Retrieve Vulnerability Results from JSON/Pickle

[nstarke]

Is there currently a way to retrieve the vulnerability output that is displayed on STDOUT during a Discover_and_Dump session? I would assume all the information is in the json output, but there is a lot of data there. Any suggestions you might have would be greatly appreciated, and as always, I'll be happy to send a PR with documentation updates with any information provided. Thanks again!

[ChrisTheCoolHut]

Hi @nstarke!

After a Discover and Dump is run four files should be created:

<dump_name>.all.json  <dump_name>.all.pickle  <dump_name>.json  <dump_name>.pickle

The <dump_name>.pickle will have a reduced list of functions that were found to be vulnerable.

If you want the same STDOUT as Discover and Dump I'd recommend stealing the print_function and loading that pickle.

I just moved the print_function into ghidra_handler from Discover and Dump in 5c5d2d1, so the below script should do what you need.

import pickle
from firmware_slap.ghidra_handler import print_function
pickle_name = "Your_results.pickle"
with open(pickle_name, 'rb') as f:
    results = pickle.load(f)
for result in results:
    print_function(result)

[nstarke]

Works like a charm, would there be any value in adding this snippet as a script in bin? I'd be happy to submit a PR if so.

[ChrisTheCoolHut]

I'm close to having #2 ready and I imagine the main use of the JSON will be loading it into Kibana, so you get a vulnerability dashboard.

We could add the script to the bin folder, but no export it in the setup.py so it'd be there if you wanted it.

[nstarke]

I'll probably just hold off until the ELK stuff is finished and consume the vuln data that way.

Just as an aside, I've had some really great results running firmware slap against firmware images for my day job. Thanks for all the hard work!

Closing now.