GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → teserakt-io → mqttinfo

teserakt-io / mqttinfo

Licence: AGPL-3.0 license
Attempts to determine the configuration, behavior, and type of a remote MQTT broker

Programming Languages

go
31211 projects - #10 most used programming language
shell
77523 projects

Labels

mqttmqtt-brokerreconnaissance

Projects that are alternatives of or similar to mqttinfo

Mqtt Pwn
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
Stars: ✭ 156 (+817.65%)
Mutual labels:  mqtt-broker, reconnaissance
subdomainsEnumerator
A docker image which will enumerate, sort, unique and resolve the results of various subdomains enumeration tools.
Stars: ✭ 63 (+270.59%)
Mutual labels:  reconnaissance
Iot Harbor
reactor3实现的mqtt库
Stars: ✭ 234 (+1276.47%)
Mutual labels:  mqtt-broker
PyIris
PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.
Stars: ✭ 296 (+1641.18%)
Mutual labels:  reconnaissance
Awesome-CyberSec-Resources
An awesome collection of curated Cyber Security resources(Books, Tutorials, Blogs, Podcasts, ...)
Stars: ✭ 273 (+1505.88%)
Mutual labels:  reconnaissance
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (+735.29%)
Mutual labels:  reconnaissance
Mqttnet
MQTTnet is a high performance .NET library for MQTT based communication. It provides a MQTT client and a MQTT server (broker). The implementation is based on the documentation from http://mqtt.org/.
Stars: ✭ 2,486 (+14523.53%)
Mutual labels:  mqtt-broker
MQTTnet
MQTTnet is a high performance .NET library for MQTT based communication. It provides a MQTT client and a MQTT server (broker). The implementation is based on the documentation from http://mqtt.org/.
Stars: ✭ 3,309 (+19364.71%)
Mutual labels:  mqtt-broker
flydns
Related subdomains finder
Stars: ✭ 29 (+70.59%)
Mutual labels:  reconnaissance
Sudomy
Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting
Stars: ✭ 1,572 (+9147.06%)
Mutual labels:  reconnaissance
Recon-X
Advanced Reconnaissance tool to enumerate attacking surface of the target.
Stars: ✭ 27 (+58.82%)
Mutual labels:  reconnaissance
wordlist generator
Unique wordlist generator of unique wordlists.
Stars: ✭ 41 (+141.18%)
Mutual labels:  reconnaissance
SourceWolf
Amazingly fast response crawler to find juicy stuff in the source code! 😎🔥
Stars: ✭ 132 (+676.47%)
Mutual labels:  reconnaissance
Mosquitto Cluster
a built-in, autonomous Mosquitto Cluster implementation. MQTT集群.
Stars: ✭ 238 (+1300%)
Mutual labels:  mqtt-broker
CEH
Exam Prep for the Ec-council Certified Ethical Hacker 312-50
Stars: ✭ 71 (+317.65%)
Mutual labels:  reconnaissance
Vertx Mqtt Broker
Vert.x based MQTT Broker
Stars: ✭ 193 (+1035.29%)
Mutual labels:  mqtt-broker
Investigo
🔎 Find usernames and download their data across social media.
Stars: ✭ 168 (+888.24%)
Mutual labels:  reconnaissance
prickly-pete
A script using Docker to quickly bring up some honeypots exposing lots of services. For research, reconnaissance, and fun. (DISCLAIMER may not be fun, not to be taken internally, aim away from face)
Stars: ✭ 29 (+70.59%)
Mutual labels:  reconnaissance
hunter
🐺 Command-line application and golang client library for hunter.io
Stars: ✭ 28 (+64.71%)
Mutual labels:  reconnaissance
urlRecon
📝 urlRecon - Info Gathering or Recon tool for Urls -> Retrieves * Whois information of the domain * DNS Details of the domain * Server Fingerprint * IP geolocation of the server
Stars: ✭ 31 (+82.35%)
Mutual labels:  reconnaissance
View All Similar Projects ➔

mqttinfo

mqttinfo is a command-line utility to retrieve information on an MQTT broker.

To get the mqttinfo utility, you may run:

go get -u -v github.com/Teserakt-io/mqttinfo/cmd/mqttinfo

Otherwise, clone this repository and run ./scripts/build.sh to build mqttinfo, then run it from ./bin/mqttinfo.

Usage:

./bin/mqttinfo --help
      --help          shows this
  -h, --host string   MQTT broker to connect to (default "localhost")
  -j, --json          writes JSON-formatted output to mqttinfo.json
  -p, --port int      network port to connect to (default 1883)
  -P, --pwd string    password, if authentication is needed
  -u, --user string   username, if authentication is needed

Key features of mqttinfo:

  • MQTT v3.1.1 and v5.0 support
  • Multiplatform: Will run on Linux, macOS, Windows.
  • Broker fingerprinting: Attempts to identify the broker product.
  • Human- and machine-readable output: Prints results to stdout and writes JSON to a file.

Current limitations:

  • TLS is not supported yet.
  • WebSocket is not supported yet.
  • Only HiveMQ, mosquitto, and VerneMQ are identified as brokers.
  • Broker fingerprinting is pretty dumb, can be enhanced for example by looking at reason strings.

To analyze a remote broker, you can for example do the following:

Please note that the last step (product detection) may take up to a minute, because it's awaiting for the publication of messages from the $SYS tree.

Disclaimers

The behavior of a broker depends on several factors: the broker product, the version of the software, the parameters defined in the configuration file, and the MQTT version. It's therefore unwise to conclude that broker product X is "better" than broker product "Y" after you've observed that some instance of X looks better than some instance of Y.

mqttinfo doesn't perform any intrusive operations but can be seen as a reconnaissance tool in an offensive context, and in the worst case it could crash particularly fragile brokers. So use at your own risk, note that we decline any responsibility etc. etc.

Broker detection is based on heuristics, and therefore is not 100% reliable. Please feel free to file an issue in GitHub if you encounter misidentified brokers, we'll do our best to improve mqttinfo's detection capabilities.

Intellectual property

mqttinfo is copyright (c) 2019, Teserakt AG.

The code is released under AGPLv3, please contact us if that's an issue for you.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].