Startup-SBOM - A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions


This is a simple SBOM utility which aims to provide an insider view on which packages are getting executed.

The process and objective is simple we can get a clear perspective view on the packages installed by APT (currently working on implementing this for RPM and other package managers). This is mainly needed to check which all packages are actually being executed.


Installation

The packages needed are mentioned in the requirements.txt file and can be installed using pip:

pip3 install -r requirements.txt

Usage

  • First of all install the packages.
  • Secondly , you need to set up environment variables such as:
    • Mount the image: Currently I am still working on a mechanism to automatically define a mount point and mount different types of images and volumes but its still quite a task for me.
  • Finally run the tool to list all the packages.
Argument Description
--analysis-mode Specifies the mode of operation. Default is static. Choices are static and chroot.
--static-type Specifies the type of analysis for static mode. Required for static mode only. Choices are info and service.
--volume-path Specifies the path to the mounted volume. Default is /mnt.
--save-file Specifies the output file for JSON output.
--info-graphic Specifies whether to generate visual plots for CHROOT analysis. Default is True.
--pkg-mgr Manually specify the package manager or dont add this option for automatic check.
APT:
- Static Info Analysis:
- This command runs the program in static analysis mode, specifically using the Info Directory analysis method.
- It analyzes the packages installed on the mounted volume located at /mnt.
- It saves the output in a JSON file named output.json.
- It generates visual plots for CHROOT analysis.
```bashpython3 main.py --pkg-mgr apt --analysis-mode static --static-type info --volume-path /mnt --save-file output.json```
  • Static Service Analysis:

  • This command runs the program in static analysis mode, specifically using the Service file analysis method.

  • It analyzes the packages installed on the mounted volume located at /custom_mount.
  • It saves the output in a JSON file named output.json.
  • It does not generate visual plots for CHROOT analysis. bash python3 main.py --pkg-mgr apt --analysis-mode static --static-type service --volume-path /custom_mount --save-file output.json --info-graphic False

  • Chroot analysis with or without Graphic output:

  • This command runs the program in chroot analysis mode.
  • It analyzes the packages installed on the mounted volume located at /mnt.
  • It saves the output in a JSON file named output.json.
  • It generates visual plots for CHROOT analysis.
  • For graphical output keep --info-graphic as True else False bash python3 main.py --pkg-mgr apt --analysis-mode chroot --volume-path /mnt --save-file output.json --info-graphic True/False

RPM - Static Analysis: - Similar to how its done on apt but there is only one type of static scan avaialable for now. bash python3 main.py --pkg-mgr rpm --analysis-mode static --volume-path /mnt --save-file output.json

  • Chroot analysis with or without Graphic output:
  • Exactly how its done on apt. bash python3 main.py --pkg-mgr rpm --analysis-mode chroot --volume-path /mnt --save-file output.json --info-graphic True/False

Supporting Images

Currently the tool works on Debian and Red Hat based images I can guarentee the debian outputs but the Red-Hat onces still needs work to be done its not perfect.

I am working on the pacman side of things I am trying to find a relaiable way of accessing the pacman db for static analysis.

Graphical Output Images (Chroot)

APT Chroot

RPM Chroot

Inner Workings

For the workings and process related documentation please read the wiki page: Link

TODO

  • [x] Support for RPM
  • [x] Support for APT
  • [x] Support for Chroot Analysis
  • [x] Support for Versions
  • [x] Support for Chroot Graphical output
  • [x] Support for organized graphical output
  • [ ] Support for Pacman

Ideas and Discussions

Ideas regarding this topic are welcome in the discussions page.




Via: www.kitploit.com
Startup-SBOM - A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions Startup-SBOM - A Tool To Reverse Engineer And Inspect The RPM And APT Databases To List All The Packages Along With Executables, Service And Versions Reviewed by Zion3R on 16:57 Rating: 5