Hello Benedikt,

I have seen the new release today and I installed a new Kali 2022.3 VM afternon with the actual EMBArk. Installation was fine I think.

Starting the server dropped and error but the service was reachable after this:

I did a short scan but the progress bar stopped at 91%:

The scan was over for sure.

After this I checked the details of the scan and the page only displayed the enthropy graph:

I though it was because of the wrong FW file and I wanted to start the 2nd scan but I got an error after I wanted to start the scan:

I logged out and stopped EMBArk and started again. I got the first No such service: EMBA error like on the first screenshot and I couldn't start a new scan because the last error came up again.

I tried again the same with a brand new installation. A stating error in the terminal came again. I was able to start the 2nd scan. Please ignore the empty page issue of the details page, because another FW scan displayed the contents fine. I am not sure the progress bar works perfect or not but I am going to try and check it some more times. Maybe the fix is still in progress for this.

I also checked the firmware delete page and it was blank:

Thank you! torabi

Hi,

I am using a Kali 2021.04 linuxin VMware Workstation. I am doing a partly manual installation of emba + EMBArk like this:

change shell to /bin/bash docker installation: $ sudo apt install docker-ce -y

$ git clone https://github.com/e-m-b-a/embark.git $ cd embark $ git clone https://github.com/e-m-b-a/emba.git $ git clone https://github.com/cve-search/cve-search.git

Install system requirements: $ cd cve-search $ sudo xargs apt-get install -y < requirements.system $ sudo pip3 install -r requirements.txt

MongoDB installation $ sudo apt install -y mongodb-org

and I install EMBArk with the default -d mode. The install looks fine, I can start the server with: $ sudo ./run-server.sh and I can register a user in the browser but after login I get 404 error.

If I start with developer mode: sudo ./dev-tools/debug-server-start.sh I can log in.

I checked also the -F installation which is also looks fine, but if I start the server with the default command: $ sudo ./run-server.sh

I get this error: Finished setup mysql and redis docker images mkdir: cannot create directory ‘/app/www/logs’: No such file or directory mkdir: cannot create directory ‘/app/www/conf’: No such file or directory

[ JOB] Redis logs are copied to ./embark/logs/redis_dev.log

[ JOB] DB logs are copied to ./embark/logs/mysql_dev.log ./run-server.sh: line 98: /app/www/logs/redis.log: No such file or directory ./run-server.sh: line 100: /app/www/logs/mysql.log: No such file or directory cp: cannot create directory '/app/www/embark/': No such file or directory ./run-server.sh: line 113: /app/www/conf/embark.conf: No such file or directory ./run-server.sh: line 116: cd: /app/www/embark/: No such file or directory

The output of docker-compose ps:

Name Command State Ports

embark_db docker-entrypoint.sh mysqld Up 0.0.0.0:3306->3306/tcp,:::3306->3306/tcp, 33060/tcp embark_redis docker-entrypoint.sh --por ... Up 6379/tcp, 0.0.0.0:7777->7777/tcp,:::7777->7777/tcp

I can use only the $ sudo ./dev-tools/debug-server-start.sh

mode even if I install -d or with -F but the normal way does not work. What could be the problem?

If I want to open a report after a full emba test in EMBArk I get this message:

TemplateDoesNotExist at /emba_logs/1/html-report/index.html

/app/emba/emba_logs/emba_logs/1/html-report/index.html

Request Method: GET Request URL: http://127.0.0.1:8000/emba_logs/1/html-report/index.html Django Version: 4.0.1 Exception Type: TemplateDoesNotExist Exception Value:

/app/emba/emba_logs/emba_logs/1/html-report/index.html

Exception Location: /home/kali/embark/.venv/lib/python3.9/site-packages/django/template/loader.py, line 19, in get_template Python Executable: /home/kali/embark/.venv/bin/python Python Version: 3.9.9 Python Path:

['/home/kali/embark/embark', '/home/kali/embark', '/home/kali/embark/embark', '/usr/lib/python39.zip', '/usr/lib/python3.9', '/usr/lib/python3.9/lib-dynload', '/home/kali/embark/.venv/lib/python3.9/site-packages']

Server time: Sun, 30 Jan 2022 10:14:42 +0000 Template-loader postmortem

Django tried loading these templates, in this order:

Using engine django:

django.template.loaders.filesystem.Loader: /app/emba/emba_logs/emba_logs/1/html-report/index.html (Source does not exist)

But other pages are working and I am able to download the logs in HTML with "Download Logs" button.

Regards, Torabi

Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like A clear and concise description of what you want to happen.

Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.

Additional context Add any other context or screenshots about the feature request here.

Describe the bug I have a fresh Minimal install of Ubuntu 22.04.1 (fully updated) on bare metal just for Emba and Embark

Installing Emba seems to have gone flawlessly but Installing Embark gave some unexpected errors (first two images below) and when starting the server via sudo ./run-server.sh it gives a "Failed setup mysql and redis docker images" error (3rd image below). When attempting to go to embark.local it just says a browser Unable to Connect message.

To Reproduce Steps to reproduce the behavior:

1. EMBArk installation (default mode)
2. See errors
3. Start EMBArk: sudo ./run-server.sh
4. See error

Expected behavior I can not get http://embark.local/ in the web browser. Message is this: "Unable to connect Firefox can’t establish a connection to the server at embark.local."

Screenshots

Desktop (please complete the following information):

• OS: Ubuntu 22.04.1 (Jammy) Fully Patched / Updated

Additional context I have re-run the sudo ./installer.sh -d command after rebooting and get same issues again.

Hello, I deployed EMBA first and realized that I need a dashboard also so I deployed embark and this is in the esx server running a VM with Ubuntu Server 22.04.

I added 10.x.x.x embark.local embark.local 10.x.x.x in /etc/hosts

edited /var/www/httpd80/httpd.conf and added ip under redirect permanent but still I couldn’t access the dashboard using http://10.x.x.x:80 within being in the same network.

Please advise.

❗ EMBArk is changing to Ubuntu:jammy (Ubuntu 22 LTS). To make containerization and development easier, Kali-Linux will no longer be the base OS for testing and development.

What kind of change does this PR introduce?

• Python version changed from 3.9 to 3.10
• dependencies are customized for ubuntu:jammy
• server directory changed to /var/www
• other minor additions

Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)

• ⚠️ Python version changed to 3.10 : pipenv must be updated/rebuild
• ⚠️ reinstallation required
• ❗ ⚠️ newer kali-linux versions no longer actively supported ❗

Other information:

https://github.com/e-m-b-a/emba/pull/258

Describe the bug I did a clean installation on Kali using the default "sudo installer.sh -d" and it went fine, but I could not start the server:

To Reproduce Steps to reproduce the behavior:

1. EMBArk installation $ git clone https://github.com/e-m-b-a/embark.git $ cd embark $ sudo ./installer.sh -d
2. Start EMBArk: sudo ./run-server.sh
3. See error

Expected behavior It used to work the same way a few weeks before. May I install MongoDB manually? I didn't find any error during the installation.

Screenshots Added above.

Desktop (please complete the following information):

• OS: [Kali Linux 2022.01] & sudo apt full-upgrade -y

Describe the bug If I delete an uploaded firmware the EMBArk web page displays error messages.

To Reproduce Steps to reproduce the behavior:

1. EMBArk installation (default mode)
2. Start EMBArk: sudo ./run-server.sh
3. Upload any FW file
4. Do a scan
5. Try to delete the uplaoded FW
6. See error

Expected behavior Deletion should be working.

Screenshots

Desktop (please complete the following information):

• OS: [Kali Linux 2022.01]

This adds the Apache Server as wsgi-server to the frontend.

Some things to think about:

• What would you say is the max file-size a firmwares are allowed to have?(for upload)

• Currently the -D (dev) and the default installation are compatible with each other. keep or change?

Problem accessing EMBark. Cannot register user

Curl user data is invalid OR Web app form "Something went wrong when signing up the user."

Authentication Before accessing EMBArk you need to register yourself with username and password:

Option 1: curl -XPOST 'http://0.0.0.0:80/signup' -d '{"email": "[email protected]", "password": "test", "confirm_password": "test"}'

└──╼ $curl -XPOST 'http://127.0.0.1:80/signup' -d '{"email": "[email protected]", "password": "test", "confirm_password": "test"}'

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="utf-8"/>
    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"/>

    <link rel="icon" type="image/png" href="/static/content/images/favicon.png"/>

    <title>EMBArk register</title>

    <!-- jQuery-confirm style sheet -->
    <link rel="stylesheet" href="/static/external/css/confirm.css"/>

    <!-- Bootstrap and jquery-confirm style sheet -->
    <link rel="stylesheet" href="/static/external/css/bootstrap.css"/>

    <!--DataTables style sheets-->
    <link rel="stylesheet" type="text/css" href="/static/external/css/datatable.css"/>

    <!-- Style sheets-->
    <link rel="stylesheet" type="text/css" href="/static/content/css/globalStyle.css"/>
    <link rel="stylesheet" type="text/css" href="/static/content/css/login.css"/>

    <!-- jQuery script -->
    <script type="text/javascript" src="/static/external/scripts/jquery.js"></script>

    <!-- jQuery confirm script -->
    <script type="text/javascript" src="/static/external/scripts/confirm.js"></script>

    <!-- Bootstrap script -->
    <script type="text/javascript" src="/static/external/scripts/bootstrap.js"></script>

    <!--DataTables script-->
    <script type="text/javascript" src="/static/external/scripts/datatable.js"></script>

    <!-- Charts script -->
    <script type="text/javascript" src="/static/external/scripts/charts.js"></script>

    <!-- local Javascript files-->
    <script type="text/javascript" src="/static/scripts/main.js"></script>
    <script type="text/javascript" src="/static/scripts/alertBox.js"></script>


</head>
<body>
    <div class="container-fluid">

        <!--Main container-->
        <div class="main">

    <div class="login-form-container">

        <div class="alert alert-danger alert-dismissible fade show" role="alert">
            <medium>User data is invalid.</medium>
        </div>

        <div id="embarkLogo"><img src="/static/content/images/embark_logo.svg" alt="EMBArk logo graphic" height="auto" width="auto"/></div>
        <div class="login">
            <form action="/signup" class="login-form" method="POST" novalidate>
            <h2 class="title">Register</h2>
            <div class="input-field" data-error="Username is required">
                <svg viewBox="0 -2 25 25" xmlns="http://www.w3.org/2000/svg"><path d="m7.5.5c1.65685425 0 3 1.34314575 3 3v2c0 1.65685425-1.34314575 3-3 3s-3-1.34314575-3-3v-2c0-1.65685425 1.34314575-3 3-3zm7 14v-.7281753c0-3.1864098-3.6862915-5.2718247-7-5.2718247s-7 2.0854149-7 5.2718247v.7281753c0 .5522847.44771525 1 1 1h12c.5522847 0 1-.4477153 1-1z" fill="none" stroke="#000" stroke-linecap="round" stroke-linejoin="round" transform="translate(3 2)"/></svg>
                <input type="text" placeholder="Username" name="username" required/>
            </div>
            <div class="input-field">
                <svg viewBox="0 -2 25 25" xmlns="http://www.w3.org/2000/svg"><g fill="none" fill-rule="evenodd" transform="translate(4 1)"><path d="m2.5 8.5-.00586729-1.99475098c-.00728549-4.00349935 1.32800361-6.00524902 4.00586729-6.00524902s4.0112203 2.00174967 4.0000699 6.00524902v1.99475098m-8.0000699 0h8.0225317c1.0543618 0 1.9181652.81587779 1.9945143 1.8507377l.0054778.1548972-.0169048 6c-.0031058 1.1023652-.8976224 1.9943651-1.999992 1.9943651h-8.005627c-1.1045695 0-2-.8954305-2-2v-6c0-1.1045695.8954305-2 2-2z" stroke="#000" stroke-linecap="round" stroke-linejoin="round"/><circle cx="6.5" cy="13.5" fill="#000" r="1.5"/></g></svg>
                <input type="password" placeholder="Password" name="password" required/>
            </div>
            <div class="input-field">
                <svg viewBox="0 -2 25 25" xmlns="http://www.w3.org/2000/svg"><g fill="none" fill-rule="evenodd" transform="translate(4 1)"><path d="m2.5 8.5-.00586729-1.99475098c-.00728549-4.00349935 1.32800361-6.00524902 4.00586729-6.00524902s4.0112203 2.00174967 4.0000699 6.00524902v1.99475098m-8.0000699 0h8.0225317c1.0543618 0 1.9181652.81587779 1.9945143 1.8507377l.0054778.1548972-.0169048 6c-.0031058 1.1023652-.8976224 1.9943651-1.999992 1.9943651h-8.005627c-1.1045695 0-2-.8954305-2-2v-6c0-1.1045695.8954305-2 2-2z" stroke="#000" stroke-linecap="round" stroke-linejoin="round"/><circle cx="6.5" cy="13.5" fill="#000" r="1.5"/></g></svg>
                <input type="password" placeholder="Confirm password" name="confirm_password" required/>
            </div>
            <input id="loginButton" type="submit" class="solid btn-login" value="Register" />
            </form>
        </div>
        <div id="login_footer">
            <a href="/">
                <input class="solid btn-login" type="submit" value="Back" />
            </a>
        </div>
    </div>

        </div>
    </div>

</body>
</html>

Describe the bug During the installation the following errors came:

Starting EMBArk displays these issues:

Uploading a firmware file works fine but the path looks like this:

The progress bar did not go to 100% but the san has been finished:

I was able to reproduce this issue more times. I know the scan is finished when the fan slows down in the computer but the progress bar does not go to 100%.

I entered these parameters for the scan:

but the report contains these:

It would be very useful to show real version numbers and proper data in the report, because if I have more scans difficult to check the real versions if the data is incomplete.

To Reproduce Steps to reproduce the behavior:

1. EMBArk installation (default mode)
2. Start EMBArk: sudo ./run-server.sh
3. Use the firmware available here: https://cyberforat.squat.net/openwrt/binary_images/linksys_official/WRT54GS_3.17.4_US_code.zip
4. See error

Expected behavior Please fix the errors if posible.

Screenshots Attached above.

Desktop (please complete the following information):

• OS: Ubuntu 22.04.1 LTS Desktop

Describe the bug I installed EMBArk in docker mode and I did not find the CVE download section at the end of the installation. The installation output was redirected into a file, which is uploaded to this report. When I started the EMBArk server I got some errors about cve-search is not OK.

To Reproduce Steps to reproduce the behavior:

1. EMBArk installation (docker-mode)
2. Start EMBArk: sudo ./run-server.sh
3. See error

Expected behavior I know the issue 187 workarounds but I tried 3 times the instalation on a clean Ubuntu Server and I got the same errors all the time. I would like help to get the installer to handle the database download.

Screenshots

Desktop (please complete the following information):

• OS: Ubuntu Server 22.04.1

Additional context Full installation log install.txt

Describe the bug The final report contains enthropy graph and value but the detailed view in EMBArk shows only 0.

so the graph on the main page is missing:

To Reproduce Steps to reproduce the behavior:

1. EMBArk installation (default mode)
2. Start EMBArk: sudo ./run-server.sh
3. Use the firmware available here: anything
4. Do a scan
5. Check enthropy on detailed view page.

Desktop (please complete the following information):

• OS: Ubuntu Server 22.04.1

Describe the bug Couldn't find "Firmware scan status" view in the dashboard

To Reproduce Steps to reproduce the behavior:

1. EMBArk installation (default mode)
2. Start EMBArk: sudo ./run-server.sh -a 192.168.1.20

Expected behavior

1. Once after the firmware uploaded and option selected to analyze, I could find the option to view the scan status.

Screenshots

Desktop (please complete the following information):

• OS: Kali Linux 2022.03

Additional context

1. Upon selecting the option "Progress" in the right-side panel I could only see the option "Select and stop Analysis" but I couldn't get an option anywhere in the dashboard as mentioned in the image located https://github.com/e-m-b-a/embark/wiki/Web-interface#firmware-scan-status
2. All I could do is that I can choose the firmware which I uploaded in the drop-down under "Select and stop Analysis" and a STOP button. Am I missing something during the installation, or any configuration needs to be changed to view the scan status? Please advise.

What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)

Importing Exporting Log-download UI-changes Bug-fixes

What is the current behavior? (You can also link to an open issue here)

Log-download not working Cluttered UI Report-dashboard changes:

• shows all analysis objects
• working inidcator
• changes to download-log functionality

What is the new behavior (if this is a feature change)? If possible add a screenshot.

report dashboard now displays all analyses that didn't fail

Does this PR introduce a breaking change? (What changes might users need to make in their application due to this PR?)

No

Hi

Thanks for your great work on embark! Came across this some time and follow your development. While working with Emba I come across several things that would be great to be implemented, I will add them as feature requests for the projects, so it can be discussed if they are valid or not.

Feature request: It would be great to have the possibility to disable individual tests.

For example the grepit tests takes a lot of time but delivers only marginal results. It would be great to customize the scan as much as possible.

There is already an "Expert Mode" when starting the scan, so it would be good if all modules / scans could be toggled on / off here.

I think in uploader/tests.py or uploader/models.py the command line options for emba are defined, have not looked into detail if this can be modified there.

This issue was originally reported in the EMBA area: https://github.com/e-m-b-a/emba/issues/193

This is a tall order but would be nice for the roadmap

In most cases. the discoveries for the CVEs don't actually affect the product. For example, if I'm running a kernel version that has 200 CVE's and 7 exploits. When I look at those findings I notice the CVE's are just a raw version analysis but if you dig down into the CVE it can say stuff like "If IPV6 is enabled" "IF the following flag is enabled in x config". IT would be nice to have the ability to go into the HTML report and maybe toggle stuff off that you know is a false positive.

Kina like this project lets you do https://github.com/Guezone/SECMON.

The toggling could let you generate an XML or something that logs the CVE's that you could apply to your next scan --fpxml