Light

km-11 / eimi Goto Github PK

View Code? Open in Web Editor NEW

6.0 3.0 1.0 101.76 MB

Multiarchitecture platform designed for IoT malware execution, characterization and classification.

Python 5.18% CSS 41.37% JavaScript 1.42% HTML 51.94% Shell 0.05% Dockerfile 0.04%

malware malware-research cybercamp iot cybersecurity

eimi's Introduction

EIMI

EIMI is a multiarchitecture platform designed for IoT malware execution, characterization and classification.

The spanish version of this README can be found in LÉEME.md.

Getting Started

These instructions will get you a copy of the project up and running on your local machine.

Prerequisites

In order to execute the project, the following packages are needed:

Frontend Packages:

Backend Packages:

Execution

To execute the platform, the following command mut be run:

python3 eimi.py -r on|off <sample>

Changelog

The relevant changes of the project are available in CHANGELOG.md.

Contributing

Please read CONTRIBUTING.md for details on the process for submitting pull requests to us.

Contributors

The list of contributors is available in CONTRIBUTORS.md.

Wiki

For more information on how to use the platform, visit the WIKI.

License

This project is licensed under the GNU General Public License. For more information, please visit: https://www.gnu.org/licenses/licenses.en.html

Acknowledgements

References

E. Cozzi, M. Graziano, Y. Fratantonio and D. Balzarotti, "Understanding Linux Malware," 2018 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, 2018, pp. 161-175.
PurpleBooth Ltd. (https://purplebooth.co.uk/)
Keep a Changelog (https://keepachangelog.com/en/1.0.0/)

eimi's People

Contributors

Stargazers

Watchers

Forkers

a798047815

eimi's Issues

Rediseñar la base de datos

Es necesario rediseñar la base de datos y las estructuras de los datos para facilitar el manejo de los datos.

Secreto encontrado en código (SECRET_KEY)

Se ha encontrado un secreto en el código que debería usarse desde un fichero de configuración, o en el caso de ser de test o desarrollo local, debería estar indicado en README o documentación/wiki:

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = '$%aao3zj%_ff39lixylx3nj!pxp!_4@^6r7!jtqee6lry8!=!z'

Será necesaria también la rotación de dicho secreto, en el caso de estar en uso.

https://github.com/KM-11/EIMI/blob/master/EIMI/settings.py#L22

Concatenating Strings

We don't think this is exploitable in this specific scenario, but it's considered a bad practice and it could become exploitable if you change the code in the future.

EIMI/core/connection_handler.py

Line 81 in 19ba3b8

command = "cd " + os.path.join(remotepath,

We would prepare the QEmu image in a way that the sample is detonated as soon as you copy it into a given directory. Consider this for future releases.

Action required: Greenkeeper could not be activated 🚨

🚨 You need to enable Continuous Integration on Greenkeeper branches of this repository. 🚨

To enable Greenkeeper, you need to make sure that a commit status is reported on all branches. This is required by Greenkeeper because it uses your CI build statuses to figure out when to notify you about breaking changes.

Since we didn’t receive a CI status on the greenkeeper/initial branch, it’s possible that you don’t have CI set up yet.
We recommend using:

CircleCI
Travis CI
Buildkite
CodeShip
Azure Pipelines
TeamCity
Buddy
AppVeyor
But Greenkeeper will work with every other CI service as well.

If you have already set up a CI for this repository, you might need to check how it’s configured. Make sure it is set to run on all new branches. If you don’t want it to run on absolutely every branch, you can whitelist branches starting with greenkeeper/.

Once you have installed and configured CI on this repository correctly, you’ll need to re-trigger Greenkeeper’s initial pull request. To do this, please click the 'fix repo' button on account.greenkeeper.io.

Concatenación de cadenas para rutas de archivos

Riesgo potencial de vulnerabilidades tipo LFI, cuando se concatenan cadenas para ser utilizadas como una ruta de archivos. Aunque sea difícil el control de los parámetros, es mejor seguir buenas prácticas y evitar la concatenación de cadenas en general:

file = '../machines/' + arch + '/' + arch + '.xml'

https://github.com/KM-11/EIMI/blob/master/core/qemu_manager.py#L9

path_dir = '../machines/' + arch

https://github.com/KM-11/EIMI/blob/master/core/qemu_manager.py#L20

Como opciones de mitigación también se puede limitar las rutas a directorios controlados por la configuración del proyecto.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.