Joleyn-L/AutoFirm-Liqing

# AutoFirm AutoFirm 是一个轻量级的 IoT 固件安全扫描器，旨在分析嵌入式设备固件并发现潜在的安全问题。 ## 功能特性 - 使用 Binwalk 进行固件提取 - 固件信息检测 - 默认账户检测 - Telnet / SSH 检测 - 硬编码密码扫描 - Web 后门检测 - 弱加密检测 - CVE 漏洞匹配 - HTML 扫描报告生成 ## 使用方法 ``` python3 autofirm.py examples/test.bin ## 需求 Before running AutoFirm, make sure the following dependencies are installed: - Python 3.x - Binwalk Install Python dependencies: pip install -r requirements.txt Install Binwalk (Linux): sudo apt install binwalk ## 安装 Clone the repository: git clone https://github.com/yourusername/AutoFirm.git cd AutoFirm Install required packages: pip install -r requirements.txt ## 用法 ### 扫描固件 python3 autofirm.py firmware.bin The tool will automatically: 1. Extract the firmware using Binwalk 2. Locate the extracted filesystem 3. Run security scanning modules ### 扫描特定模块 Scan only SSH service: python3 autofirm.py firmware.bin --scan ssh Scan only Telnet service: python3 autofirm.py firmware.bin --scan telnet Scan only default accounts: python3 autofirm.py firmware.bin --scan passwd Scan hardcoded passwords: python3 autofirm.py firmware.bin --scan password Scan all modules: python3 autofirm.py firmware.bin --scan all ## 示例 Run AutoFirm with the example firmware: python3 autofirm.py examples/test.bin Example output: AutoFirm IoT Firmware Security Scanner Analyzing firmware: test.bin [+] Extracted firmware directory found [!] Telnet service detected [!] Default account detected: root [!] Hardcoded password found ## 项目结构 AutoFirm │ ├── autofirm.py ├── README.md ├── requirements.txt ├── LICENSE ├── .gitignore │ ├── examples │ └── test.bin │ └── scanners ├── passwd_scan.py ├── telnet_scan.py ├── ssh_scan.py ├── password_scan.py ├── web_backdoor_scan.py ├── weak_crypto_scan.py ├── firmware_info_scan.py └── cve_scan.py ## 描述 AutoFirm is a simple firmware security analysis tool built for learning and experimenting with IoT firmware analysis techniques. It helps identify common security issues in extracted firmware filesystems. ## 许可证 This project is licensed under the MIT License. A simple IoT firmware security analysis tool for detecting weak passwords, backdoors and insecure services. ```

标签：Binwalk, CVE匹配, IoT安全, PE 加载器, Python, SSH服务, Telnet服务, 后门检测, 固件分析, 固件提取, 固件逆向, 域名收集, 安全扫描, 密码安全, 嵌入式设备, 无后门, 时序注入, 物联网, 硬编码密码, 逆向工具, 默认账户