Pentest Tools trommel

Published on January 6th, 2018📅

| 0

TROMMEL: Sift Through Directories of Files to Identify Indicators That May Contain Vulnerabilities

TROMMEL sifts through directories of files to identify indicators that may contain vulnerabilities.

Itidentifies the following indicators related to:

  • Secure Shell (SSH) key files
  • Secure Socket Layer (SSL) key files
  • Internet Protocol (IP) addresses
  • Uniform Resource Locator (URL)
  • email addresses
  • shell scripts
  • web server binaries
  • configuration files
  • database files
  • specific binaries files (i.e. Dropbear, BusyBox, etc.)
  • shared object library files
  • web application scripting variables, and
  • Android application package (APK) file permissions.

It has also integrated vFeed which allows for further in-depth vulnerability analysis of identified indicators.

  • integrates vFeed, which is a database wrapper that pulls in content from Common Vulnerabilities and Exposures (CVE) database, Exploit-DB, and Metasploit.
  • vFeed offers a free, downloadable Community Database for non-commercial users.
  • This integration allows for further in-depth vulnerability analysis of identified indicators.
  • significantly lessens the manual analysis time of the researcher by automating much of the vulnerability discovery and analysis process.
  • Upon execution, it provides the following feedback to the researcher in the terminal:
    • it is working to sift through the files.
    • Results will be saved to “[Researcher Supplied File Name]_Trommel_YYYYMMDD_HHMMSS”
  • The identified indicators are then saved to a text file in the current working directory of TROMMEL.
  • The text file is named according to the above naming convention and will contain the following information preceding the identified indicators:
    • Trommel Results File Name: [Researcher Supplied File Name]
    • Directory: [Researcher Supplied Directory]
    • There are [Count of Files] total files within the directory.
    • Results could be vulnerabilities. These results should be verified as false positives may exist.
  • The indicators should be reviewed to identify and remove false positives and to identify indicators that need further analysis for potential vulnerabilities.


  • Download: git clone
  • Download vFeed database from vFeed tool from
    • This database needs to be placed in the root of the working directory.
  • Python-magic
    • For Linux:
      • pip install python-magic
    • For Mac:
      • brew install libmagic
      • pip install python-magic



$ –help

Output TROMMEL results to a file based on a given directory

$ -p /directory -o output_file


Leave a Reply

Back to Top ↑