Expl-iot – IOT Security Testing and Exploitation Framework

IoT devices is becoming more and more exposed to internet. this to improve device functionality and provide more features to customer. searching shodan will show a large number of IoT devices with exposed UI , exposed login page or just using the default credentials. This can be due to users limited security implementation background. If you are looking to test IoT security you can check Expl-iot

Expl-iot is a framework for security testing IoT and IoT infrastructure. It provides a set of plugins (test cases) and can be extended easily to create new plugins.

Expl-iot – IOT Security Testing and Exploitation Framework

The objective behind this framework is:

  • Easy to use
  • Easy to extend
  • Support for most IoT protocols
  • Support for Radio IoT protocols
  • Support for hardware protocols
  • One-stop-shop for IoT and IoT infrastructure security testing.

There is 19 plugins with test cases:

  • BLE Charecteristic value fuzzer
  • BLE Scanner
  • BLE charecteristic writer
  • BLE Tapplock unlock
  • CANbus reader
  • CANbus writer
  • CoAP GET
  • CoAP Sample Summary
  • I2C EEPROM Reader
  • I2C EEPROM Writer
  • Modbus TCP Reader
  • Modbus TCP Writer
  • MQTT authentication cracker
  • MQTT Publisher
  • MQTT Subscriber
  • SPI Flash Reader
  • SPI Flash Writer
  • Serial console command brute-forcer/fuzzer
  • Kankun SmartPlug Hijacker

The challenge with IoT devices is having several interfaces and services such as Web, SSH, Telnet or just a non standard port/protocol.

Current version include plugins to test UART, ZigBee, BLE, MQTT, CoAP. You can read more and download this framework over here: https://gitlab.com/expliot_framework/expliot

Share