{"id":20674862,"url":"https://github.com/bishopfox/zigdiggity","last_synced_at":"2025-04-09T10:08:36.574Z","repository":{"id":48115992,"uuid":"144425971","full_name":"BishopFox/zigdiggity","owner":"BishopFox","description":"A ZigBee hacking toolkit by Bishop Fox","archived":false,"fork":false,"pushed_at":"2021-09-13T19:18:14.000Z","size":4741,"stargazers_count":275,"open_issues_count":6,"forks_count":59,"subscribers_count":23,"default_branch":"master","last_synced_at":"2025-04-02T03:33:38.122Z","etag":null,"topics":["iot-security","pentest-tool","security-tools","zigbee","zigbee-hacking"],"latest_commit_sha":null,"homepage":"https://www.bishopfox.com/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/BishopFox.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-12T00:06:08.000Z","updated_at":"2025-03-19T07:22:57.000Z","dependencies_parsed_at":"2022-08-12T19:00:23.679Z","dependency_job_id":null,"html_url":"https://github.com/BishopFox/zigdiggity","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fzigdiggity","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fzigdiggity/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fzigdiggity/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/BishopFox%2Fzigdiggity/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/BishopFox","download_url":"https://codeload.github.com/BishopFox/zigdiggity/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248018060,"owners_count":21034048,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["iot-security","pentest-tool","security-tools","zigbee","zigbee-hacking"],"created_at":"2024-11-16T21:07:48.962Z","updated_at":"2025-04-09T10:08:36.539Z","avatar_url":"https://github.com/BishopFox.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"![ZigDiggity - Logo](images/ZigDiggity-2019-Logo_and_Example-1.jpg)\n\n# ZigDiggity Version 2\n\nIntroducing *ZigDiggity 2.0*, a ZigBee penetration testing framework created by Matt Gleason \u0026 Francis Brown of [Bishop Fox](https://www.bishopfox.com/ \"Bishop Fox\").   Special thanks to Caleb Marion!\n\n*ZigDiggity* version 2 is a major overhaul of the original package and aims to enable cybersecurity professionals, auditors, and developers to run complex interactions with ZigBee networks using a single device. \n\n## 2019 - Black Hat USA 2019 \u0026 DEF CON 27 - links, slides, and videos\n* [Black Hat USA 2019 - ARSENAL LAB - ZigBee Hacking: Smarter Home Invasion with ZigDiggity - Aug 7-8, 2019](https://www.blackhat.com/us-19/arsenal/schedule/index.html#arsenal-lab---zigbee-hacking-smarter-home-invasion-with-zigdiggity-17151 \"Black Hat USA 2019 - ARSENAL LAB - ZigBee Hacking: Smarter Home Invasion with ZigDiggity - Aug 7-8, 2019\")\n* https://www.defcon.org/html/defcon-27/dc-27-demolabs.html#ZigDiggity\n  * ![](images/ZigDiggity-Aug2019-DefCon27-DemoLab-1-Smaller.jpg)\n\n### Videos\n* [YouTube - Zigbee Hacking: Smarter Home Invasion with ZigDiggity - 58sec DEMO - 20Aug2019](https://www.youtube.com/watch?v=9_0SoKsVklMQ \"YouTube - Zigbee Hacking: Smarter Home Invasion with ZigDiggity - 58sec DEMO - 20Aug2019\")\n  * Defeating Zigbee smart locks \u0026 home alarm sensors; demonstrating effective IoT product security evaluations using ZigDiggity 2.0 - the new open-source Zigbee pentest toolkit from Bishop Fox.\n\n\u003ca href=\"http://www.youtube.com/watch?feature=player_embedded\u0026v=9_0SoKsVklM\n\" target=\"_blank\"\u003e\u003cimg src=\"http://img.youtube.com/vi/9_0SoKsVklM/0.jpg\" \nalt=\"ZigDiggity 2019 DEMO\" width=\"320\" height=\"180\" border=\"10\" /\u003e\u003c/a\u003e\n\n### Slides\n* https://www.slideshare.net/bishopfox/smarter-home-invasion-with-zigdiggity-165606623\n* https://www.bishopfox.com/files/slides/2019/Black_Hat_USA_2019-Zigbee_Hacking-Smarter_Home_Invasion_with_ZigDiggity-08Aug2019-Slides.pdf\n\n### ABSTRACT:\n\u003e Do you feel safe in your home with the security system armed? You may reconsider after watching a demo of our new hacking toolkit, ZigDiggity, where we target door \u0026 window sensors using an \"ACK Attack\". ZigDiggity will emerge as the weapon of choice for testing Zigbee-enabled systems, replacing all previous efforts.\n\u003e     \n\u003e Zigbee continues to grow in popularity as a method for providing simple wireless communication between devices (i.e. low power/traffic, short distance), \u0026 can be found in a variety of consumer products that range from smart home automation to healthcare. Security concerns introduced by these systems are just as diverse and plentiful, underscoring a need for quality assessment tools.  \n\u003e     \n\u003e Unfortunately, existing Zigbee hacking solutions have fallen into disrepair, having barely been maintained, let alone improved upon. Left without a practical way to evaluate the security of Zigbee networks, we've created ZigDiggity, a new open-source pentest arsenal from Bishop Fox.\n\u003e     \n\u003e Our DEMO-rich presentation showcases ZigDiggity's attack capabilities by pitting it against common Internet of Things (IoT) products that use Zigbee. Come experience the future of Zigbee hacking, in a talk that the New York Times will be hailing as \"a veritable triumph of the human spirit.\" ... ya know, probably\n\n\n## Installation\n\nUsing a default install of Raspbian (GUI install, not headless), perform the following steps:\n\n* With your Raspberry Pi powered off, plug your Raspbee into your Raspberry Pi\n* Clone this repository onto your Raspberry Pi and cd into the ZigDiggity directory\n* Enable serial using the `sudo raspbi-config` command\n  * Select \"Advanced Options/Serial\"\n  * Select *NO* to \"Would you like a login shell to be accessible over serial?\"\n  * Select *YES* to enabling serial\n  * Restart the Raspberry Pi\n* Install GCFFlasher available [Here](http://deconz.dresden-elektronik.de/raspbian/gcfflasher/gcfflasher-latest.deb)\n  * `wget http://deconz.dresden-elektronik.de/raspbian/gcfflasher/gcfflasher-latest.deb`\n  * `sudo dpkg -i gcfflasher-latest.deb`\n  * `sudo apt update`\n  * `sudo apt -f install`\n* Flash the Raspbee's firmware\n  * `sudo GCFFlasher -f firmware/zigdiggity_raspbee.bin`\n  * `sudo GCFFlasher -r`\n* Install the python requirements using `pip3 install -r requirements.txt`\n* Patch scapy `sudo cp patch/zigbee.py /home/$USER/.local/lib/python3.7/site-packages/scapy/layers/zigbee.py`\n* Install wireshark on the device using `sudo apt install wireshark`\n  * be sure to add your user to the wireshark group (e.g. `sudo usermod -a -G wireshark $USER`). Log out and back in again for the changes to take effect.\n\n### Hardware\n\nThe current version of ZigDiggity is solely designed for use with the [Raspbee](https://www.dresden-elektronik.de/funktechnik/solutions/wireless-light-control/raspbee/?L=1)\n* https://www.amazon.com/RaspBee-premium-ZigBee-Raspberry-Firmware/dp/B00E6300DO\n\t* ![](images/RaspBee-image-2.jpg)\n* Raspberry Pi 3 B+\n\t* https://www.amazon.com/CanaKit-Raspberry-Power-Supply-Listed/dp/B07BC6WH7V\n* RasPad by SunFounder (Optional) - great portable Zigbee hacking solution, tablet to house the RaspPi3 \u0026 RaspBee radio:\n\t* https://www.amazon.com/SunFounder-RasPad-Built-Touchscreen-Compatible/dp/B07JG53K2W/\n\t\t* ![ZigDiggity - RasPad - Photo](images/ZigDiggity-PortableRaspPiPad_w_Touchscreen-4a.jpg)\n\n## Usage\n\nCurrently scripts are available in the root of the repository, they can all be run using Python3:\n\n```python3 listen.py -c 15```\n\nWhen running with wireshark, root privileges may be required.\n\n### Scripts\n\n* `ack_attack.py` - Performs the acknowledge attack against a given network.\n* `beacon.py` - Sends a single beacon and listens for a short time. Intended for finding which networks are near you.\n* `find_locks.py` - Examines the network traffic on a channel to determine if device behavior looks like a lock. Displays which devices it thinks are locks.\n* `insecure_rejoin.py` - Runs an insecure rejoin attempt on the target network.\n* `listen.py` - Listens on a channel piping all output to wireshark for viewing.\n* `scan.py` - Moves between channels listening and piping the data to wireshark for viewing.\n* `unlock.py` - Attempts to unlock a target lock\n\n## Notes\n\nThe patterns used by ZigDiggity version 2 are designed to be as reliable as possible. The tool is still in fairly early stages of development, so expect to see improvements over time.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbishopfox%2Fzigdiggity","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbishopfox%2Fzigdiggity","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbishopfox%2Fzigdiggity/lists"}