e-m-b-a · m-1-k-3 · Jan 29, 2025 · Jan 29, 2025 · Feb 2, 2025 · Feb 4, 2025
diff --git a/...port_templates/F20_vul_aggregator-post.sh → ...report_templates/F17_cve_bin_tool-post.sh b/...port_templates/F20_vul_aggregator-post.sh → ...report_templates/F17_cve_bin_tool-post.sh
@@ -13,11 +13,3 @@ write_link "https://security.snyk.io/vuln"
 print_output "$(indent "${ORANGE}X${NC} - Vulnerability is known as exploited")"
 write_link "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
 print_output "$(indent "${ORANGE}V${NC} - Vulnerability verified - Kernel or BusyBox (S26, S118)")"
-
-print_ln
-print_ln
-print_output "[*] Source notes:"
-print_output "$(indent "${ORANGE}STAT${NC} - Details found by static modules (S06, S09, S24, S25)")"
-print_output "$(indent "${ORANGE}PACK${NC} - Details found by package management environment (S08)")"
-print_output "$(indent "${ORANGE}UEMU${NC} - Details found by dynamic user-mode emulation modules (S115, S116)")"
-print_output "$(indent "${ORANGE}SEMU${NC} - Details found by dynamic system emulation modules (L*)")"
diff --git a/...eport_templates/F20_vul_aggregator-pre.sh → .../report_templates/F17_cve_bin_tool-pre.sh b/...eport_templates/F20_vul_aggregator-pre.sh → .../report_templates/F17_cve_bin_tool-pre.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
 
-print_output "This module aggregates all found version numbers together from S06, S08, S09, S24, S25 and S115 and searches with cve-search for known vulnerabilities."
-print_output "Additionally, the identified CVE details are matched with public exploit databases."
+print_output "This module aggregates all found version numbers together from S06, S08, S09, S24, S25 and S115 and searches with cve-bin-tool for known vulnerabilities."
+print_output "Additionally, the identified CVE details are matched with EPSS, public exploit databases and a VEX json is generated."
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,9 +1,9 @@
 services:
   # nosemgrep
   emba:
-    image: embeddedanalyzer/emba:1.5.1b
+    image: embeddedanalyzer/emba:1.5.1d
     container_name: emba
-    read_only: true
+    read_only: false
     # all pre-checker mount modules need privileged mode
     # nosemgrep
     privileged: true
@@ -51,7 +51,7 @@ services:
         soft: 0
 
   emba_quest:
-    image: embeddedanalyzer/emba:1.5.1b
+    image: embeddedanalyzer/emba:1.5.1d
     container_name: emba_quest
     read_only: true
     tmpfs:

diff --git a/helpers/helpers_emba_defaults.sh b/helpers/helpers_emba_defaults.sh
@@ -116,6 +116,7 @@ set_defaults() {
   if [[ -f "${CONFIG_DIR}"/msf_cve-db.txt ]]; then
     export MSF_DB_PATH="${CONFIG_DIR}"/msf_cve-db.txt
   fi
+  export MSF_INSTALL_PATH="/usr/share/metasploit-framework"
   if [[ -f "${CONFIG_DIR}"/trickest_cve-db.txt ]]; then
     export TRICKEST_DB_PATH="${CONFIG_DIR}"/trickest_cve-db.txt
   fi
@@ -251,5 +252,6 @@ set_log_paths() {
   export F20_EXPLOITS_LOG="${F20_LOG_DIR}/exploits-overview.txt"
   export F15_LOG="${LOG_DIR}/f15_cyclonedx_sbom.txt"
   export F15_CSV_LOG="${CSV_DIR}/f15_cyclonedx_sbom.csv"
+  export F17_LOG_DIR="${LOG_DIR}/f17_cve_bin_tool"
   export F50_CSV_LOG="${CSV_DIR}/f50_base_aggregator.csv"
 }
diff --git a/helpers/helpers_emba_dependency_check.sh b/helpers/helpers_emba_dependency_check.sh
@@ -217,6 +217,12 @@ check_docker_version() {
   fi
 }
 
+preparing_cve_bin_tool() {
+  print_output "    Preparing cve-bin-tool ..." "no_log"
+  mkdir "${HOME}"/.cache/cve-bin-tool
+  cp -pri /external/cve-bin-tool/cache_cve-bin-tool/* "${HOME}"/.cache/cve-bin-tool/
+}
+
 dependency_check()
 {
   module_title "Dependency check" "no_log"
@@ -688,6 +694,11 @@ dependency_check()
       # CVE searchsploit
       check_dep_tool "CVE Searchsploit" "cve_searchsploit"
 
+      check_dep_file "cve-bin-tool" "${EXT_DIR}""/cve-bin-tool/cve_bin_tool/cli.py"
+      preparing_cve_bin_tool &
+      local lTMP_PID="$!"
+      store_kill_pids "${lTMP_PID}"
+
       check_dep_file "Routersploit EDB database" "${CONFIG_DIR}""/routersploit_exploit-db.txt"
       check_dep_file "Routersploit CVE database" "${CONFIG_DIR}""/routersploit_cve-db.txt"
       check_dep_file "Metasploit CVE database" "${CONFIG_DIR}""/msf_cve-db.txt"

diff --git a/helpers/helpers_emba_print.sh b/helpers/helpers_emba_print.sh
@@ -983,7 +983,7 @@ secure_sleep() {
     sleep 10
     lCUR_SLEEP_TIME=$((lCUR_SLEEP_TIME + 10))
     if check_emba_ended; then
-      return
+      exit
     fi
   done
 }

diff --git a/installer.sh b/installer.sh
@@ -396,6 +396,8 @@ if [[ "${CVE_SEARCH}" -ne 1 ]] || [[ "${DOCKER_SETUP}" -ne 1 ]] || [[ "${IN_DOCK
 
   IL15_emulated_checks_init
 
+  IF17_cve_bin_tool
+
   IF50_aggregator_common
 fi
 

diff --git a/installer/IF17_cve_bin_tool.sh b/installer/IF17_cve_bin_tool.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+# EMBA - EMBEDDED LINUX ANALYZER
+#
+# Copyright 2025-2025 Siemens Energy AG
+#
+# EMBA comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
+# welcome to redistribute it under the terms of the GNU General Public License.
+# See LICENSE file for usage of this software.
+#
+# EMBA is licensed under GPLv3
+#
+# Author(s): Michael Messner
+
+# Description:  Installs cve-bin-tool including database for offline work
+
+IF17_cve_bin_tool() {
+  module_title "${FUNCNAME[0]}"
+
+  if [[ "${LIST_DEP}" -eq 1 ]] || [[ "${IN_DOCKER}" -eq 1 ]] || [[ "${DOCKER_SETUP}" -eq 0 ]] || [[ "${FULL}" -eq 1 ]]; then
+
+    INSTALL_APP_LIST=()
+
+    if [[ "${LIST_DEP}" -eq 1 ]] || [[ "${IN_DOCKER}" -eq 1 ]] || [[ "${DOCKER_SETUP}" -eq 0 ]] ; then
+      print_tool_info "gsutil"
+      # print_pip_info "cve_bin_tool"
+      print_git_info "cve-bin-tool" "https://github.com/EMBA-support-repos/cve-bin-tool.git" "cve-bin-tool"
+    fi
+
+    if [[ "${LIST_DEP}" -eq 1 ]] || [[ "${DOCKER_SETUP}" -eq 1 ]] ; then
+      ANSWER=("n")
+    else
+      echo -e "\\n""${MAGENTA}""${BOLD}"" cve-bin-tool will be downloaded (if not already on the system)!""${NC}"
+    fi
+
+    case ${ANSWER:0:1} in
+      y|Y )
+        apt-get install "${INSTALL_APP_LIST[@]}" -y --no-install-recommends
+
+        # radare2
+        echo -e "${ORANGE}""${BOLD}""Install cve-bin-tool""${NC}"
+        git clone https://github.com/EMBA-support-repos/cve-bin-tool.git external/cve-bin-tool
+        cd external/cve-bin-tool || ( echo "Could not install EMBA component cve-bin-tool" && exit 1 )
+        pip install -U -r requirements.txt
+        python3 -m pip install -e .
+        cd "${HOME_PATH}" || ( echo "Could not install EMBA component cve-bin-tool" && exit 1 )
+        python3 external/cve-bin-tool/cve_bin_tool/cli.py --update now || true
+        cp -pr "${HOME}"/.cache/cve-bin-tool ./external/cve-bin-tool/cache_cve-bin-tool
+      ;;
+    esac
+  fi
+}
diff --git a/modules/F15_cyclonedx_sbom.sh b/modules/F15_cyclonedx_sbom.sh
@@ -108,7 +108,7 @@ F15_cyclonedx_sbom() {
     mapfile -t lCOMP_FILES_ARR < <(find "${SBOM_LOG_PATH}" -maxdepth 1 -type f -name "*.json" -not -name "unhandled_file_*" | sort -u)
     if [[ "${SBOM_UNTRACKED_FILES}" -gt 0 ]]; then
       mapfile -t lCOMP_FILES_ARR_UNHANDLED < <(find "${SBOM_LOG_PATH}" -maxdepth 1 -type f -name "unhandled_file_*.json" | sort -u)
-     lCOMP_FILES_ARR+=("${lCOMP_FILES_ARR_UNHANDLED[@]}")
+      lCOMP_FILES_ARR+=("${lCOMP_FILES_ARR_UNHANDLED[@]}")
     fi
 
     # as we can have so many components that everything goes b00m we need to build the
-Original file line number
+Diff line change
@@ Expand Up / @@ -983,7 +983,7 @@ secure_sleep() { @@
         sleep 10
         lCUR_SLEEP_TIME=$((lCUR_SLEEP_TIME + 10))
         if check_emba_ended; then
-          return
+          exit
         fi
       done
     }
@@ Expand Down @@