EMBA v2.0.0 - A brave new world of firmware analysis

The last few weeks looked a bit more silent to the outside ... but cool things were going on in the background. Now, it is time to share all the great things we were working on ;)

In the early days of the EMBA firmware analysis environment one of our visions was a bit like the following:

EMBA should be an environment for fully automated detection and verification of known and unknown vulnerabilities in the product and firmware sector

The complete environment needs to be available as Open-Source which allows you to be part of it. Everyone should be able to perform high quality firmware security analysis, perform better IoT penetration tests, create the best SBOMs, scale and optimize firmware security research at all. Additionally, everyone should be able to modify, integrate and adopt EMBA easily (btw. this is the reason why we decided to use Bash), improve EMBA and being part of EMBA as user, tester, developer, feedback giver, idea generator, bug hunter ... you get the idea of Open-Source ;)

Vulnerability analysis in the field of firmware is a complex task, but with EMBA we have built some quite solid tooling and strategies over the years. This would not be possible without all the other awesome Open-Source projects out there!

EMBA is standing on the shoulders of giants. EMBA is standing on your shoulders! Thank you!

We were always fascinated by the idea of automatically starting up the device during an EMBA analysis in a controlled emulated environment. This means that we will be able to verify the already discovered results directly on the running firmware. We are not at the end of this journey yet, but it looks like this goal is not completely unrealistic anymore! In our opinion this release is a milestone to our ultimate goal of vulnerability detection and verification.

The road to version 2.0.0 was very rough and bumpy. Over the last few months we tested, tested, tested, looked at emulation output and improved every little piece a little bit! The goal we had in mind was ...

Let's bring our system emulation engine to the next level

After months of testing, building kernels (shoutout to @HoxhaEndri), analyzing, fixing, refactoring, testing again and screaming multiple times we are now quite happy with the results! Enjoy the following benchmark results of some of our firmware test sets:

• FirmAE corpus

The original FirmAE corpus was created somewhere before 2020. So, today this corpus is quite outdated. Nevertheless, as the FirmAE project was already optimized to a 79% success rate with at least one network service available we were interested if we can further improve this high success rate. We took this corpus as an initial benchmark indicator to ensure our performance is not too bad. The following overview gives some insights into the results from all three system emulation frameworks: firmadyne, FirmAE and EMBA

While firmadyne was the initial framework and other environments like FirmAE and also EMBA were built around the same approach, it had only 16% of success rate. This means in only 16% of the firmware tests firmadyne was able to bring the firmware automatically to a state where network services were reachable. FirmAE improved this rate to 79% success rate. And now, EMBA got this rate to 95% success rate with at least one network service available. Altogether EMBA was able to identify more than 6000 network services on 1074 systems.

---

The Fraunhofer FKIE builds regularly the so-called Home Router Security Report (Check this report). We used these reports as inspiration and built some firmware sets over time:

• Firmware Testset 2020

On a fresh and unoptimized firmware corpus we can get a better idea of more real-world results of the different engines. Neither firmadyne, nor FirmAE were trained on this firmware corpus. This resulted in significantly lower success rates:

The firmadyne results dropped down to 5% (from 16% on the FirmAE corpus) of success rate and the FirmAE rates dropped to 30% (from 79% on the FirmAE corpus). In comparison EMBA was able to double the FirmAE results and fully automatically emulate 87% of firmware to a state where at least one network service was available. In total EMBA detected more than 600 network services on 126 analyzed firmware images.

With the integration of the dependency track API it is now also possible to automatically transfer the generated SBOM into your dependency track instance and track all the vulnerabilities in a beautiful vulnerability and SBOM management tool:

This integration mechanism enhances your vulnerability handling and pentesting process massively and shows the flexibility of EMBA.

---

• Firmware Testset 2022

The testset of the year 2022 looked a bit like a duplication of the results of 2020. Firmadyne got 2% of the tested firmware to a reachable network service, FirmAE already improved the state to 16% and EMBA climbed up to 76%. This time with around 400 reachable network services on 121 analyzed firmware images:

---

• Firmware Testset 2024

Also on a more modern testset from 2024 the picture changed not that much. Firmadyne now has only 1% success rate, FirmAE improved the emulation results to 17% and EMBA stays quite stable at 77%:

These stable emulation results across a huge amount of different firmware images from different vendors with different architectures from different time periods highlight the magic of EMBA and give us a quite good base for further development.

---

Additionally, we want to take a look at the following highlights:

• We have 7 new contributors! This is probably the most amazing thing in our release notes! Thanks for supporting EMBA with your effort!
• EMBA got a new kernel for the system emulation engine. We moved away from the old 4.1 firmadyne/FirmAE based kernel to a much newer 4.14.336 LTS Kernel <- This is a very big thing, and you need to clap now ;) (see #1575 by @HoxhaEndri and the Kernel repo here)
• Rocky Linux support by @jurrejelle <- Clap again
• EMBA reached another milestone - 3000 Github stars and counting (If you like EMBA you should also give us a star!)
• The EMBA book is available here
• Copilot code check results integrated - part 1 of a lot
• Improve internal docker base image verification checks
• We build a whole new testing environment where we can run a huge number of EMBA tests in parallel <- This is so freaking cool. Good job @BenediktMKuehne
• Improve SBOM generation with better Java support - see also #1765
• Add Java decompilation and security analysis capabilities - see also #1828
• Add integration of the dependency track API to automatically upload and further process the generated SBOM - see also the wiki
• The launcher is now available - see the Wiki for further details
• Thanks to the great work of @gluesmith2021 we were able to switch to NVDv2. With this step we are hopefully well prepared for the near future. Check the great work here ossf/cve-bin-tool#5265
• We have a new web shop for EMBA merch here. Check it out and show your love for Open-Source firmware analysis with EMBA
• So many new notes, videos, papers and blogposts that deal with EMBA or use EMBA as helper or benchmark tool somewhere in the Internet (with your ideas, your papers, using it and showing how hard we fail you make EMBA to what it is!) - check the Wiki section
• Finally, we had the joy of being part of the beautiful TROOPERS25 security conference. The recording of our talk "SBOMs the right way" is now available here

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA.
Breaking News: Check also our new shop for EMBA merch here.

---

It is always a pleasure to welcome new...

EMBA v1.5.2 - SBOM - The next generation

We need to talk about serious SBOM tooling! The CRA will hit us all ... quite hard and very soon. Check the dates (from Wikipedia):

And check the SBOM requiremenents here:

To give it a bump there are also some penalties if you are not able to fulfill the CRA:

We have seen this coming a while ago and decided to move EMBA from the firmware analyzer to the SBOM tool (without loosing our main competence in firmware analysis). During the last months we have rewritten main parts of EMBA to ensure we can build SBOMs. The goal was not only to build some SBOM ... our goal was always to build SBOMs that provide more value, are reproducible and accurate. This also includes targets where no package manager is available but also systems with multiple package managers.

The following highlights happened somehow during the last weeks:

• cve-bin-tool integration for module f17 resulted in a rewrite of f20 (which was completely removed for this release)
• SBOM VEX support via module f17 (integrated into the main SBOM but also available seperated)
• Further sources for SBOM generation are supported - Check our wiki
• Improved S09 threading by @gluesmith2021
• Massive bug fixing - more and more bug reports from our fellow EMBA users are coming in
• More and more users are also helping in fixing stuff ... thank you for supporting EMBA
• Improved the system check on EMBA startup resulted in speeding up EMBA
• Improved our quality checking process of newly built EMBA base images
• Integrated auto generation of kernel and gcc data into our github pipeline (available in config directory)

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we welcome:

• @chconil made their first contribution in #1415

---

How can you reach us and stay up to date? Just take one of these channels:

• Bluesky
• Mastodon
• Github discussions
• Github issues
• LinkedIn
• X

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the CVE database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

For updating your oudated EMBA installation, please check the update section in our wiki.

---

What's Changed

• Fix missing kernel config analysis because of lKCONFIG_EXTRACTED/KCON… by @chconil in #1415
• Metasploit database update by @github-actions in #1417
• CISA known exploited database update by @github-actions in #1418
• Snyk database update by @github-actions in #1419
• Snyk database update by @github-actions in #1421
• CISA known exploited database update by @github-actions in #1420
• Version identifier bugs / New binwalk with improved decryptor by @m-1-k-3 in #1416
• fix s118 threading output / p99 csv by @m-1-k-3 in #1423
• Snyk database update by @github-actions in #1427
• Metasploit database update by @github-actions in #1424
• CISA known exploited database update by @github-actions in #1425
• Quick version identifier update by @github-actions in #1426
• p65 rpm, fixes, cleanup by @m-1-k-3 in #1428
• Quick version identifier update by @github-actions in #1432
• CISA known exploited database update by @github-actions in #1431
• Metasploit database update by @github-actions in #1430
• add ipk module, fix rpm db module by @m-1-k-3 in #1429
• remove grep log by @m-1-k-3 in #1437
• fix x86 run script by @m-1-k-3 in #1435
• update copyright 2025 by @m-1-k-3 in #1438
• Metasploit database update by @github-actions in #1440
• CISA known exploited database update by @github-actions in #1441
• Snyk database update by @github-actions in #1442
• Initial json logger by @m-1-k-3 in #1444
• Little error handling updates by @m-1-k-3 in #1443
• Snyk database update by @github-actions in #1447
• CISA known exploited database update by @github-actions in #1446
• Metasploit database update by @github-actions in #1445
• Metasploit database update by @github-actions in #1449
• CISA known exploited database update by @github-actions in #1450
• Snyk database update by @github-actions in #1451
• CISA known exploited database update by @github-actions in #1454
• Snyk database update by @github-actions in #1455
• Update grype.yml by @BenediktMKuehne in #1456
• Manual update GCC and kernel release configs by @m-1-k-3 in #1457
• Add gcc and linux workflow by @m-1-k-3 in #1460
• Fix empty results from S09 because of "grep: Argument list too long" by @gluesmith2021 in #1461
• CVE bin tool integration, VEX support -> F20 replacement by @m-1-k-3 in #1452
• S09 unique bins by @m-1-k-3 in #1465
• Snyk database update by @github-actions in #1469
• CISA known exploited database update by @github-actions in #1468
• Metasploit database update by @github-actions in #1467
• Effective (and fast) S09 threading by @gluesmith2021 in #1462
• Linux kernel version database update by @github-actions in #1470
• SBOM: C/C++ Conan package management integration by @m-1-k-3 in #1473
• disabled status-bar for embark by @BenediktMKuehne in #1459
• Revert "disabled status-bar for embark" by @BenediktMKuehne in #1474
• fix results from race condition in MD5 list generation by @gluesmith2021 in #1471
• S115 #1476 by @m-1-k-3 in #1477
• CISA known exploited database update by @github-actions in #1481
• Metasploit database update by @github-actions in #1480
• Snyk database update by @github-actions in #1482
• Linux kernel version database update by @github-actions in #1479
• little fixes and cleanup by @m-1-k-3 in #1483
• Foscam extraction (P20) fixes by @m-1-k-3 in #1484
• CVE update db by @m-1-k-3 in #1486
• Metasploit database update by @github-actions in #1488
• Snyk database update by @github-actions in #1491
• Quick version identifier update by @github-actions in #1490
• CISA known exploited database update by @github-actions in #1489
• Linux kernel version database update by @github-actions in #1487
• fixing bugs by @m-1-k-3 in #1492
• SBOM cpan/php/python module...

EMBA v1.5.1 - Rise from the dead or Binwalk is back in town

Let's travel back in time ... In EMBA version 1.2.3 we started removing the old, rusty and unmaintained binwalk (v2) as main extractor from EMBA. See here. Big thanks to the great folks of unblob for jumping in with the most powerful extraction engine that is currently available.

And now fast forward to September 2024 ... Check this bomb

Great news! The new binwalk was not just a quick update, it was a complete rewritten version in rust! As usual we are trying to implement cool projects quite early to get hands on experience ... especially if these are the projects from our own IoT hacking beginnings years ago ;)

Fast forward to Dezember 2024 ...

As the new binwalk is damn fast, EMBA got it as initial extractor into the extraction pipeline! Check it out and let us and Craig know how it performs and how you like it. In this place it is also quite easy to see where binwalk is failing and Unblob is jumping in. Btw. this does not mean that Binwalk is better compared to Unblob! In most of our testcases it was faster but from the success rate Unblob is currently the most powerful extraction engine which automatically jumps in as 2nd extraction engine and is also used for our deep-extraction mode.

The best extraction frameworks together in EMBA ... this must be true love :-D

Beside this big update we have a bunch of other little and big things for you:

• The SBOM engine which was introduced in version 1.5.0 got updates everywhere (new json engine, dependencies are now handled, untracked files can be included, improved package manager integration, optimised static version detection ...)
• EMBA is getting more and more powerful and faster, faster, faster
• Our huge code refactoring part 1 of X is finished
• Regular docker base image update (new capa version, new Ghidra version, ...)
• Kali Linux 2024.4 supported

Beside the technical updates, we were at BlackHat MEA with an Arsenal demo of EMBA. We talked to a lot of interested and interesting people and got some cool ideas for EMBA. You can check our Arsenal slides here and some pictures here

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @0xr3act0r made their first contribution in #1376

---

How can you reach us and stay up to date? Just take one of these channels:

• Bluesky
• Mastodon
• Github discussions
• Github issues
• LinkedIn
• X

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the CVE database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

For updating your oudated EMBA installation, please check the update section in our wiki.

---

What's Changed

• Windows exe improvements by @m-1-k-3 in #1354
• Extend JSON SBOM by @m-1-k-3 in #1353
• SBOM - Duplicates / package files / dependencies by @m-1-k-3 in #1361
• SBOM - Add Poetry files by @m-1-k-3 in #1363
• Further SBOM updates (python pip, rpm, dependency tree) by @m-1-k-3 in #1368
• Json SBOM improvements by @m-1-k-3 in #1374
• Speedup find comands with exec threading / confidence level by @m-1-k-3 in #1375
• Added "apt install linux-modules-extra" package for proper installation of ubi and nandsim modules by @0xr3act0r in #1376
• exit on pre-checking selection by @m-1-k-3 in #1382
• Refactoring, enable threading by @m-1-k-3 in #1383
• Rename scan-profiles by @m-1-k-3 in #1395
• F50 refactoring by @m-1-k-3 in #1396
• helpers var refactor by @m-1-k-3 in #1397
• binwalk v3, refactoring, bugs, S09 speedup by @m-1-k-3 in #1398
• Unhandled files in SBOM by @m-1-k-3 in #1404
• Little fixes (csv, s25, s06, l25), s26 speedup by @m-1-k-3 in #1405
• Improve entropy pic integration by @m-1-k-3 in #1410
• bump version - v1.5.1 by @m-1-k-3 in #1412

New Contributors

• @0xr3act0r made their first contribution in #1376

Full Changelog: v1.5.0-SBOMdorado...v1.5.1-rise-from-the-dead

EMBA v1.5.0 - SBOMdorado

The main goal of EMBA was always to get an accurate real life overview of the threats of a firmware image. While a few years ago the target audience were only pentesters, in today’s EMBA world also software developers, product owners and product security teams are using her to achieve different goals.

Over the time EMBA is grown and today she is not only a firmware analyzer anymore. Nowadays, EMBA is used to test every little piece of unknown binary. While the main interest stays on analyzing Linux based firmware, we have seen that EMBA is also used for UEFI, Windows binaries, Linux binaries, different Scripts, Android APKs and a lot of other stuff. Beside the high fragmentation of the targets under test, we have seen a growing demand for SBOM generation. EMBA includes some kind of basic SBOM support for ages, but as most of our analyzed binaries do not rely on some kind of package managers, we have not seen the demand for supporting them on a broad base - until today.

We have now adjusted our approach to support a broad range of package managers, packet types and further sources for getting an accurate SBOM out of every testing candidate.

Beside our binary analysis mechanism as the only source of truth, EMBA is now able to extract further details from the following sources:

• Binaries and libraries
• Linux Kernel
• Kernel modules
• Linux distribution identification
• RPM package management system
• Debian package management system
• OpenWRT Package management system
• Python PIP package management system
• Python requirements files
• RPM packages
• DEB packages
• FreeBSD pkg packages
• Java archives
• Alpine APK
• Python poetry
• Python wheel
• Rust (cargo.lock)
• Ruby (gem)
• JavaScript - npm
• Windows binary exif data
• Windows binary extraction and analysis

Further details can be found in our wiki

Additionally, we did something more:

• FLOSS interview - check it out here
• Ubuntu 24.04 LTS support
• Switching from docker-compose to docker compose
• Bug fixing
• Refactoring
• Docker base image updates

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

A big kudos goes to to offchain-audit for his sponsoring and to n0x08 for his ongoing support.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @gluesmith2021 made their first contribution in #1150
• @Grezzo made their first contribution in #1222

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

---

What's Changed

• #1073 by @m-1-k-3 in #1076
• restart EMBA functionality by @m-1-k-3 in #1078
• make the quick mode quick by @m-1-k-3 in #1081
• Make the updater work again by @m-1-k-3 in #1082
• fix hardening log for s16 by @m-1-k-3 in #1084
• Quick version identifier update by @github-actions in #1089
• Metasploit database update by @github-actions in #1087
• CISA known exploited database update by @github-actions in #1088
• Snyk database update by @github-actions in #1090
• Packetstorm database update by @github-actions in #1091
• fix day cnt by @m-1-k-3 in #1085
• fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
• Metasploit database update by @github-actions in #1094
• full names and working tagging for packetstorm script by @HoxhaEndri in #1061
• add md5sum to binaries by @m-1-k-3 in #1096
• installer srecord by @m-1-k-3 in #1097
• Firmware/binary handling again by @m-1-k-3 in #1099
• little fixes by @m-1-k-3 in #1102
• Quick version identifier update by @github-actions in #1105
• CISA known exploited database update by @github-actions in #1104
• Metasploit database update by @github-actions in #1103
• Packetstorm database update by @github-actions in #1107
• Snyk database update by @github-actions in #1106
• Packetstorm database update by @github-actions in #1113
• CISA known exploited database update by @github-actions in #1111
• Metasploit database update by @github-actions in #1110
• Snyk database update by @github-actions in #1112
• xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
• FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
• Workflow docker builder updates by @m-1-k-3 in #1115
• Remove Arachni / refactoring by @m-1-k-3 in #1117
• Packetstorm database update by @github-actions in #1122
• CISA known exploited database update by @github-actions in #1120
• csv issues #1116 by @m-1-k-3 in #1118
• Metasploit database update by @github-actions in #1119
• Snyk database update by @github-actions in #1121
• csv issues #1116 by @m-1-k-3 in #1123
• f10 csv fix by @m-1-k-3 in #1124
• Vars check by @m-1-k-3 in #1126
• Metasploit database update by @github-actions in #1128
• CISA known exploited database update by @github-actions in #1129
• Packetstorm database update by @github-actions in #1131
• Snyk database update by @github-actions in #1130
• further vars cleanup, kev in f20 by @m-1-k-3 in #1127
• var cleanup, status_bar fix by @m-1-k-3 in #1132
• S36 updates, l10 fixes by @m-1-k-3 in #1133
• CISA known exploited database update by @github-actions in #1135
• Packetstorm database update by @github-actions in #1137
• Metasploit database update by @github-actions in #1134
• Snyk database update by @github-actions in #1136
• Emulation updates by @m-1-k-3 in #1140
• Packetstorm database update by @github-actions in #1144
• CISA known exploited database update by @github-actions in #1142
• Metasploit database update by @github-actions in #1141
• s115 qemu command output by @m-1-k-3 in #1145
• Snyk database update by @github-actions in #1143
• Packetstorm database update by @github-actions in #1149
• CISA known exploited database update by @github-actions in #1147
• Metasploit database update by @github-actions in #1146
• Snyk database update by @github-actions in #1148
• Metasploit database update by @github-actions in #1151
• Packetstorm database update by @github-actions in #1153
• Snyk database update by @github-actions in #1152
• Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
• Update default-scan-no-notify.emba by @BenediktMKuehne in https://g...

EMBA v1.4.2-Summertime

This release includes one new module as well as a huge amount of little updates, bug fixes and refactoring for your smooth summer time:

• New capa module with ATT&CK support introduced as S18 - see #1212
• Massive variable name refactoring
• Bash expansion refactoring
• Multiple bug fixes and improvements in the system emulation engine
• Medium article - Leveraging Automated Firmware Analysis with the Open-Source Firmware Analyzer EMBA

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @Grezzo made their first contribution in #1222

What's Changed

• Update EMBA VERSION.txt by @github-actions in #1203
• little updates by @m-1-k-3 in #1204
• Metasploit database update by @github-actions in #1205
• Snyk database update by @github-actions in #1206
• Packetstorm database update by @github-actions in #1207
• CISA known exploited database update by @github-actions in #1209
• more bash expansion refactoring by @m-1-k-3 in #1215
• P23 improvements of handling nbd devices by @m-1-k-3 in #1214
• Module documentation template by @m-1-k-3 in #1216
• New capa (identify capabilities in executable files) module with ATT&CK support (S18) by @m-1-k-3 in #1212
• fix p35 by @m-1-k-3 in #1221
• Fix spelling mistake in S23_lua_check.sh by @Grezzo in #1222
• fix s109, p35 by @m-1-k-3 in #1224
• Improve ssdeep command in EMBA by @m-1-k-3 in #1225
• Update docker-compose.yml by @BenediktMKuehne in #1232
• installer fix for #1226 by @m-1-k-3 in #1233
• Little updates by @m-1-k-3 in #1234
• Improve Patool error output by @m-1-k-3 in #1236
• ftp client by @m-1-k-3 in #1241
• L10 init recovery test mode by @m-1-k-3 in #1246
• docker compose install issue by @m-1-k-3 in #1248
• libmagic by @m-1-k-3 in #1249
• little s18 fix by @m-1-k-3 in #1251
• S08 / Installer by @m-1-k-3 in #1255
• docker compose vs docker-compose by @m-1-k-3 in #1260
• little l10 improvements by @m-1-k-3 in #1261
• log_bin_hardening improved by @m-1-k-3 in #1262
• refactoring, L10 fixes by @m-1-k-3 in #1263
• Service handling for lighttpd, debugging services by @m-1-k-3 in #1265
• bump version v1.4.2 by @m-1-k-3 in #1267

New Contributors

• @Grezzo made their first contribution in #1222

Full Changelog: 1.4.1-white-rabbit...1.4.2-Summertime

EMBA v1.4.1 - Follow the white rabbit

Probably you all know that it is the 25th anniversary of the legendary Matrix movie! With the latest release EMBA got massive improvements in building the Matrix via emulation.

This release reflects the recent updates in our system emulation engine.

Short summary of the latest highlights:

• We started rebuilding and upgrading the toolchain of the system emulation engine - With the current work in place we can further update the outdated FirmAE and firmadyne environment which our emulation engine is originally based on
• Linux kernel upgraded from version 4.1.17 (the original firmadyne and FirmAE version) to version 4.1.52 - The original firmadyne kernel is from 01/2016 and a bit rusty. With the update to 4.1.52 (which is from 05/2018) we moved forward in time for more than 2 years. In the future we plan further updates to include more modern kernels.
• Busybox updated from 1.29.3 to the current version 1.36.1
• Multiple libnvram patches were merged from the rehosting repo of libnvram which is maintained primarly by @AndrewFasano
• Including an optional netcat listener to the system emulation engine
• Further debugging possibilities via strace, gdb and gdbserver added to the system emulation engine
• Handling of time64/time32 support in firmware via updated musl libc for libnvram - This hopefully results in an improved handling on more modern firmware
• Improved environment for ARM64 and MIPS64 architecture
• FIRST EPSS (Exploit Prediction Scoring System) integration - see #1109
• Updated docker base image to Kali 2024-2
• @gluesmith2021 fixed multiple bugs in our version detection and CVE engine - see here

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @gluesmith2021 made their first contribution in #1150

What's Changed

• #1073 by @m-1-k-3 in #1076
• restart EMBA functionality by @m-1-k-3 in #1078
• make the quick mode quick by @m-1-k-3 in #1081
• Make the updater work again by @m-1-k-3 in #1082
• fix hardening log for s16 by @m-1-k-3 in #1084
• Quick version identifier update by @github-actions in #1089
• Metasploit database update by @github-actions in #1087
• CISA known exploited database update by @github-actions in #1088
• Snyk database update by @github-actions in #1090
• Packetstorm database update by @github-actions in #1091
• fix day cnt by @m-1-k-3 in #1085
• fix for Spurious linux_kernel CVEs, cpe string handling by @m-1-k-3 in #1086
• Metasploit database update by @github-actions in #1094
• full names and working tagging for packetstorm script by @HoxhaEndri in #1061
• add md5sum to binaries by @m-1-k-3 in #1096
• installer srecord by @m-1-k-3 in #1097
• Firmware/binary handling again by @m-1-k-3 in #1099
• little fixes by @m-1-k-3 in #1102
• Quick version identifier update by @github-actions in #1105
• CISA known exploited database update by @github-actions in #1104
• Metasploit database update by @github-actions in #1103
• Packetstorm database update by @github-actions in #1107
• Snyk database update by @github-actions in #1106
• Packetstorm database update by @github-actions in #1113
• CISA known exploited database update by @github-actions in #1111
• Metasploit database update by @github-actions in #1110
• Snyk database update by @github-actions in #1112
• xz backdoor detection - CVE-2024-3094 by @m-1-k-3 in #1114
• FIRST EPSS (Exploit Prediction Scoring System) integration by @m-1-k-3 in #1109
• Workflow docker builder updates by @m-1-k-3 in #1115
• Remove Arachni / refactoring by @m-1-k-3 in #1117
• Packetstorm database update by @github-actions in #1122
• CISA known exploited database update by @github-actions in #1120
• csv issues #1116 by @m-1-k-3 in #1118
• Metasploit database update by @github-actions in #1119
• Snyk database update by @github-actions in #1121
• csv issues #1116 by @m-1-k-3 in #1123
• f10 csv fix by @m-1-k-3 in #1124
• Vars check by @m-1-k-3 in #1126
• Metasploit database update by @github-actions in #1128
• CISA known exploited database update by @github-actions in #1129
• Packetstorm database update by @github-actions in #1131
• Snyk database update by @github-actions in #1130
• further vars cleanup, kev in f20 by @m-1-k-3 in #1127
• var cleanup, status_bar fix by @m-1-k-3 in #1132
• S36 updates, l10 fixes by @m-1-k-3 in #1133
• CISA known exploited database update by @github-actions in #1135
• Packetstorm database update by @github-actions in #1137
• Metasploit database update by @github-actions in #1134
• Snyk database update by @github-actions in #1136
• Emulation updates by @m-1-k-3 in #1140
• Packetstorm database update by @github-actions in #1144
• CISA known exploited database update by @github-actions in #1142
• Metasploit database update by @github-actions in #1141
• s115 qemu command output by @m-1-k-3 in #1145
• Snyk database update by @github-actions in #1143
• Packetstorm database update by @github-actions in #1149
• CISA known exploited database update by @github-actions in #1147
• Metasploit database update by @github-actions in #1146
• Snyk database update by @github-actions in #1148
• Metasploit database update by @github-actions in #1151
• Packetstorm database update by @github-actions in #1153
• Snyk database update by @github-actions in #1152
• Version string fixes for isc:dhcp and gnu:glibc by @gluesmith2021 in #1150
• Update default-scan-no-notify.emba by @BenediktMKuehne in #1156
• Packetstorm database update by @github-actions in #1161
• Quick version identifier update by @github-actions in #1160
• CISA known exploited database update by @github-actions in #1158
• fix zlib (unzip) version string by @gluesmith2021 in #1164
• JTR hash sorting by @BenediktMKuehne in https://github.com/...

EMBA v1.4.0 - ICS testing Edt.

As we do a lot of ICS/OT testing in our daily business, we thought this release should reflect our usual EMBA usage scenario. Welcome to another huge EMBA release with a lot new features: EMBA v1.4.0 - ICS testing Editition

This time we have collected the following highlights for you:

• less bugs -> more code -> more bugs? -> report all our bugs here
• Extended binary analysis via semgrep (see module s16)
• New static perl analysis via zarn (see module s27)
• Toolchain identification (see wiki)
• Improved update checking (see wiki)
• New scan interface (with integrated status bar) automatically enabled in most scan-profiles
• Improved multiple backend workflows
• Massive speedup of multiple EMBA modules (see #1006 / #996)
• Updated docker base image (see wiki)
• You can get in contact with us on the following social networks: X / Mastodon / NEW: Bluesky
• We can meet in real life at BlackHat Asia this year (see Arsenal schedule)
• Special thanks to our awesome community for releasing multiple new articles around EMBA - see our dedicated section in the wiki

---

Now, start your fresh Kali Linux (put enough CPU power and RAM into it) and install EMBA:

└─$ git clone https://github.com/e-m-b-a/emba.git
└─$ cd emba 
└─$ sudo ./installer.sh -d

This will install all pre-requisites, including the docker base image and the cve database, which will need some bandwith, harddrive space and time.

Afterwards, you are ready to analyse your first firmware with EMBA:

└─$ sudo ./emba -l ~/log -f ~/firmware -p ./scan-profiles/quick-scan.emba

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome:

• @413x8 made their first contribution in #931
• @mj138 made their first contribution in #939
• @jblu42 made their first contribution in #987
• @floyd-fuh made their first contribution in #1030

Welcome to the EMBA firmware analysis environment and thank you for your valuable contribution.

---

What's Changed

• Internet check not blocking by @m-1-k-3 in #722
• Fix docker build workflow by @m-1-k-3 in #723
• disable disk space monitor by @m-1-k-3 in #724
• print fix, http crawler by @m-1-k-3 in #732
• Code cleanup by @m-1-k-3 in #733
• Fix updater by @m-1-k-3 in #749
• Unblob v23.8.11 by @m-1-k-3 in #750
• PEM file with multiple certificates by @HoxhaEndri in #736
• Update README.md by @m-1-k-3 in #757
• add file-command to default deps by @BenediktMKuehne in #763
• Update semgrep workflow by @m-1-k-3 in #764
• Debian repos - https only for Kali by @m-1-k-3 in #766
• Curl online check by @m-1-k-3 in #774
• Improve PW cracking module s107 by @m-1-k-3 in #773
• Check container nr disable for dev mode by @m-1-k-3 in #776
• Set variable by @m-1-k-3 in #777
• Installer updates by @m-1-k-3 in #779
• fix gpt path by @m-1-k-3 in #789
• Improve web page crawler by @m-1-k-3 in #795
• little fix by @m-1-k-3 in #796
• disable the trickest exploit db by @m-1-k-3 in #797
• Debian installer support by @m-1-k-3 in #798
• grep -v -> tail by @m-1-k-3 in #812
• Proxy support by @m-1-k-3 in #811
• Firmware diffing preparation by @m-1-k-3 in #804
• nikto setup, compose cleanup by @m-1-k-3 in #814
• System emulation fs mount improvements by @m-1-k-3 in #815
• L10 Fix SC2250 shellcheck by @HoxhaEndri in #822
• Installer debian package file format by @m-1-k-3 in #826
• Cleanup of PS crawler by @m-1-k-3 in #833
• Check for arachni user and shellcheck braces by @HoxhaEndri in #834
• Try cve db update multiple times during installation by @m-1-k-3 in #837
• Firmware diffing modules by @m-1-k-3 in #838
• fix #839 by @m-1-k-3 in #844
• Semgrep checks and shellcheck braces checks by @HoxhaEndri in #835
• check for space at the end of a line by @HoxhaEndri in #845
• Update installer, dep-check by @m-1-k-3 in #846
• strict mode grep error by @HoxhaEndri in #848
• BMC firmware extractor by @m-1-k-3 in #853
• braces check for all scripts inside "helpers" folder and "installer" folder by @HoxhaEndri in #854
• kernel-hardening-checker fix by @m-1-k-3 in #855
• Version 1.3.1 by @m-1-k-3 in #856
• Version identifiers, Arch check in installer, diff updates by @m-1-k-3 in #860
• check braces for modules scripts by @HoxhaEndri in #861
• braces checked for all script files by @HoxhaEndri in #865
• shellcheck braces check in check_project and in workflow by @HoxhaEndri in #866
• Improve diff mode by @m-1-k-3 in #867
• Fix grep -R by @m-1-k-3 in #869
• CPU check for SSSE3 by @m-1-k-3 in #870
• Diff threading + improved reporting by @m-1-k-3 in #871
• #873 fix by @m-1-k-3 in #874
• zlib string from dell bios firmware by @HoxhaEndri in #872
• Create first_interaction.yml by @m-1-k-3 in #877
• UEFI analysis improvements by @m-1-k-3 in #876
• fwhunt check entire firmware first by @HoxhaEndri in #881
• new version strings and comment for fwhunt by @HoxhaEndri in #882
• integrate cveXplore settings by @BenediktMKuehne in #884
• Install CveXplore v0.3.16++ by @m-1-k-3 in #892
• Full system emulation dependency s24 by @m-1-k-3 in #896
• Cvexplore integration by @BenediktMKuehne in #887
• switch pip install for cvexplore to git repo by @BenediktMKuehne in #899
• Docker-compose cleanup by @m-1-k-3 in #891
• Issue 889 by @m-1-k-3 in #902
• L10, S05 fixes by @m-1-k-3 in #903
• L23 VNC checker modules by @m-1-k-3 in #904
• update first interaction by @m-1-k-3 in #906
• Update check again - #908 by @m-1-k-3 in #909
• Make Routersploit work again by @m-1-k-3 in #910
• Stick to version and check it from requests and urllib3 by @m-1-k-3 in #911
• Improve dep checker by @m-1-k-3 in #912
• Replacement of current cve query mechanism by @m-1-k-3 in #913
• Fix workflows, improve CVE identification by @m-1-k-3 in https://github.com/e-m-b-a/emba...

EMBA v1.3.2 - EMBArk is out

The last EMBA release is not too long ago but in the mean time there was so much going on ... The most important thing is ...

The first official EMBArk release is out now!

Everything started as an idea in the beginning of 2021. The idea was to build an enterprise ready open source firmware analysis environment on top of EMBA. This environment should allow every product security team as well as every penetration tester and security researcher to use professional firmware analysis to improve the security of IoT/OT/ICS ... (you name it) devices as easy as possible. This idea was mixed up to an AMOS research project, where a team of students built a first PoC of EMBArk. You can find the original project here. From there on continuous work, improvement and testing was running more or less under the radar. Until today ... EMBArk is stable and ready for more! Kudos to @BenediktMKuehne for pushing it to the next level.

---

Say hi to our centralized firmware security analysis environment EMBArk! Check it out here, use it, give us feedback or improve it and start being part of this open source environment.

---

On EMBA side we have some "bumpy" weeks in the neck:

• As the NIST API is currently changing and we had some serious issues with our cve-search integration we decided to rewrite it by ourself. This process took us some time to get the CVE identification feature fully working again. Thanks for all your testing and feedback during this process. With the new integration EMBA is faster, more stable and the installation is not that error prone anymore.
• UEFI analysis integration was massively improved - see here
• A lot of code cleanup was done by @HoxhaEndri
• A new update check functionality by @HoxhaEndri
• Improved firmware diffing environment - see here
• Updated and new reporting templates by @413x8
• Your great feedback is now collected in our wiki
• Further public online resources are available and collected here
• New support possibilities via patreon or buymeacoffee

Thank you for all your feedback and your testing since version 1.3.1!

It is always a pleasure to welcome new contributors to EMBA. This time we can welcome two of them:

• @413x8
• @mj138

Welcome to the EMBA environment and thank you for your valuable contribution.

---

We are looking for (release) sponsors here

---

What's Changed

• Version identifiers, Arch check in installer, diff updates by @m-1-k-3 in #860
• Snyk database update by @github-actions in #864
• CISA known exploited database update by @github-actions in #863
• Metasploit database update by @github-actions in #862
• check braces for modules scripts by @HoxhaEndri in #861
• braces checked for all script files by @HoxhaEndri in #865
• shellcheck braces check in check_project and in workflow by @HoxhaEndri in #866
• Improve diff mode by @m-1-k-3 in #867
• Fix grep -R by @m-1-k-3 in #869
• CPU check for SSSE3 by @m-1-k-3 in #870
• Diff threading + improved reporting by @m-1-k-3 in #871
• #873 fix by @m-1-k-3 in #874
• zlib string from dell bios firmware by @HoxhaEndri in #872
• Create first_interaction.yml by @m-1-k-3 in #877
• Metasploit database update by @github-actions in #878
• CISA known exploited database update by @github-actions in #879
• Snyk database update by @github-actions in #880
• UEFI analysis improvements by @m-1-k-3 in #876
• fwhunt check entire firmware first by @HoxhaEndri in #881
• new version strings and comment for fwhunt by @HoxhaEndri in #882
• integrate cveXplore settings by @BenediktMKuehne in #884
• Install CveXplore v0.3.16++ by @m-1-k-3 in #892
• Snyk database update by @github-actions in #894
• Packetstorm database update by @github-actions in #895
• CISA known exploited database update by @github-actions in #893
• Full system emulation dependency s24 by @m-1-k-3 in #896
• Cvexplore integration by @BenediktMKuehne in #887
• switch pip install for cvexplore to git repo by @BenediktMKuehne in #899
• Docker-compose cleanup by @m-1-k-3 in #891
• Issue 889 by @m-1-k-3 in #902
• Update FUNDING.yml by @m-1-k-3 in #905
• L10, S05 fixes by @m-1-k-3 in #903
• L23 VNC checker modules by @m-1-k-3 in #904
• update first interaction by @m-1-k-3 in #906
• Update FUNDING.yml by @m-1-k-3 in #907
• Update check again - #908 by @m-1-k-3 in #909
• Make Routersploit work again by @m-1-k-3 in #910
• Stick to version and check it from requests and urllib3 by @m-1-k-3 in #911
• Improve dep checker by @m-1-k-3 in #912
• CISA known exploited database update by @github-actions in #915
• Packetstorm database update by @github-actions in #917
• Snyk database update by @github-actions in #916
• Replacement of current cve query mechanism by @m-1-k-3 in #913
• Fix workflows, improve CVE identification by @m-1-k-3 in #919
• rootfs check in uefi extractor by @m-1-k-3 in #921
• fix install workflow by @m-1-k-3 in #922
• check for versions (emba, git and docker) by @HoxhaEndri in #918
• Update FUNDING.yml by @m-1-k-3 in #924
• Update FUNDING.yml by @m-1-k-3 in #925
• Update FUNDING.yml by @m-1-k-3 in #926
• Update FUNDING.yml by @m-1-k-3 in #927
• S26 module fix by @m-1-k-3 in #928
• remove update scripts by @m-1-k-3 in #923
• Packetstorm database update by @github-actions in #935
• CISA known exploited database update by @github-actions in #933
• Snyk database update by @github-actions in #934
• Metasploit database update by @github-actions in #932
• Pre templates by @413x8 in #931
• Multiple fixes by @m-1-k-3 in #930
• Contributors update by @m-1-k-3 in #937
• update default profile for EMBArk by @m-1-k-3 in #938
• Fix parsing of version number from binary version string by @mj138 in #939
• Update Contributors, version by @m-1-k-3 in #940
• Fix parsing of binary name from binary version string by @mj138 in #942
• little cleanup by @m-1-k-3 in #944
• Docker build updates for Kali 2023.4 by @m-1-k-3 in #945
• Metasploit database update by @github-actions in #948
• CISA known exploited database update by @github-actions in #949
• Snyk database update by @github-actions in #950
• Packetstorm database update by @github-actions in #951
• Include 0xdea semgrep rules and haruspex ghidra script, improve cwe-search integration by @m-1-k-3 in #946
• s14 r2 startup command update by @m-1-k-3 in #952
• r2 bin cache by @m-1-k-3 in #953
• fix for #954 by @m-1-k-3 in #955
• Enable workflow dispatch by @m-1-k-3 in #956

New Contributors

• @413x8 made their first contribution in h...

EMBA v1.3.1 - Diff it

What happened since the last EMBA release?

There was the absolute great #Hackersummercamp with our talks at BSidesLV, ICS Village (DEF CON) and Black Hat (Arsenal). The recording of the BSides talk is already available here. Beside this, Nate did a really great talk at BruCON – see here.

Beside a lot of code cleanup, bug fixing and some little improvements the new firmware diffing mode is one of the highlights in version 1.3.1.
In 1 day bug hunting, exploit development and the identification of silent patching it is quite common to identify the differences between two firmware releases.
To use this new feature (as usual in a very early alpha state) it is now possible to define a second firmware with the -o parameter. EMBA starts with some basic analysis of both firmware images, extracts both images and finds the differences between these firmware images:

If the file is some ASCII file a nice diff is shown:

If the file is a binary file we use radare2 for further analysis:

For further details check our Wiki

Happy bug hunting :)

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

What's Changed

• Internet check not blocking by @m-1-k-3 in #722
• Fix docker build workflow by @m-1-k-3 in #723
• disable disk space monitor by @m-1-k-3 in #724
• print fix, http crawler by @m-1-k-3 in #732
• Code cleanup by @m-1-k-3 in #733
• Fix updater by @m-1-k-3 in #749
• Unblob v23.8.11 by @m-1-k-3 in #750
• PEM file with multiple certificates by @HoxhaEndri in #736
• Update README.md by @m-1-k-3 in #757
• add file-command to default deps by @BenediktMKuehne in #763
• Update semgrep workflow by @m-1-k-3 in #764
• Debian repos - https only for Kali by @m-1-k-3 in #766
• Curl online check by @m-1-k-3 in #774
• Improve PW cracking module s107 by @m-1-k-3 in #773
• Check container nr disable for dev mode by @m-1-k-3 in #776
• Set variable by @m-1-k-3 in #777
• Installer updates by @m-1-k-3 in #779
• fix gpt path by @m-1-k-3 in #789
• Improve web page crawler by @m-1-k-3 in #795
• little fix by @m-1-k-3 in #796
• disable the trickest exploit db by @m-1-k-3 in #797
• Debian installer support by @m-1-k-3 in #798
• grep -v -> tail by @m-1-k-3 in #812
• Proxy support by @m-1-k-3 in #811
• Firmware diffing preparation by @m-1-k-3 in #804
• nikto setup, compose cleanup by @m-1-k-3 in #814
• System emulation fs mount improvements by @m-1-k-3 in #815
• L10 Fix SC2250 shellcheck by @HoxhaEndri in #822
• Installer debian package file format by @m-1-k-3 in #826
• Cleanup of PS crawler by @m-1-k-3 in #833
• Check for arachni user and shellcheck braces by @HoxhaEndri in #834
• Try cve db update multiple times during installation by @m-1-k-3 in #837
• Firmware diffing modules by @m-1-k-3 in #838
• fix #839 by @m-1-k-3 in #844
• Semgrep checks and shellcheck braces checks by @HoxhaEndri in #835
• check for space at the end of a line by @HoxhaEndri in #845
• Update installer, dep-check by @m-1-k-3 in #846
• strict mode grep error by @HoxhaEndri in #848
• Packetstorm database update by @github-actions in #852
• Snyk database update by @github-actions in #851
• CISA known exploited database update by @github-actions in #850
• Metasploit database update by @github-actions in #849
• BMC firmware extractor by @m-1-k-3 in #853
• braces check for all scripts inside "helpers" folder and "installer" folder by @HoxhaEndri in #854
• kernel-hardening-checker fix by @m-1-k-3 in #855
• Version 1.3.1 by @m-1-k-3 in #856

Full Changelog: 1.3.0-AI-for-EMBA...1.3.1-diff-all-the-firmwares

EMBA v1.3.0 - AI-Assisted Firmware Analysis

Q: Can we use AI for firmware analysis?
A: Sure, let's do it! EMBA now supports AI-assisted firmware analysis.

Again, we rise the bar in the field of Open-Source firmware security analysis. After establishing user-mode emulation or system emulation this time we moved to AI-assisted firmware analysis. More details about our AI integration are available in our Wiki

---

#Hackersummercamp ahead!
We got the amazing opportunity to show EMBA at the BSides conference in Las Vegas. The schedule is available here.

Additionally, you will find us with a live EMBA demo at Black Hat Arsenal

See you all in Vegas

---

Beside your ongoing support with feedback, testing, working on issues and spreading EMBA you can now also support EMBA as a sponsor.

Check it out here and start being an essential part of the future of EMBA

---

What's Changed

• Exit of add_partition in L10 by @m-1-k-3 in #430
• log dir on dep check by @m-1-k-3 in #428
• Nikto dep fix by @m-1-k-3 in #429
• cwe-checker install latest master by @m-1-k-3 in #431
• Further trickest blacklist entries by @m-1-k-3 in #432
• Freetzng-fix by @BenediktMKuehne in #433
• update sub-shell pwd fix by @BenediktMKuehne in #435
• Add Packetstorm and Snyk PoC sources by @m-1-k-3 in #434
• Full install fixes by @m-1-k-3 in #436
• s115 - empty log handling by @m-1-k-3 in #438
• Minimal cve-search installation / Dependency issues by @m-1-k-3 in #442
• blacklist update by @m-1-k-3 in #441
• Introducing module_wait helper function by @m-1-k-3 in #439
• Fix dependencies by @m-1-k-3 in #445
• Code cleanup - comments by @m-1-k-3 in #446
• Copyright updates 2023 by @m-1-k-3 in #447
• Kernel downloader and vulnerability verifier by @m-1-k-3 in #451
• cron job fix by @m-1-k-3 in #453
• L10 improvements, more services by @m-1-k-3 in #454
• Kernel config analysis by @m-1-k-3 in #455
• Update the known exploit behaviour by @m-1-k-3 in #458
• example disable profile by @m-1-k-3 in #457
• Refactoring by @m-1-k-3 in #462
• exploit databases updated by @m-1-k-3 in #466
• S12 - checksec implementation fix by @m-1-k-3 in #463
• Improve stop of system emulation by @m-1-k-3 in #465
• Hexagon support by @m-1-k-3 in #467
• Lighttpd analysis module by @m-1-k-3 in #469
• s08 safe_echo fix by @m-1-k-3 in #470
• p35 - true to not fail, s26 - check for files by @m-1-k-3 in #471
• JTR crack multiple hash types by @m-1-k-3 in #473
• deprecated -l option by @m-1-k-3 in #476
• s36 fixes, renamed p61 by @m-1-k-3 in #477
• System emulator improvements by @m-1-k-3 in #478
• Respect module blacklist in waiting state / Installer fix by @m-1-k-3 in #479
• Exploit database update, debug mode, command line tests by @m-1-k-3 in #481
• Add wordlist mechanism to s109 by @m-1-k-3 in #482
• csv export of p59, p60 and p70 by @m-1-k-3 in #483
• disk space monitor, rpm package analysis by @m-1-k-3 in #485
• Improve output of help command by @m-1-k-3 in #492
• Setup further workflows by @m-1-k-3 in #490
• Remove timezone setting by @m-1-k-3 in #494
• Refactor, PID log, Github actions, APKHunt by @m-1-k-3 in #495
• Packetstorm database update by @github-actions in #498
• Snyk database update by @github-actions in #497
• Metasploit database update by @github-actions in #496
• Improve restart EMBA analysis feature by @m-1-k-3 in #499
• Fix install with pip v23+ by @m-1-k-3 in #500
• Another PIPv23 fix by @m-1-k-3 in #501
• return if empty by @m-1-k-3 in #502
• Input validation by @m-1-k-3 in #505
• Check for update setting by @m-1-k-3 in #504
• Routersploit update workflow by @m-1-k-3 in #503
• Dependency checker, workflow by @m-1-k-3 in #506
• Metasploit database update by @github-actions in #509
• Snyk database update by @github-actions in #510
• CISA known exploited database update by @github-actions in #512
• Packetstorm database update by @github-actions in #514
• System emulation improvements, workflow by @m-1-k-3 in #515
• CVE state message printing by @m-1-k-3 in #518
• Packetstorm database update by @github-actions in #528
• Snyk database update by @github-actions in #527
• CISA known exploited database update by @github-actions in #525
• Routersploit database update by @github-actions in #524
• Metasploit database update by @github-actions in #523
• Trickest PoC database update by @github-actions in #526
• Input adjustment by @m-1-k-3 in #529
• version validation by @m-1-k-3 in #530
• PATH variable bug by @m-1-k-3 in #531
• EMBA v1.2.2 - Blue Hat edt. by @m-1-k-3 in #532
• Sponsoring issues by @m-1-k-3 in #534
• Metasploit database update by @github-actions in #536
• Snyk database update by @github-actions in #539
• CISA known exploited database update by @github-actions in #537
• Packetstorm database update by @github-actions in #540
• L25 improvements / multiple little fixes by @m-1-k-3 in #535
• L10 module improvements by @m-1-k-3 in #543
• Metasploit database update by @github-actions in #545
• Snyk database update by @github-actions in #547
• Packetstorm database update by @github-actions in #548
• New version strings (Flex and NBTscan) by @HoxhaEndri in #549
• L10 improvement round x by @m-1-k-3 in #550
• links in templates by @m-1-k-3 in #555
• Freetz extraction module deprecated by @m-1-k-3 in #554
• fix for #551 by @m-1-k-3 in #553
• Testing workflows by @BenediktMKuehne in #541
• Packetstorm database update by @github-actions in #563
• Snyk database update by @github-actions in #562
• CISA known exploited database update by @github-actions in #560
• Metasploit database update by @github-actions in #559
• Improve web crawler (L25) by @m-1-k-3 in #557
• Updated installer.sh for "ubuntu debian" /etc/os-release and new version string by @HoxhaEndri in #552
• SNMP module improvements by @m-1-k-3 in #565
• Remove warning apt-key is deprecated by @HoxhaEndri in #564
• update entropy output by @BenediktMKuehne in #566...