IoTScanner:用于扫描IoT设备漏洞的Python脚本

  • H4_418336
    了解作者
  • 136.1KB
    文件大小
  • zip
    文件格式
  • 0
    收藏次数
  • VIP专享
    资源类型
  • 0
    下载次数
  • 2022-06-15 08:06
    上传日期
物联网扫描仪 用于扫描IoT设备是否存在漏洞的Python脚本。 要求 对于Zigbee分析,需要满足以下要求。 IoTScanner使用KillerBee扫描zigbee网络。 为此,必须在安装之前安装以下Python模块: 连载 USB 加密(某些功能) pygtk(用于具有GUI的工具) cairo(用于具有GUI的工具) scapy-com(用于某些使用802.15.4 Scapy扩展名的工具) 在Ubuntu系统上,可以使用以下命令安装所需的依赖项: # apt-get install python-gtk2 python-cairo python-usb python-crypto python-serial python-dev libgcrypt-dev # hg clone https://bitbucket.org/secdev/scapy-com #
IoTScanner-master.zip
内容介绍
# IoTScanner Python scripts to scan IoT devices for vulnerabilities. # REQUIREMENTS For Zigbee analysis the following requirements are needed. The IoTScanner uses KillerBee to scan zigbee networks. For this, it is necessary to install the following Python modules before installation: - serial - usb - crypto (for some functions) - pygtk (for use of tools that have GUIs) - cairo (for use of tools that have GUIs) - scapy-com (for some tools which utilize 802.15.4 Scapy extensions) On Ubuntu systems, you can install the needed dependencies with the following commands: # apt-get install python-gtk2 python-cairo python-usb python-crypto python-serial python-dev libgcrypt-dev # hg clone https://bitbucket.org/secdev/scapy-com # cd scapy-com # python setup.py install The python-dev and libgcrypt are required for the Scapy Extension Patch. The IoTScanner also uses: - Nmap - to search for open ports - BeautifulSoup - to analyse http-responses - urllib - to establish http connections - paramiko - to establish ssh connections - netaddr - to handle ip adresses These dependencies are being installed via PyPi, while installing IoTScanner. # REQUIRED HARDWARE The following hardware is needed to analyze zigbee devices. Currently, the KillerBee framework supports the River Loop ApiMote, Atmel RZ RAVEN USB Stick, MoteIV Tmote Sky, TelosB mote, and Sewino Sniffer. IoTScanner should work fine with all of these. It was, however, only tested with Atmel RZ RAVEN USB Stick. **ApiMote v4beta (and v3)**: The hardware is open-source. It was developed by River Loop Security and can be purchased at https://github.com/riverloopsec/apimote. It does not need to be flashed, because it comes pre-configured with the KillerBee firmware. Currently, the device is supported for beta, and supports sniffing, injection, and jamming. **Atmel RZ RAVEN USB Stick**: The RZ RAVEN USB Stick is available from most electronic resellers for approximately $40/USD. For more information on the hardware see http://www.microchip.com/Developmenttools/ProductDetails.aspx?PartNO=ATAVRRZUSBSTICK. In order to get the full functionality included in KillerBee, the RZ RAVEN USB Stick must be flashed with the custom firmware. See https://github.com/riverloopsec/killerbee/blob/master/firmware/README.md for details. This device can be flashed, using USB. The KillerBee firmware for the RZ RAVEN, that can be downloaded with the River Loop Security's KillerBee distribution, is a modified version of the stock firmware distributed by Atmel to include attack functionality. **Texas Instruments CC2530/1 EMK**: This USB dongle is produced by Texas Instruments. It is sold as an evaluation kit for their CC2530 or CC2531 integrated circuit. Currently, this hardware is supported for beta, and supports sniffing only. **MoteIV Tmote Sky or TelosB mode**: This device can be loaded with the KillerBee firmware via USB. To do that, follow the instructions below: 1. Attach the device 2. Within killerbee/firmware, run: $ ./flash_telosb.sh Though, some vendors claim, that their clone of this hardware is compatible with KillerBee, it has not been tested by River Loop Security or me. # Installation To install IoTScanner, follow the list of steps below. 1. Make sure, that all requirements are met 2. Download and unzip IoTScanner 3. Install IoTScanner, using setup.py # python3 setup.py install # Usage The example below demonstrates, how IoTScanner is used to scan TCP/IP networks, searching for the usage of standard credentials, and all nearby zigbee networks. Example: - #sudo python3 IoTScanner.py -cf /samples/test_all.pcap -i 192.168.170.0 -f /configs/devices.cfg -v Required parameters for network scans: - - -f : Path to configuration file, containing device data - -i : IP addresses to scan (format: "192.168.170.0-192.168.170.255" or "192.168.170.0" or "192.168.170.0, 192.168.170.101") Required parameters for zigbee scanning: - - -cf : Path to file, where packages should be captured Optional parameters for zigbee scanning: - - -c : Channel to sniff; If nothing is specified, IoTScanner searches for all nearby zigbee devices and uses their channels - -p : Number of packets, to be captured; Default 100 - -d : Delay of sent beacon requests; Default 2.0 - -l : Number of loops for network search
评论
    相关推荐
    • Firebase-IoT-Dashboard
      Firebase-IoT-仪表板 这是使用Firebase实时数据库进行物联网的演示。 它非常适合初学者,可以在... 使用通用的ESP8266模组板转到文件->首选项 并在其他Board Manager URL中粘贴链接: https://arduino.esp8266.c
    • iot-edge-udp
      实际上,您可以阅读Azure IoT Hub允许设备使用MQTT,AMQP和HTTPS(它们各自基于TCP)进行设备侧通信 。 不幸的是,Azure IoT Hub中没有对UDP协议的本机支持,这很可惜,因为UDP快速,轻巧且非常适合低功耗无线电...
    • interface_iot_manager
      上记を実际に运用する际は,このソフトウェアでは,ではのデバフトウェアは,IoTデバイスからクラウド基盘上へデータを転送したり,クラウド基盘上からIoTデバイスへ指示へ出したりすることを学ぶために开発しました...
    • 暴动:REST IOT
      RIOT(REST IOT)旨在简化代码并使之组件化,从而围绕Raspberry Pi构建针对服务器(后端)和客户端的机器人工具包。 它支持Adeept Mars PiCar。 但是,它的设计具有灵活性和可扩展性,相对容易扩展到其他套件和通用...
    • ESP8266_IoT_Witch_5.3:工程网页:https:oshwhub.comliyichuangedachuan-x
      ESP8266_IoT_Witch_5.3:工程网页:https:oshwhub.comliyichuangedachuan-xin-ban-ben-ji-yu-ESP12de-1-lu-IoT-kai-guan
    • 深联科技IOT-NODE2530 Zstack测试程序.rar
      1、温湿度程序工程文件见 深联科技IOT-NODE2530 Zstack测试程序\ZStack-CC2530-2.5.1a\Projects\zstack\Samples\SendTest H&T 2、多个终端设备发送数据到协调器上的测试程序见: ...https://tb.am/ronna
    • iot:物联网服务模块
      curl -fsSL https://raw.githubusercontent.com/isu-avista/iot/master/scripts/install.sh -o install.sh 使脚本可执行 chmod +x install.sh 以sudo的身份执行安装脚本 sudo ./install.sh -u avista -d avistadb ...
    • Iot-master.zip
      Iot 通过安装在大棚内的传感器节点,采集大棚的环境参数(空气温度、湿度、 光照强度、土壤温湿度、CO2 浓度),设置环境参数的阀值, 并通过ZigBee协议控制通风设备和浇灌设备的自动开启和关闭, 本系统通过对大棚...
    • 华为IoT GUI Demo
      GUI Demo基于华为OceanConnect平台开放的北向RESTful接口,模拟北向应用,完成了北向应用大部分的功能,对以下开发者有所帮助: * 暂时不想进行北向应用开发,但是希望开发南向设备,接入华为OceanConnect平台;...
    • Workshop_IOT
      Workshop_IOT 越来越多的东西-汽车,门铃,烟雾探测器,冰箱,随便你说-通过“嵌入式系统”连接到互联网。 我们称其为物联网(IoT)。 这些系统如何工作?创建成熟的物联网设备的基本要素是什么? 在本研讨会中,...