V33RU / Iotsecurity101
Licence: gpl-3.0
A Curated list of IoT Security Resources
Stars: ✭ 1,302
Projects that are alternatives of or similar to Iotsecurity101
Iot Pt
A Virtual environment for Pentesting IoT Devices
Stars: ✭ 218 (-83.26%)
Mutual labels: hardware, firmware, radio
Embedos
EmbedOS - Embedded security testing virtual machine
Stars: ✭ 108 (-91.71%)
Mutual labels: hardware, firmware, iot
Rfsec Toolkit
RFSec-ToolKit is a collection of Radio Frequency Communication Protocol Hacktools.无线通信协议相关的工具集,可借助SDR硬件+相关工具对无线通信进行研究。Collect with ♥ by HackSmith
Stars: ✭ 1,085 (-16.67%)
Mutual labels: hardware, radio, iot
Lib Python
Blynk IoT library for Python and Micropython
Stars: ✭ 140 (-89.25%)
Mutual labels: hardware, iot, iot-device
Usbserial
Usb serial controller for Android
Stars: ✭ 1,301 (-0.08%)
Mutual labels: hardware, iot, iot-device
Sensors Software
sourcecode for reading sensor data
Stars: ✭ 469 (-63.98%)
Mutual labels: iot, iot-device
Awesome Embedded And Iot Security
A curated list of awesome embedded and IoT security resources.
Stars: ✭ 500 (-61.6%)
Mutual labels: firmware, iot
Wrmhl
⚡️ Super fast communication beetwen Unity3D and Arduino. Create Interactive experiences in a minute ⏱
Stars: ✭ 601 (-53.84%)
Mutual labels: hardware, iot
Platform Espressif32
Espressif 32: development platform for PlatformIO
Stars: ✭ 333 (-74.42%)
Mutual labels: firmware, iot
Dorita980
Unofficial iRobot Roomba and Braava (i7/i7+, 980, 960, 900, e5, 690, 675, m6, etc) node.js library (SDK) to control your robot
Stars: ✭ 523 (-59.83%)
Mutual labels: firmware, iot
Attifyos
Attify OS - Distro for pentesting IoT devices
Stars: ✭ 615 (-52.76%)
Mutual labels: hardware, iot
Sonoff Homeassistant
Firmware for ESP8266 based itead Sonoff switches for use with HomeAssistant
Stars: ✭ 354 (-72.81%)
Mutual labels: firmware, iot
Platformio Atom Ide
PlatformIO IDE for Atom: The next generation integrated development environment for IoT
Stars: ✭ 475 (-63.52%)
Mutual labels: hardware, iot
Goodwatch
Replacement board for Casio Calculator Watches using the CC430F6147
Stars: ✭ 343 (-73.66%)
Mutual labels: firmware, radio
Node Serialport
Access serial ports with JavaScript. Linux, OSX and Windows. Welcome your robotic JavaScript overlords. Better yet, program them!
Stars: ✭ 5,015 (+285.18%)
Mutual labels: hardware, iot
Cbj smart Home
If you are searching for an easy way to deploy a smart home 🏡 by yourself CyBear Jinni 🦾🐻🧞♂️ is here for you. Join the community and make your home smarter than yesterday.
Stars: ✭ 37 (-97.16%)
Mutual labels: iot, iot-device
Lowlevelprogramming University
How to be low-level programmer
Stars: ✭ 7,224 (+454.84%)
Mutual labels: hardware, firmware
Bleeper
Library to manage your firmware configurations written in C++
Stars: ✭ 54 (-95.85%)
Mutual labels: firmware, iot
Approach Methodology
- 1. Network
- 2. Web (Front & Backend and Web services)
- 3. Mobile App (Android & iOS)
- 4. Wireless Connectivity (Zigbee , WiFi , Bluetooth , etc)
- 5. Firmware Pentesting (OS of IoT Devices)
- 6. Hardware Hacking & Fault Injections & SCA Attacks
- 7. Storage Medium
- 8. I/O Ports
Contents
-
IoT Security information
-
Network
-
Web
-
Mobile app
-
Wireless Protocols
-
Cellular Hacking & GSM & BTS
-
[GSM & SS7 Pentesting](GSM & SS7 Pentesting)
-
firmware
-
Firmware
-
Hardware
- IoT Hardware Intro
- [IoT Hardware hacking Intro]
- Required hardware to pentest IoT
- Hardware interfaces
- SPI
- UART
- JTAG
- SideChannel Attacks & Glitching attacks
-
Storage Medium
-
I/O Ports
To seen Hacked devices
- https://blog.exploitee.rs/2018/10/
- https://www.exploitee.rs/
- https://forum.exploitee.rs/
- Your Lenovo Watch X Is Watching You & Sharing What It Learns
- Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT
- Smart Bulb Offers Light, Color, Music, and… Data Exfiltration?
- Besder-IPCamera analysis
- Smart Lock
- Subaru Head Unit Jailbreak
- Jeep Hack
- Dropcam hacking
Chat groups for IoT Security
- https://t.me/iotsecurity1011
- https://www.reddit.com/r/IoTSecurity101/
- https://t.me/hardwareHackingBrasil
- https://t.me/joinchat/JAMxOg5YzdkGjcF3HmNgQw
- https://discord.gg/EH9dxT9
Books For IoT Pentesting
- Android Hacker's Handbook
- Hacking the Xbox - Openbook
- Car hacker's handbook
- IoT Penetration Testing Cookbook
- Abusing the Internet of Things
- Hardware Hacking: Have Fun while Voiding your Warranty
- Linksys WRT54G Ultimate Hacking
- Linux Binary Analysis
- The Firmware Handbook
- Hardware Hacking Handbook
- inside radio attack and defense
- Pentest Hardware - Openbook
- The Art of Pcb Reverse Engineering
- Internet of Things Security Encyclopedia - Openbook
- Applied Cyber Security and the Smart Grid-ICS
- Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition
- Practical IoT Hacking
Blogs for iotpentest
- https://payatu.com/blog/
- http://jcjc-dev.com/
- https://w00tsec.blogspot.in/
- http://www.devttys0.com/
- https://wrongbaud.github.io/
- https://embeddedbits.org/
- https://www.rtl-sdr.com/
- https://keenlab.tencent.com/en/
- https://courk.cc/
- https://iotsecuritywiki.com/
- https://cybergibbons.com/
- http://firmware.re/
- http://blog.k3170makan.com/
- https://blog.tclaverie.eu/
- http://blog.besimaltinok.com/category/iot-pentest/
- https://ctrlu.net/
- http://iotpentest.com/
- https://blog.attify.com
- https://duo.com/decipher/
- http://www.sp3ctr3.me
- http://blog.0x42424242.in/
- https://dantheiotman.com/
- https://blog.danman.eu/
- https://quentinkaiser.be/
- https://blog.quarkslab.com
- https://blog.ice9.us/
- https://labs.f-secure.com/
- https://mg.lol/blog/
- https://cjhackerz.net/
- https://github.com/sponsors/bunnie/
- https://iotmyway.wordpress.com/
- https://www.synacktiv.com/publications.html
Awesome CheatSheets
Search Engines for IoT Openly devices
CTF For IoT And Embeddded
- https://github.com/hackgnar/ble_ctf
- https://www.microcorruption.com/
- https://github.com/Riscure/Rhme-2016
- https://github.com/Riscure/Rhme-2017
- https://blog.exploitlab.net/2018/01/dvar-damn-vulnerable-arm-router.html
- https://github.com/scriptingxss/IoTGoat
YouTube Channels for IoT Pentesting
- Liveoverflow
- Binary Adventure
- EEVBlog
- JackkTutorials
- Craig Smith
- iotpentest [Mr-IoT]
- Besim ALTINOK - IoT - Hardware - Wireless
- Ghidra Ninja
- Cyber Gibbons
- Scanline
Vehicle Security Resources
IoT Vulnerabilites Checking Guides
- Reflecting upon OWASP TOP-10 IoT Vulnerabilities
- OWASP IoT Top 10 2018 Mapping Project
- Firmware Pentest Guide
- Hardware toolkits for IoT security analysis
IoT Gateway Software
IoT Pentesting OSes
- Sigint OS- LTE IMSI Catcher
- Instatn-gnuradio OS - For Radio Signals Testing
- AttifyOS - IoT Pentest OS - by Aditya Gupta
- Ubutnu Best Host Linux for IoT's - Use LTS
- Internet of Things - Penetration Testing OS
- Dragon OS - DEBIAN LINUX WITH PREINSTALLED OPEN SOURCE SDR SOFTWARE
- EmbedOS - Embedded security testing virtual machine
- Skywave Linux- Software Defined Radio for Global Online Listening
- A Small, Scalable Open Source RTOS for IoT Embedded Devices
- ICS - Controlthings.io
Exploitation Tools
- Expliot - IoT Exploitation framework - by Aseemjakhar
- Routersploit (Exploitation Framework for Embedded Devices)
- IoTSecFuzz (comprehensive testing for IoT device)
- HomePwn - Swiss Army Knife for Pentesting of IoT Devices
- killerbee - Zigbee exploitation
- PRET - Printer Exploitation Toolkit
- HAL – The Hardware Analyzer
- FwAnalyzer (Firmware Analyzer)
- ISF(Industrial Security Exploitation Framework
- PENIOT: Penetration Testing Tool for IoT
- MQTT-PWN
Reverse Engineering Tools
Introduction
IoT Web and message services
MQTT
- Introduction
- Hacking the IoT with MQTT
- thoughts about using IoT MQTT for V2V and Connected Car from CES 2014
- Nmap
- The Seven Best MQTT Client Tools
- A Guide to MQTT by Hacking a Doorbell to send Push Notifications
- Are smart homes vulnerable to hacking
- Deep Learning UDF for KSQL / ksqlDB for Streaming Anomaly Detection of MQTT IoT Sensor Data
- Authenticating & Authorizing Devices using MQTT with Auth0
- Development information for the MQTT with hardware
- Understanding the MQTT Protocol Packet Structure
- R7-2019-18: Multiple Hickory Smart Lock Vulnerabilities
- IoT Live Demo: 100.000 Connected Cars With Kubernetes, Kafka, MQTT, TensorFlow
Softwares
- Mosquitto-An open source MQTT broker
- HiveMQ
- MQTT Explorer
- MQTT proxy - IoXY
- MQTT Broker Security - 101
- Welcome to MQTT-PWN!
CoAP
Automobile ★ and ★ Car ★ Hacking ★ stuff
★ CANBUS
- Introduction and protocol Overview
- PENTESTING VEHICLES WITH CANTOOLZ
- Building a Car Hacking Development Workbench: Part1
- CANToolz - Black-box CAN network analysis framework
- PLAYING WITH CAN BUS
RADIO HACKER QUICK START GUIDE
- SDR Notes - Radio IoT Protocols Overview
- Understanding Radio
- Introduction to Software Defined Radio
- Introduction Gnuradio companion
- Creating a flow graph in gunradiocompanion
- Analysing radio signals 433Mhz
- Recording specific radio signal
- Replay Attacks with raspberrypi -rpitx
Cellular Hacking & GSM & BTS
BTS
GSM & SS7 Pentesting
- Introduction to GSM Security
- GSM Security 2
- vulnerabilities in GSM security with USRP B200
- Security Testing 4G (LTE) Networks
- Case Study of SS7/SIGTRAN Assessment
- Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
- ss7MAPer – A SS7 pen testing toolkit
- Introduction to SIGTRAN and SIGTRAN Licensing
- SS7 Network Architecture
- Introduction to SS7 Signaling
- Breaking LTE on Layer Two
Zigbee & Zwave
- Introduction and protocol Overview
- Hacking Zigbee Devices with Attify Zigbee Framework
- Hands-on with RZUSBstick
- ZigBee & Z-Wave Security Brief
BLE Intro and SW-HW Tools to pentest
- Step By Step guide to BLE Understanding and Exploiting
- Traffic Engineering in a Bluetooth Piconet
- BLE Characteristics
Bluetooth and BLE Pentest Tools
- btproxy
- hcitool & bluez
- Testing With GATT Tool
- Cracking encryption
- bettercap
- BtleJuice Bluetooth Smart Man-in-the-Middle framework
- gattacker
- BTLEjack Bluetooth Low Energy Swiss army knife
Hardware for bluetooth hacking
BLE Pentesting Tutorials
- Bluetooth vs BLE Basics
- Intel Edison as Bluetooth LE — Exploit box
- How I Reverse Engineered and Exploited a Smart Massager
- My journey towards Reverse Engineering a Smart Band — Bluetooth-LE RE
- Bluetooth Smartlocks
- I hacked MiBand 3
- GATTacking Bluetooth Smart Devices
- blueooth beacon vulnerability
- Sweyntooth Vulnerabilties
Mobile security (Android & iOS)
- Android App Reverse Engineering 101
- Android Application pentesting book
- Android Pentest Video Course-TutorialsPoint
- IOS Pentesting
- OWASP Mobile Security Testing Guide
- Android Tamer - Android Tamer is a Virtual / Live Platform for Android Security professionals
Online Assemblers
- AZM Online Arm Assembler by Azeria
- Online Disassembler
- Compiler Explorer is an interactive online compiler which shows the assembly output of compiled C++, Rust, Go
ARM
Pentesting Firmwares and emulating and analyzing
- Firmware analysis and reversing
- Firmware emulation with QEMU
- Reversing ESP8266 Firmware
- Emulating Embedded Linux Devices with QEMU
- Emulating Embedded Linux Systems with QEMU
- Fuzzing Embedded Linux Devices
- Emulating ARM Router Firmware
- Reversing Firmware With Radare
- Samsung Firmware Magic
- Qiling & Binary Emulation for automatic unpacking
- Reverse engineering with #Ghidra: Breaking an embedded firmware encryption scheme
- Simulating and hunting firmware vulnerabilities with Qiling
Firmware samples to pentest
Storage Medium
- HARDWARE HACKING 101: IDENTIFYING AND DUMPING EMMC FLASH
- EMMC DATA RECOVERY FROM DAMAGED SMARTPHONE
- Another bunch of Atricles for EMMC
- Unleash your smart-home devices: Vacuum Cleaning Robot Hacking
IoT hardware Overview and Hacking
Hardware Gadgets to pentest
- Bus Pirate
- EEPROM reader/SOIC Cable
- Jtagulator/Jtagenum
- Logic Analyzer
- The Shikra
- FaceDancer21 (USB Emulator/USB Fuzzer)
- RfCat
- Hak5Gear- Hak5FieldKits
- Ultra-Mini Bluetooth CSR 4.0 USB Dongle Adapter
- Attify Badge - UART, JTAG, SPI, I2C (w/ headers)
Attacking Hardware Interfaces
- Serial Terminal Basics
- Reverse Engineering Serial Ports
- REVERSE ENGINEERING ARCHITECTURE AND PINOUT OF CUSTOM ASICS
- ChipWhisperer - Hardware attacks
SPI
- Reading FlashROMS
- Dumping the firmware From Router using BUSPIRATE - SPI Dump
- How to Flash Chip of a Router With a Programmer | TP-Link Router Repair & MAC address change
UART
- Identifying UART interface
- onewire-over-uart
- Accessing sensor via UART
- Using UART to connect to a chinese IP cam
- A journey into IoT – Hardware hacking: UART
- UARTBruteForcer
- UART Connections and Dynamic analysis on Linksys e1000
JTAG
SideChannel Attacks & Glitching attacks
- Side channel attacks
- Attacks on Implementations of Secure Systems
- fuzzing, binary analysis, IoT security, and general exploitation
- NAND Glitching Attack
- Voltage Glitching Attack
- Espressif ESP32: Bypassing Encrypted Secure Boot(CVE-2020-13629)
- Voltage Glitching Attack using SySS iCEstick Glitcher
- Samy Kamkar - FPGA Glitching & Side Channel Attacks
- Breaking AES with ChipWhisperer - Piece of scake (Side Channel Analysis 100)
- https://www.youtube.com/watch?v=4urMITJKQQs&ab_channel=stacksmashing
Awesome IoT Pentesting Guides
Vulnerable IoT and Hardware Applications
-
IoT Goat : https://github.com/scriptingxss/IoTGoat
-
SCADA : https://www.slideshare.net/phdays/damn-vulnerable-chemical-process
-
SS7 Network: https://www.blackhat.com/asia-17/arsenal.html#damn-vulnerable-ss7-network
Additional Resources:
follow the people
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].