YukiCodepth/firmware-security-workbench
GitHub: YukiCodepth/firmware-security-workbench
一款面向嵌入式开发与安全研究的防御性固件分析工作台,集成固件扫描、密钥检测、SBOM 生成、CVE 匹配与风险评分于一体。
Stars: 0 | Forks: 0
# Firmware Security Workbench
.bin .hex .elf .uf2"] --> B["Input + Format Detection"] B --> C["Core Scanner"] C --> D["Metadata
hashes, size, entropy"] C --> E["Strings + Endpoint Extraction"] C --> F["Secret Scanner"] C --> G["YARA-Compatible Rules"] C --> H["SBOM Component Candidates"] H --> I["CVE Candidate Engine"] D --> J["Risk DNA Engine"] E --> J F --> J G --> J I --> J J --> K["Reports
JSON, Markdown, HTML"] J --> L["SQLite Scan History"] L --> M["FastAPI Backend"] M --> N["Web Dashboard"] M --> O["Desktop App"] J --> P["Firmware Diff + Hardening Simulator"] classDef input fill:#ecfeff,stroke:#0891b2,color:#0f172a; classDef engine fill:#fef3c7,stroke:#d97706,color:#0f172a; classDef risk fill:#fee2e2,stroke:#dc2626,color:#0f172a; classDef ui fill:#dcfce7,stroke:#16a34a,color:#0f172a; class A,B input; class C,D,E,F,G,H,I engine; class J,P risk; class K,L,M,N,O ui; ``` ## 开发者架构 ``` flowchart TB subgraph Interfaces["User Interfaces"] CLI["CLI
scripts/fwb + fwb"] API["FastAPI Backend
backend/app.py"] WEB["Web Dashboard
frontend/"] DESKTOP["Desktop App
desktop/ Tauri"] end subgraph Engines["Analysis Engines"] SCAN["Scanner
cli/scanner.py"] RULES["Rule Engine
cli/rule_engine.py"] SBOM["SBOM + CVE
cli/cve_engine.py"] DNA["Risk DNA
cli/risk_dna.py"] DIFF["Diff Engine
cli/diff_engine.py"] HARDEN["Hardening Simulator
cli/hardening_simulator.py"] REPORT["Report Exporter
cli/report_exporter.py"] end subgraph Data["Local Data"] SAMPLES["Safe Sample Corpus
samples/"] YARA["Rules
rules/yara/"] DB["SQLite History
reports/generated/"] OUT["Generated Reports
reports/generated/"] end CLI --> SCAN API --> SCAN WEB --> API DESKTOP --> API SCAN --> RULES SCAN --> SBOM SCAN --> DNA SCAN --> HARDEN DIFF --> DNA REPORT --> OUT SAMPLES --> SCAN YARA --> RULES SCAN --> DB DB --> API classDef interface fill:#e0f2fe,stroke:#0284c7,color:#0f172a; classDef engine fill:#fef9c3,stroke:#ca8a04,color:#0f172a; classDef data fill:#f1f5f9,stroke:#475569,color:#0f172a; class CLI,API,WEB,DESKTOP interface; class SCAN,RULES,SBOM,DNA,DIFF,HARDEN,REPORT engine; class SAMPLES,YARA,DB,OUT data; ``` ## 发布流程 ``` sequenceDiagram autonumber participant Dev as Developer participant Main as main branch participant CI as GitHub Actions participant Rel as GitHub Releases participant Users as Users Dev->>Main: Merge phase branch Main->>CI: Run tests Dev->>Main: Push desktop-vX.Y.Z tag Main->>CI: Build macOS, Windows, Linux installers CI->>Rel: Upload DMG, MSI, DEB assets Users->>Rel: Download installer ``` ## 标志性功能:固件风险 DNA 固件风险 DNA 将原始证据转化为紧凑的固件风险特征: - `score`:数值风险评分 - `band`:低、中、高、严重 - `tags`:行为标记,例如 `CREDS`、`CVE`、`NET`、`RULES`、`SBOM` - `fingerprint`:稳定的对比身份标识 - `risk_shift`:固件版本之间新增或移除的风险 - `hardening_shift`:缓解措施的预期改善效果 这使本项目超越了单纯的字符串扫描器。它为开发人员提供了一种解释不同构建版本之间固件安全性变化的方法。 ## 示例发现 ``` [high/high] 0x56 password wifi_password=demo1234 [medium/medium] 0x6d mqtt:// mqtt://broker.internal.local:1883 [medium/medium] 0x8f http://,ota,update ota_update_url=http://updates.internal.local/fw.bin [low/low] 0xc3 debug DEBUG: boot complete ``` ## 仓库结构 ``` backend/ FastAPI backend and local HTTP API cli/ Scanner, rules, SBOM, CVE, diff, Risk DNA, hardening logic desktop/ Tauri desktop app shell and next-gen UI docs/ Architecture, roadmap, learning path, phase notes frontend/ Browser dashboard UI reports/ Templates and generated reports rules/ Detection rules, including YARA-compatible rules samples/ Safe firmware-like demo corpus scripts/ CLI wrapper and showcase automation tests/ Unit tests and integration checks .github/ CI and desktop package workflows ``` ## 面向开发者 创建功能分支: ``` git checkout main git pull git checkout -b phase/XX-short-name ``` 安装依赖: ``` python3 -m pip install -r requirements.txt ``` 运行验证: ``` python3 -m unittest discover -s tests -v git diff --check ``` 桌面端预览: ``` cd desktop npm install npm run preview ``` 本地构建桌面端: ``` cd desktop npm run build ``` ## 开源贡献领域 | 赛道 | 适合新手的贡献 | | --- | --- | | 规则 | 添加用于固件指标的安全 YARA 兼容规则 | | 固件格式 | 改进 `.elf`、`.hex`、`.uf2` 和原始二进制文件的检测 | | SBOM | 添加更多组件版本提取器 | | CVE 候选 | 改进本地目录覆盖范围和置信度说明 | | 报告 | 添加更清晰的报告模板和导出格式 | | 控制面板 | 改进可视化分析、筛选功能和助手解答 | | 桌面端 | 改进安装程序、签名、更新流程和原生优化 | | 语料库 | 添加用于测试和演示的安全合成固件样本 | ## 安全范围 Firmware Security Workbench 适用于防御性分析、安全开发、教育和授权审计。 它不包含漏洞利用生成、未授权的设备访问、凭据滥用、持久化、恶意软件部署或攻击性自动化。 ## 当前状态 项目当前状态: - 核心项目版本:`v1.0.0` - 桌面应用版本:`desktop-v0.5.0` - PyPI 包:`firmware-security-workbench==1.0.0` - Docker 镜像:`ghcr.io/yukicodepth/firmware-security-workbench:v1.0.0` - 桌面安装程序:macOS `.dmg`、Windows `.msi`、Linux `.deb` ## 路线图 本项目是以发布为导向,而非以阶段为导向。阶段分支用于开发;发布版本面向用户。 请参阅: - [ROADMAP.md](ROADMAP.md) - [docs/final-roadmap.md](docs/final-roadmap.md) - [docs/release-plan.md](docs/release-plan.md) - [docs/architecture.md](docs/architecture.md) - [docs/learning-path.md](docs/learning-path.md)
一款专为嵌入式开发人员、Linux 工程师和安全研究人员设计的防御性固件分析工作台。
.bin .hex .elf .uf2"] --> B["Input + Format Detection"] B --> C["Core Scanner"] C --> D["Metadata
hashes, size, entropy"] C --> E["Strings + Endpoint Extraction"] C --> F["Secret Scanner"] C --> G["YARA-Compatible Rules"] C --> H["SBOM Component Candidates"] H --> I["CVE Candidate Engine"] D --> J["Risk DNA Engine"] E --> J F --> J G --> J I --> J J --> K["Reports
JSON, Markdown, HTML"] J --> L["SQLite Scan History"] L --> M["FastAPI Backend"] M --> N["Web Dashboard"] M --> O["Desktop App"] J --> P["Firmware Diff + Hardening Simulator"] classDef input fill:#ecfeff,stroke:#0891b2,color:#0f172a; classDef engine fill:#fef3c7,stroke:#d97706,color:#0f172a; classDef risk fill:#fee2e2,stroke:#dc2626,color:#0f172a; classDef ui fill:#dcfce7,stroke:#16a34a,color:#0f172a; class A,B input; class C,D,E,F,G,H,I engine; class J,P risk; class K,L,M,N,O ui; ``` ## 开发者架构 ``` flowchart TB subgraph Interfaces["User Interfaces"] CLI["CLI
scripts/fwb + fwb"] API["FastAPI Backend
backend/app.py"] WEB["Web Dashboard
frontend/"] DESKTOP["Desktop App
desktop/ Tauri"] end subgraph Engines["Analysis Engines"] SCAN["Scanner
cli/scanner.py"] RULES["Rule Engine
cli/rule_engine.py"] SBOM["SBOM + CVE
cli/cve_engine.py"] DNA["Risk DNA
cli/risk_dna.py"] DIFF["Diff Engine
cli/diff_engine.py"] HARDEN["Hardening Simulator
cli/hardening_simulator.py"] REPORT["Report Exporter
cli/report_exporter.py"] end subgraph Data["Local Data"] SAMPLES["Safe Sample Corpus
samples/"] YARA["Rules
rules/yara/"] DB["SQLite History
reports/generated/"] OUT["Generated Reports
reports/generated/"] end CLI --> SCAN API --> SCAN WEB --> API DESKTOP --> API SCAN --> RULES SCAN --> SBOM SCAN --> DNA SCAN --> HARDEN DIFF --> DNA REPORT --> OUT SAMPLES --> SCAN YARA --> RULES SCAN --> DB DB --> API classDef interface fill:#e0f2fe,stroke:#0284c7,color:#0f172a; classDef engine fill:#fef9c3,stroke:#ca8a04,color:#0f172a; classDef data fill:#f1f5f9,stroke:#475569,color:#0f172a; class CLI,API,WEB,DESKTOP interface; class SCAN,RULES,SBOM,DNA,DIFF,HARDEN,REPORT engine; class SAMPLES,YARA,DB,OUT data; ``` ## 发布流程 ``` sequenceDiagram autonumber participant Dev as Developer participant Main as main branch participant CI as GitHub Actions participant Rel as GitHub Releases participant Users as Users Dev->>Main: Merge phase branch Main->>CI: Run tests Dev->>Main: Push desktop-vX.Y.Z tag Main->>CI: Build macOS, Windows, Linux installers CI->>Rel: Upload DMG, MSI, DEB assets Users->>Rel: Download installer ``` ## 标志性功能:固件风险 DNA 固件风险 DNA 将原始证据转化为紧凑的固件风险特征: - `score`:数值风险评分 - `band`:低、中、高、严重 - `tags`:行为标记,例如 `CREDS`、`CVE`、`NET`、`RULES`、`SBOM` - `fingerprint`:稳定的对比身份标识 - `risk_shift`:固件版本之间新增或移除的风险 - `hardening_shift`:缓解措施的预期改善效果 这使本项目超越了单纯的字符串扫描器。它为开发人员提供了一种解释不同构建版本之间固件安全性变化的方法。 ## 示例发现 ``` [high/high] 0x56 password wifi_password=demo1234 [medium/medium] 0x6d mqtt:// mqtt://broker.internal.local:1883 [medium/medium] 0x8f http://,ota,update ota_update_url=http://updates.internal.local/fw.bin [low/low] 0xc3 debug DEBUG: boot complete ``` ## 仓库结构 ``` backend/ FastAPI backend and local HTTP API cli/ Scanner, rules, SBOM, CVE, diff, Risk DNA, hardening logic desktop/ Tauri desktop app shell and next-gen UI docs/ Architecture, roadmap, learning path, phase notes frontend/ Browser dashboard UI reports/ Templates and generated reports rules/ Detection rules, including YARA-compatible rules samples/ Safe firmware-like demo corpus scripts/ CLI wrapper and showcase automation tests/ Unit tests and integration checks .github/ CI and desktop package workflows ``` ## 面向开发者 创建功能分支: ``` git checkout main git pull git checkout -b phase/XX-short-name ``` 安装依赖: ``` python3 -m pip install -r requirements.txt ``` 运行验证: ``` python3 -m unittest discover -s tests -v git diff --check ``` 桌面端预览: ``` cd desktop npm install npm run preview ``` 本地构建桌面端: ``` cd desktop npm run build ``` ## 开源贡献领域 | 赛道 | 适合新手的贡献 | | --- | --- | | 规则 | 添加用于固件指标的安全 YARA 兼容规则 | | 固件格式 | 改进 `.elf`、`.hex`、`.uf2` 和原始二进制文件的检测 | | SBOM | 添加更多组件版本提取器 | | CVE 候选 | 改进本地目录覆盖范围和置信度说明 | | 报告 | 添加更清晰的报告模板和导出格式 | | 控制面板 | 改进可视化分析、筛选功能和助手解答 | | 桌面端 | 改进安装程序、签名、更新流程和原生优化 | | 语料库 | 添加用于测试和演示的安全合成固件样本 | ## 安全范围 Firmware Security Workbench 适用于防御性分析、安全开发、教育和授权审计。 它不包含漏洞利用生成、未授权的设备访问、凭据滥用、持久化、恶意软件部署或攻击性自动化。 ## 当前状态 项目当前状态: - 核心项目版本:`v1.0.0` - 桌面应用版本:`desktop-v0.5.0` - PyPI 包:`firmware-security-workbench==1.0.0` - Docker 镜像:`ghcr.io/yukicodepth/firmware-security-workbench:v1.0.0` - 桌面安装程序:macOS `.dmg`、Windows `.msi`、Linux `.deb` ## 路线图 本项目是以发布为导向,而非以阶段为导向。阶段分支用于开发;发布版本面向用户。 请参阅: - [ROADMAP.md](ROADMAP.md) - [docs/final-roadmap.md](docs/final-roadmap.md) - [docs/release-plan.md](docs/release-plan.md) - [docs/architecture.md](docs/architecture.md) - [docs/learning-path.md](docs/learning-path.md)
标签:CVE情报, CycloneDX, DNS信息、DNS暴力破解, IoT安全, LLM防护, Python, SBOM生成, YARA规则, 二进制分析, 云安全运维, 固件安全, 固件提取, 固件逆向工程, 安全工作台, 实时处理, 嵌入式安全, 敏感信息扫描, 无后门, 机密检测, 桌面应用, 熵分析, 版本对比, 物联网安全, 请求拦截, 逆向工具, 防御性安全, 风险评分