaEndri in #845
• Update installer, dep-check by @m-1-k-3 in #846
• strict mode grep error by @HoxhaEndri in #848
• BMC firmware extractor by @m-1-k-3 in #853
• braces check for all scripts inside "helpers" folder and "installer" folder by @HoxhaEndri in #854
• kernel-hardening-checker fix by @m-1-k-3 in #855
• Version 1.3.1 by @m-1-k-3 in #856
• Version identifiers, Arch check in installer, diff updates by @m-1-k-3 in #860
• check braces for modules scripts by @HoxhaEndri in #861
• braces checked for all script files by @HoxhaEndri in #865
• shellcheck braces check in check_project and in workflow by @HoxhaEndri in #866
• Improve diff mode by @m-1-k-3 in #867
• Fix grep -R by @m-1-k-3 in #869
• CPU check for SSSE3 by @m-1-k-3 in #870
• Diff threading + improved reporting by @m-1-k-3 in #871
• #873 fix by @m-1-k-3 in #874
• zlib string from dell bios firmware by @HoxhaEndri in #872
• Create first_interaction.yml by @m-1-k-3 in #877
• UEFI analysis improvements by @m-1-k-3 in #876
• fwhunt check entire firmware first by @HoxhaEndri in #881
• new version strings and comment for fwhunt by @HoxhaEndri in #882
• integrate cveXplore settings by @BenediktMKuehne in #884
• Install CveXplore v0.3.16++ by @m-1-k-3 in #892
• Full system emulation dependency s24 by @m-1-k-3 in #896
• Cvexplore integration by @BenediktMKuehne in #887
• switch pip install for cvexplore to git repo by @BenediktMKuehne in #899
• Docker-compose cleanup by @m-1-k-3 in #891
• Issue 889 by @m-1-k-3 in #902
• L10, S05 fixes by @m-1-k-3 in #903
• L23 VNC checker modules by @m-1-k-3 in #904
• update first interaction by @m-1-k-3 in #906
• Update check again - #908 by @m-1-k-3 in #909
• Make Routersploit work again by @m-1-k-3 in #910
• Stick to version and check it from requests and urllib3 by @m-1-k-3 in #911
• Improve dep checker by @m-1-k-3 in #912
• Replacement of current cve query mechanism by @m-1-k-3 in #913
• Fix workflows, improve CVE identification by @m-1-k-3 in https://github.com/e-m-b-a/emba...

EMBA v1.3.2 - EMBArk is out

The last EMBA release is not too long ago but in the mean time there was so much going on ... The most important thing is ...

The first official EMBArk release is out now!

Everything started as an idea in the beginning of 2021. The idea was to build an enterprise ready open source firmware analysis environment on top of EMBA. This environment should allow every product security team as well as every penetration tester and security researcher to use professional firmware analysis to improve the security of IoT/OT/ICS ... (you name it) devices as easy as possible. This idea was mixed up to an AMOS research project, where a team of students built a first PoC of EMBArk. You can find the original project here. From there on continuous work, improvement and testing was running more or less under the radar. Until today ... EMBArk is stable and ready for more! Kudos to @BenediktMKuehne for pushing it to the next level.

---

Say hi to our centralized firmware security analysis environment EMBArk! Check it out here, use it, give us feedback or improve it and start being part of this open source environment.

---

On EMBA side we have some "bumpy" weeks in the neck:

• As the NIST API is currently changing and we had some serious issues with our cve-search integration we decided to rewrite it by ourself. This process took us some time to get the CVE identification feature fully working again. Thanks for all your testing and feedback during this process. With the new integration EMBA is faster, more stable and the installation is not that error prone anymore.
• UEFI analysis integration was massively improved - see here
• A lot of code cleanup was done by @HoxhaEndri
• A new update check functionality by @HoxhaEndri
• Improved firmware diffing environment - see here
• Updated and new reporting templates by @413x8
• Your great feedback is now collected in our wiki
• Further public online resources are available and collected here
• New support possibilities via patreon or buymeacoffee

Thank you for all your feedback and your testing since version 1.3.1!

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome two of them:

• @413x8
• @mj138

Welcome to the EMBA environment and thank you for your valuable contribution.

---

We are looking for (release) sponsors here

---

What's Changed

• Version identifiers, Arch check in installer, diff updates by @m-1-k-3 in #860
• Snyk database update by @github-actions in #864
• CISA known exploited database update by @github-actions in #863
• Metasploit database update by @github-actions in #862
• check braces for modules scripts by @HoxhaEndri in #861
• braces checked for all script files by @HoxhaEndri in #865
• shellcheck braces check in check_project and in workflow by @HoxhaEndri in #866
• Improve diff mode by @m-1-k-3 in #867
• Fix grep -R by @m-1-k-3 in #869
• CPU check for SSSE3 by @m-1-k-3 in #870
• Diff threading + improved reporting by @m-1-k-3 in #871
• #873 fix by @m-1-k-3 in #874
• zlib string from dell bios firmware by @HoxhaEndri in #872
• Create first_interaction.yml by @m-1-k-3 in #877
• Metasploit database update by @github-actions in #878
• CISA known exploited database update by @github-actions in #879
• Snyk database update by @github-actions in #880
• UEFI analysis improvements by @m-1-k-3 in #876
• fwhunt check entire firmware first by @HoxhaEndri in #881
• new version strings and comment for fwhunt by @HoxhaEndri in #882
• integrate cveXplore settings by @BenediktMKuehne in #884
• Install CveXplore v0.3.16++ by @m-1-k-3 in #892
• Snyk database update by @github-actions in #894
• Packetstorm database update by @github-actions in #895
• CISA known exploited database update by @github-actions in #893
• Full system emulation dependency s24 by @m-1-k-3 in #896
• Cvexplore integration by @BenediktMKuehne in #887
• switch pip install for cvexplore to git repo by @BenediktMKuehne in #899
• Docker-compose cleanup by @m-1-k-3 in #891
• Issue 889 by @m-1-k-3 in #902
• Update FUNDING.yml by @m-1-k-3 in #905
• L10, S05 fixes by @m-1-k-3 in #903
• L23 VNC checker modules by @m-1-k-3 in #904
• update first interaction by @m-1-k-3 in #906
• Update FUNDING.yml by @m-1-k-3 in #907
• Update check again - #908 by @m-1-k-3 in #909
• Make Routersploit work again by @m-1-k-3 in #910
• Stick to version and check it from requests and urllib3 by @m-1-k-3 in #911
• Improve dep checker by @m-1-k-3 in #912
• CISA known exploited database update by @github-actions in #915
• Packetstorm database update by @github-actions in #917
• Snyk database update by @github-actions in #916
• Replacement of current cve query mechanism by @m-1-k-3 in #913
• Fix workflows, improve CVE identification by @m-1-k-3 in #919
• rootfs check in uefi extractor by @m-1-k-3 in #921
• fix install workflow by @m-1-k-3 in #922
• check for versions (emba, git and docker) by @HoxhaEndri in #918
• Update FUNDING.yml by @m-1-k-3 in #924
• Update FUNDING.yml by @m-1-k-3 in #925
• Update FUNDING.yml by @m-1-k-3 in #926
• Update FUNDING.yml by @m-1-k-3 in #927
• S26 module fix by @m-1-k-3 in #928
• remove update scripts by @m-1-k-3 in #923
• Packetstorm database update by @github-actions in #935
• CISA known exploited database update by @github-actions in #933
• Snyk database update by @github-actions in #934
• Metasploit database update by @github-actions in #932
• Pre templates by @413x8 in #931
• Multiple fixes by @m-1-k-3 in #930
• Contributors update by @m-1-k-3 in #937
• update default profile for EMBArk by @m-1-k-3 in #938
• Fix parsing of version number from binary version string by @mj138 in #939
• Update Contributors, version by @m-1-k-3 in #940
• Fix parsing of binary name from binary version string by @mj138 in #942
• little cleanup by @m-1-k-3 in #944
• Docker build updates for Kali 2023.4 by @m-1-k-3 in #945
• Metasploit database update by @github-actions in #948
• CISA known exploited database update by @github-actions in #949
• Snyk database update by @github-actions in #950
• Packetstorm database update by @github-actions in #951
• Include 0xdea semgrep rules and haruspex ghidra script, improve cwe-search integration by @m-1-k-3 in #946
• s14 r2 startup command update by @m-1-k-3 in #952
• r2 bin cache by @m-1-k-3 in #953
• fix for #954 by @m-1-k-3 in #955
• Enable workflow dispatch by @m-1-k-3 in #956

New Contributors

• @413x8 made their first contribution in h...

EMBA v1.3.1 - Diff it

What happened since the last EMBA release?

There was the absolute great #Hackersummercamp with our talks at BSidesLV, ICS Village (DEF CON) and Black Hat (Arsenal). The recording of the BSides talk is already available here. Beside this, Nate did a really great talk at BruCON – see here.

Beside a lot of code cleanup, bug fixing and some little improvements the new firmware diffing mode is one of the highlights in version 1.3.1.
In 1 day bug hunting, exploit development and the identification of silent patching it is quite common to identify the differences between two firmware releases.
To use this new feature (as usual in a very early alpha state) it is now possible to define a second firmware with the -o parameter. EMBA starts with some basic analysis of both firmware images, extracts both images and finds the differences between these firmware images:

If the file is some ASCII file a nice diff is shown:

If the file is a binary file we use radare2 for further analysis:

For further details check our Wiki

Happy bug hunting :)

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

What's Changed

• Internet check not blocking by @m-1-k-3 in #722
• Fix docker build workflow by @m-1-k-3 in #723
• disable disk space monitor by @m-1-k-3 in #724
• print fix, http crawler by @m-1-k-3 in #732
• Code cleanup by @m-1-k-3 in #733
• Fix updater by @m-1-k-3 in #749
• Unblob v23.8.11 by @m-1-k-3 in #750
• PEM file with multiple certificates by @HoxhaEndri in #736
• Update README.md by @m-1-k-3 in #757
• add file-command to default deps by @BenediktMKuehne in #763
• Update semgrep workflow by @m-1-k-3 in #764
• Debian repos - https only for Kali by @m-1-k-3 in #766
• Curl online check by @m-1-k-3 in #774
• Improve PW cracking module s107 by @m-1-k-3 in #773
• Check container nr disable for dev mode by @m-1-k-3 in #776
• Set variable by @m-1-k-3 in #777
• Installer updates by @m-1-k-3 in #779
• fix gpt path by @m-1-k-3 in #789
• Improve web page crawler by @m-1-k-3 in #795
• little fix by @m-1-k-3 in #796
• disable the trickest exploit db by @m-1-k-3 in #797
• Debian installer support by @m-1-k-3 in #798
• grep -v -> tail by @m-1-k-3 in #812
• Proxy support by @m-1-k-3 in #811
• Firmware diffing preparation by @m-1-k-3 in #804
• nikto setup, compose cleanup by @m-1-k-3 in #814
• System emulation fs mount improvements by @m-1-k-3 in #815
• L10 Fix SC2250 shellcheck by @HoxhaEndri in #822
• Installer debian package file format by @m-1-k-3 in #826
• Cleanup of PS crawler by @m-1-k-3 in #833
• Check for arachni user and shellcheck braces by @HoxhaEndri in #834
• Try cve db update multiple times during installation by @m-1-k-3 in #837
• Firmware diffing modules by @m-1-k-3 in #838
• fix #839 by @m-1-k-3 in #844
• Semgrep checks and shellcheck braces checks by @HoxhaEndri in #835
• check for space at the end of a line by @HoxhaEndri in #845
• Update installer, dep-check by @m-1-k-3 in #846
• strict mode grep error by @HoxhaEndri in #848
• Packetstorm database update by @github-actions in #852
• Snyk database update by @github-actions in #851
• CISA known exploited database update by @github-actions in #850
• Metasploit database update by @github-actions in #849
• BMC firmware extractor by @m-1-k-3 in #853
• braces check for all scripts inside "helpers" folder and "installer" folder by @HoxhaEndri in #854
• kernel-hardening-checker fix by @m-1-k-3 in #855
• Version 1.3.1 by @m-1-k-3 in #856

Full Changelog: 1.3.0-AI-for-EMBA...1.3.1-diff-all-the-firmwares

EMBA v1.3.0 - AI-Assisted Firmware Analysis

Q: Can we use AI for firmware analysis?
A: Sure, let's do it! EMBA now supports AI-assisted firmware analysis.

Again, we rise the bar in the field of Open-Source firmware security analysis. After establishing user-mode emulation or system emulation this time we moved to AI-assisted firmware analysis. More details about our AI integration are available in our Wiki

---

#Hackersummercamp ahead!
We got the amazing opportunity to show EMBA at the BSides conference in Las Vegas. The schedule is available here.

Additionally, you will find us with a live EMBA demo at Black Hat Arsenal

See you all in Vegas

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

What's Changed

• Exit of add_partition in L10 by @m-1-k-3 in #430
• log dir on dep check by @m-1-k-3 in #428
• Nikto dep fix by @m-1-k-3 in #429
• cwe-checker install latest master by @m-1-k-3 in #431
• Further trickest blacklist entries by @m-1-k-3 in #432
• Freetzng-fix by @BenediktMKuehne in #433
• update sub-shell pwd fix by @BenediktMKuehne in #435
• Add Packetstorm and Snyk PoC sources by @m-1-k-3 in #434
• Full install fixes by @m-1-k-3 in #436
• s115 - empty log handling by @m-1-k-3 in #438
• Minimal cve-search installation / Dependency issues by @m-1-k-3 in #442
• blacklist update by @m-1-k-3 in #441
• Introducing module_wait helper function by @m-1-k-3 in #439
• Fix dependencies by @m-1-k-3 in #445
• Code cleanup - comments by @m-1-k-3 in #446
• Copyright updates 2023 by @m-1-k-3 in #447
• Kernel downloader and vulnerability verifier by @m-1-k-3 in #451
• cron job fix by @m-1-k-3 in #453
• L10 improvements, more services by @m-1-k-3 in #454
• Kernel config analysis by @m-1-k-3 in #455
• Update the known exploit behaviour by @m-1-k-3 in #458
• example disable profile by @m-1-k-3 in #457
• Refactoring by @m-1-k-3 in #462
• exploit databases updated by @m-1-k-3 in #466
• S12 - checksec implementation fix by @m-1-k-3 in #463
• Improve stop of system emulation by @m-1-k-3 in #465
• Hexagon support by @m-1-k-3 in #467
• Lighttpd analysis module by @m-1-k-3 in #469
• s08 safe_echo fix by @m-1-k-3 in #470
• p35 - true to not fail, s26 - check for files by @m-1-k-3 in #471
• JTR crack multiple hash types by @m-1-k-3 in #473
• deprecated -l option by @m-1-k-3 in #476
• s36 fixes, renamed p61 by @m-1-k-3 in #477
• System emulator improvements by @m-1-k-3 in #478
• Respect module blacklist in waiting state / Installer fix by @m-1-k-3 in #479
• Exploit database update, debug mode, command line tests by @m-1-k-3 in #481
• Add wordlist mechanism to s109 by @m-1-k-3 in #482
• csv export of p59, p60 and p70 by @m-1-k-3 in #483
• disk space monitor, rpm package analysis by @m-1-k-3 in #485
• Improve output of help command by @m-1-k-3 in #492
• Setup further workflows by @m-1-k-3 in #490
• Remove timezone setting by @m-1-k-3 in #494
• Refactor, PID log, Github actions, APKHunt by @m-1-k-3 in #495
• Packetstorm database update by @github-actions in #498
• Snyk database update by @github-actions in #497
• Metasploit database update by @github-actions in #496
• Improve restart EMBA analysis feature by @m-1-k-3 in #499
• Fix install with pip v23+ by @m-1-k-3 in #500
• Another PIPv23 fix by @m-1-k-3 in #501
• return if empty by @m-1-k-3 in #502
• Input validation by @m-1-k-3 in #505
• Check for update setting by @m-1-k-3 in #504
• Routersploit update workflow by @m-1-k-3 in #503
• Dependency checker, workflow by @m-1-k-3 in #506
• Metasploit database update by @github-actions in #509
• Snyk database update by @github-actions in #510
• CISA known exploited database update by @github-actions in #512
• Packetstorm database update by @github-actions in #514
• System emulation improvements, workflow by @m-1-k-3 in #515
• CVE state message printing by @m-1-k-3 in #518
• Packetstorm database update by @github-actions in #528
• Snyk database update by @github-actions in #527
• CISA known exploited database update by @github-actions in #525
• Routersploit database update by @github-actions in #524
• Metasploit database update by @github-actions in #523
• Trickest PoC database update by @github-actions in #526
• Input adjustment by @m-1-k-3 in #529
• version validation by @m-1-k-3 in #530
• PATH variable bug by @m-1-k-3 in #531
• EMBA v1.2.2 - Blue Hat edt. by @m-1-k-3 in #532
• Sponsoring issues by @m-1-k-3 in #534
• Metasploit database update by @github-actions in #536
• Snyk database update by @github-actions in #539
• CISA known exploited database update by @github-actions in #537
• Packetstorm database update by @github-actions in #540
• L25 improvements / multiple little fixes by @m-1-k-3 in #535
• L10 module improvements by @m-1-k-3 in #543
• Metasploit database update by @github-actions in #545
• Snyk database update by @github-actions in #547
• Packetstorm database update by @github-actions in #548
• New version strings (Flex and NBTscan) by @HoxhaEndri in #549
• L10 improvement round x by @m-1-k-3 in #550
• links in templates by @m-1-k-3 in #555
• Freetz extraction module deprecated by @m-1-k-3 in #554
• fix for #551 by @m-1-k-3 in #553
• Testing workflows by @BenediktMKuehne in #541
• Packetstorm database update by @github-actions in #563
• Snyk database update by @github-actions in #562
• CISA known exploited database update by @github-actions in #560
• Metasploit database update by @github-actions in #559
• Improve web crawler (L25) by @m-1-k-3 in #557
• Updated installer.sh for "ubuntu debian" /etc/os-release and new version string by @HoxhaEndri in #552
• SNMP module improvements by @m-1-k-3 in #565
• Remove warning apt-key is deprecated by @HoxhaEndri in #564
• update entropy output by @BenediktMKuehne in #566...

EMBA v1.2.3 - R.I.P. Binwalk

Binwalk, it was a long and great time with you. Now, you are a bit old and rusty and we had some issues in the past. Looks like we need to change our relationship a little bit ...

The binwalk extractor is already unmaintained for a quite long time period. In this time, we jumped in with multiple extractor modules within EMBA to keep the great extraction up. In the last year we have looked quite interested at the development process of Unblob.
We already integrated Unblob as an evaluation module a while ago. Currently it is integrated as the second extraction framework beside binwalk to jump in if our main binwalk/EMBA approach failed.

Now, it is time to change the game and to make Unblob to our main extractor and use binwalk only in the rare case Unblob failed.

Another very cool highlight is the acceptance of EMBA in the embedded research environment. Nate released a great article around analysing IoT devices here

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also become a sponsor.

Check it out here and start being an essential part of the future of EMBA

What's Changed

• L25 improvements / multiple little fixes by @m-1-k-3 in #535
• L10 module improvements by @m-1-k-3 in #543
• New version strings (Flex and NBTscan) by @HoxhaEndri in #549
• L10 improvement round x by @m-1-k-3 in #550
• links in templates by @m-1-k-3 in #555
• Freetz extraction module deprecated by @m-1-k-3 in #554
• fix for #551 by @m-1-k-3 in #553
• Testing workflows by @BenediktMKuehne in #541
• Improve web crawler (L25) by @m-1-k-3 in #557
• Updated installer.sh for "ubuntu debian" /etc/os-release and new version string by @HoxhaEndri in #552
• SNMP module improvements by @m-1-k-3 in #565
• Remove warning apt-key is deprecated by @HoxhaEndri in #564
• update entropy output by @BenediktMKuehne in #566
• Ignore files containing the following paths: /dev/ /proc/ /sys/ by @HoxhaEndri in #569
• Fix arch detection in f50 by @m-1-k-3 in #567
• Install fixes by @m-1-k-3 in #570
• fix l10 error case by @m-1-k-3 in #571
• Improved default profile handling / running modules script by @m-1-k-3 in #572
• Fail fetch aspnetcore-targeting-pack when cleaning up by @m-1-k-3 in #579
• Metasploit database update by @github-actions in #581
• CISA known exploited database update by @github-actions in #582
• Packetstorm database update by @github-actions in #585
• Snyk database update by @github-actions in #584
• Trickest PoC database update by @github-actions in #583
• fix actions, fix l10 lnk fixer by @m-1-k-3 in #580
• remove unneeded resource by @BenediktMKuehne in #586
• Revert "remove unneeded resource" by @m-1-k-3 in #587
• SBOM generation fix for non vuln components by @m-1-k-3 in #589
• Avoiding /proc and /sys paths (-xdev) in symlink script and check for missing symlinks in s115 by @HoxhaEndri in #590
• Packetstorm database update by @github-actions in #597
• Snyk database update by @github-actions in #596
• CISA known exploited database update by @github-actions in #594
• Metasploit database update by @github-actions in #593
• Lua script analysis support, UPnP live module, improvements by @m-1-k-3 in #591
• R.I.P. binwalk by @m-1-k-3 in #598
• ignore named pipe by @HoxhaEndri in #601
• Packetstorm database update by @github-actions in #607
• Snyk database update by @github-actions in #606
• Metasploit database update by @github-actions in #604
• apk extraction fix by @m-1-k-3 in #603
• R2 decompiler integration by @m-1-k-3 in #608
• url update for sasquatch deb by @m-1-k-3 in #609
• update ubuntu libssl source by @BenediktMKuehne in #610
• Small cleanup fixes by @m-1-k-3 in #611
• Packetstorm database update by @github-actions in #616
• Snyk database update by @github-actions in #615
• CISA known exploited database update by @github-actions in #614
• Metasploit database update by @github-actions in #613
• Hnap detection support for system emulator by @m-1-k-3 in #612
• Version 1.2.3 by @m-1-k-3 in #621

New Contributors

• @HoxhaEndri made their first contribution in #549

Full Changelog: 1.2.2-bluehat...1.2.3-RIP-binwalk