7.8 C
New York
Friday, November 29, 2024

SBOM – A Software To Reverse Engineer And Examine The RPM And APT Databases To Listing All The Packages Alongside With Executables, Service And Variations




SBOM – A Software To Reverse Engineer And Examine The RPM And APT Databases To Listing All The Packages Alongside With Executables, Service And Variations

It is a easy SBOM utility which goals to supply an insider view on which packages are getting executed.

The method and goal is easy we will get a transparent perspective view on the packages put in by APT (at the moment engaged on implementing this for RPM and different bundle managers). That is primarily wanted to verify which all packages are literally being executed.

Set up

The packages wanted are talked about within the necessities.txt file and could be put in utilizing pip:

pip3 set up -r necessities.txt

Utilization

  • Initially set up the packages.
  • Secondly , that you must arrange surroundings variables comparable to:
    • Mount the picture: At present I’m nonetheless engaged on a mechanism to routinely outline a mount level and mount several types of photos and volumes however its nonetheless fairly a process for me.
  • Lastly run the software to checklist all of the packages.
Argument Description
--analysis-mode Specifies the mode of operation. Default is static. Selections are static and chroot.
--static-type Specifies the kind of evaluation for static mode. Required for static mode solely. Selections are information and service.
--volume-path Specifies the trail to the mounted quantity. Default is /mnt.
--save-file Specifies the output file for JSON output.
--info-graphic Specifies whether or not to generate visible plots for CHROOT evaluation. Default is True.
--pkg-mgr Manually specify the bundle supervisor or dont add this feature for computerized verify.
APT:
Static Data Evaluation:
– This command runs this system in static evaluation mode, particularly utilizing the Data Listing evaluation methodology.
– It analyzes the packages put in on the mounted quantity positioned at /mnt.
– It saves the output in a JSON file named output.json.
– It generates visible plots for CHROOT evaluation.
```bash
python3 principal.py --pkg-mgr apt --analysis-mode static --static-type information --volume-path /mnt --save-file output.json
```
  • Static Service Evaluation:

  • This command runs this system in static evaluation mode, particularly utilizing the Service file evaluation methodology.

  • It analyzes the packages put in on the mounted quantity positioned at /custom_mount.
  • It saves the output in a JSON file named output.json.
  • It doesn’t generate visible plots for CHROOT evaluation. bash python3 principal.py --pkg-mgr apt --analysis-mode static --static-type service --volume-path /custom_mount --save-file output.json --info-graphic False

  • Chroot evaluation with or with out Graphic output:

  • This command runs this system in chroot evaluation mode.
  • It analyzes the packages put in on the mounted quantity positioned at /mnt.
  • It saves the output in a JSON file named output.json.
  • It generates visible plots for CHROOT evaluation.
  • For graphical output maintain --info-graphic as True else False bash python3 principal.py --pkg-mgr apt --analysis-mode chroot --volume-path /mnt --save-file output.json --info-graphic True/False

RPMStatic Evaluation: – Much like how its accomplished on apt however there is just one sort of static scan avaialable for now. bash python3 principal.py --pkg-mgr rpm --analysis-mode static --volume-path /mnt --save-file output.json

  • Chroot evaluation with or with out Graphic output:
  • Precisely how its accomplished on apt. bash python3 principal.py --pkg-mgr rpm --analysis-mode chroot --volume-path /mnt --save-file output.json --info-graphic True/False

Supporting Photos

At present the software works on Debian and Purple Hat primarily based photos I can guarentee the debian outputs however the Purple-Hat onces nonetheless wants work to be accomplished its not good.

I’m engaged on the pacman facet of issues I’m looking for a relaiable approach of accessing the pacman db for static evaluation.

Graphical Output Photos (Chroot)

APT Chroot

RPM Chroot

SBOM – A Software To Reverse Engineer And Examine The RPM And APT Databases To Listing All The Packages Alongside With Executables, Service And Variations

Internal Workings

For the workings and course of associated documentation please learn the wiki web page: Hyperlink

TODO

  • [x] Assist for RPM
  • [x] Assist for APT
  • [x] Assist for Chroot Evaluation
  • [x] Assist for Variations
  • [x] Assist for Chroot Graphical output
  • [x] Assist for organized graphical output
  • [ ] Assist for Pacman

Concepts and Discussions

Concepts concerning this subject are welcome within the discussions web page.



Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles