UEFI Spider is a tool that crawls/downloads UEFI/BIOS updates from multiple ISV/OEM distributors. It contains a set of highly specific scripts containing spidering logic for ISV/OEMs providing downloadable UEFI firmware updates. Each spider will attempt to document (in JSON) and download every identified UEFI firmware update. The tool is written in Python, and needs the Python scrapy library to work. It has support for these vendors: ASRock, Dell, Gigabyte, Intel, Lenovo, HP, MSI, and VMware.
“WARNING: Using this tool is dangerous, upon running each spider you will have downloaded well over 50G of firmware updates. This is highly taxing on both your bandwidth and the services hosting the updates. Please read the EULA for each site before spidering. This code is provided for reference only; this project and its authors do not encourage using the spiders.”
The tool is written by Teddy Reed (“theopolis”), who also created the UEFI Firmware Parser.
More Information:
https://github.com/theopolis/uefi-spider
There isn’t Apple support in these scripts. However, someone else recently started collecting Apple ROMs:
https://github.com/gdbinit/firmware_vault
I’m lazy, I wish one person would keep an online respository of ALL known BIOS/UEFI ROMs, so each security researcher wouldn’t have to crawl each vendors’ site on an ongoing basis.
3 thoughts on “tool review: uefi-spider (and firmware_vault)”