Plugin Developer's toolkit
It is based on a plug-in concept. New Unpackers are implemented in Python programming language as plug-ins, as well as Analysis features and Compare functionalities.
Unpackers are focused on decompress/decrypt new file systems and archive formats.
Analysis plug-ins are focused on adding new features to Static and Dynamic Analyses.
Compare functionalities are focused on enhancement of comparison between versions.
New features can be also implemented as Containers:
Firmware Reviewer shares the same plug-ins architecture of FACT (Firmware Analysis Comparison Tool) project. The following is the list of plugin-ins developed and enhanced by Firmware Reviewer:
Task | Plugin |
Firmware Analysis | Firmware Reviewer Core |
File System Extraction | |
Credential Stored in Code | Security Reviewer Static Analysis Module plugin |
Visible Conf Files | Firmware Reviewer Core |
WiFi Configurations | Firmware Reviewer Core |
Legacy Network Services | Firmware Reviewer Core |
Embedded Web Server | Firmware Reviewer Core |
Web Server Files | Firmware Reviewer Core |
Endpoint API | Security Reviewer Static Analysis Module plugin |
Remote Code Execution | Security Reviewer Static Analysis Module plugin |
Information Disclosure | Enhanced version of Firmwalker |
Command Injection | Firmware Reviewer Core, Security Reviewer Static Analysis Module plugin |
Static Analysis | Security Reviewer Static Analysis Module plugin |
Malware Analysis | |
Vulnerable Components and Libraries | |
Firmware Partial Emulation | |
Firmware Complete Emulation | |
Default Credentials | Firmware Reviewer Core |
Password Policy | Firmware Reviewer Core |
Password Expiration | Firmware Reviewer Core |
Password Recovery | Firmware Reviewer Core |
Account Lockout | Firmware Reviewer Core |
Role Separation | Firmware Reviewer Core |
Role Hardening | Firmware Reviewer Core |
Check Authentication | Firmware Reviewer Core |
Upgrade Feature | Firmware Reviewer Core |
Encrypted Upgrade Protocol | Firmware Reviewer Core |
Upgrade Validation | Firmware Reviewer Core |
Upgrade Rollback | Firmware Reviewer Core |
Upgrade Security Alerting | Firmware Reviewer Core |
Sensitive Data Security | Firmware Reviewer Core |
Anonymized Personal Data | Firmware Reviewer Core |
Data Collecting | Firmware Reviewer Core |
Unencrypted Protocols | Firmware Reviewer Core |
Traffic Anomalies | Firmware Reviewer Core |
Local Firewall | Firmware Reviewer Core |
Security Event Logging | Firmware Reviewer Core |
Security Event Alerting | Firmware Reviewer Core |
Network Fuzzing Analysis | Firmware Reviewer Core |
Debug and Troubleshooting Pages | Firmware Reviewer Core |
Directory Traversal and Discovery | Firmware Reviewer Core |
Wrong Input Validation | Security Reviewer Static Analysis Module plugin |
Wrong Error Handling | Firmware Reviewer Core |
Bootloader Analysis | |
Firmware Integrity Testing | Firmware Reviewer Core |
COPYRIGHT (C) 2014-2021 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.