tool review: uefi-spider (and firmware_vault)

UEFI Spider is a tool that crawls/downloads UEFI/BIOS updates from multiple ISV/OEM distributors. It contains a set of highly specific scripts containing spidering logic for ISV/OEMs providing downloadable UEFI firmware updates. Each spider will attempt to document (in JSON) and download every identified UEFI firmware update. The tool is written in Python, and needs the Python scrapy library to work. It has support for these vendors: ASRock, Dell, Gigabyte, Intel, Lenovo, HP, MSI, and VMware.

“WARNING: Using this tool is dangerous, upon running each spider you will have downloaded well over 50G of firmware updates. This is highly taxing on both your bandwidth and the services hosting the updates. Please read the EULA for each site before spidering. This code is provided for reference only; this project and its authors do not encourage using the spiders.”

The tool is written by Teddy Reed (“theopolis”), who also created the UEFI Firmware Parser.

More Information:
https://github.com/theopolis/uefi-spider

There isn’t Apple support in these scripts. However, someone else recently started collecting Apple ROMs:
https://github.com/gdbinit/firmware_vault

I’m lazy, I wish one person would keep an online respository of ALL known BIOS/UEFI ROMs, so each security researcher wouldn’t have to crawl each vendors’ site on an ongoing basis.

3 thoughts on “tool review: uefi-spider (and firmware_vault)

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s