Nester420/Firmware-Hunter-Pro

# Firmware Hunter Pro Firmware Hunter Pro is an offline firmware analysis and triage tool designed for embedded Linux devices such as: * Routers * IP cameras * DVRs * Smart home devices * IoT hardware * Other Linux-based embedded systems The tool scans extracted firmware filesystems or raw firmware images and generates reports to help identify: * Hardcoded credentials * Sensitive files * Embedded web interfaces * Interesting binaries * Suspicious strings * Possible malware indicators * Component versions * Potential attack surfaces Firmware Hunter Pro is intended for: * Firmware research * Hardware hacking labs * Embedded Linux analysis * Educational use * Authorized security testing # What the Tool Does Firmware Hunter Pro performs offline filesystem analysis. It does NOT: * Execute firmware binaries * Exploit devices * Automatically attack systems * Emulate firmware * Connect to external systems automatically # Main Features ## Automatic Firmware Extraction Supports automatic extraction using Binwalk. Example: python3 firmware_hunter_pro_v4.py firmware.bin --extract The tool will: 1. Run Binwalk 2. Extract embedded filesystems 3. Attempt to locate the root filesystem 4. Scan the extracted contents 5. Generate reports ## Credential Discovery Searches for: * Hardcoded passwords * Wi-Fi keys * API keys * JWT tokens * MQTT credentials * Admin usernames * Secrets stored in configs ## Web Interface Mapping Searches for: * CGI scripts * Login pages * Admin routes * Firmware update pages * API endpoints * JavaScript references Useful for identifying embedded web management interfaces. ## Firmware Component Detection Attempts to identify: * BusyBox versions * Linux kernel versions * OpenSSL references * Dropbear references * dnsmasq references * Embedded web servers The tool uses string and configuration analysis for detection. ## IOC and Suspicious String Detection Searches for suspicious strings and known indicators associated with: * Mirai * Gafgyt/Bashlite * Mozi * XorDDoS * Crypto miners * Reverse shell behavior Detection is heuristic and string-based. The tool does NOT perform behavioral malware analysis. ## ELF and Architecture Analysis Identifies: * ELF binaries * CPU architecture hints * Endianness * Binary metadata ## Entropy Analysis Flags high-entropy files that may contain: * Packed data * Encrypted data * Compressed blobs * Binary firmware components ## YARA Integration Example: python3 firmware_hunter_pro_v4.py firmware.bin --extract --yara rules.yar # Output The tool generates: | File | Description | | -------------------------- | ----------------- | | firmware_report.html | HTML report | | firmware_report.txt | Main text report | | summary.txt | Quick summary | | full_report.json | JSON report | | findings.csv | CSV export | | firmware_report.md | Markdown report | | categorized evidence files | Separate findings | Examples: * credential_findings.txt * web_routes.txt * components.txt * malware_iocs.txt * interesting_binaries.txt # Installation ## Requirements * Python 3.9+ * Linux recommended ## Install Dependencies ### Required sudo apt install python3 binwalk ### Recommended sudo apt install squashfs-tools mtd-utils p7zip-full xz-utils ### Optional sudo apt install yara # Usage ## Scan Extracted Firmware python3 firmware_hunter_pro_v4.py squashfs-root ## Scan Raw Firmware Image python3 firmware_hunter_pro_v4.py firmware.bin --extract ## Quick Mode Skips files larger than 10 MB. python3 firmware_hunter_pro_v4.py firmware.bin --extract --quick ## Multi-threading python3 firmware_hunter_pro_v4.py firmware.bin --extract -j 16 ## Use Plugins python3 firmware_hunter_pro_v4.py firmware.bin --extract --plugins plugins/ # Example Workflow ## 1. Obtain Firmware Example: flash_dump.bin ## 2. Run Firmware Hunter Pro python3 firmware_hunter_pro_v4.py flash_dump.bin --extract ## 3. Review Reports Recommended starting points: 1. summary.txt 2. credential_findings.txt 3. web_routes.txt 4. components.txt 5. firmware_report.html # Notes About Detection Firmware Hunter Pro primarily uses: * String analysis * Regex matching * File inspection * Metadata extraction * Heuristic analysis The tool may produce: * False positives * Incomplete detections * Generic matches All findings should be manually reviewed. The tool is intended as a triage and research aid, not a replacement for manual firmware analysis. # Safety Avoid running analysis tools on sensitive production systems. # Intended Use Firmware Hunter Pro is intended for: * Educational use * Firmware research * Reverse engineering * Hardware security testing * Authorized security analysis Users are responsible for complying with all applicable laws and regulations. Do not use the tool on devices or firmware you do not own or have permission to analyze.