{"id":21744067,"url":"https://github.com/telefonica/homepwn","last_synced_at":"2025-08-20T10:31:34.571Z","repository":{"id":41175459,"uuid":"201017254","full_name":"Telefonica/HomePWN","owner":"Telefonica","description":"HomePwn - Swiss Army Knife for Pentesting of IoT Devices","archived":false,"fork":false,"pushed_at":"2022-12-27T15:37:06.000Z","size":21059,"stargazers_count":851,"open_issues_count":4,"forks_count":136,"subscribers_count":36,"default_branch":"master","last_synced_at":"2024-08-06T10:12:40.773Z","etag":null,"topics":["ble","hack","iot","nfc","python"],"latest_commit_sha":null,"homepage":"https://github.com/ElevenPaths/HomePWN","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Telefonica.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2019-08-07T09:24:37.000Z","updated_at":"2024-08-03T20:12:49.000Z","dependencies_parsed_at":"2023-01-31T04:45:13.375Z","dependency_job_id":null,"html_url":"https://github.com/Telefonica/HomePWN","commit_stats":null,"previous_names":["elevenpaths/homepwn"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2FHomePWN","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2FHomePWN/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2FHomePWN/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Telefonica%2FHomePWN/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Telefonica","download_url":"https://codeload.github.com/Telefonica/HomePWN/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230415317,"owners_count":18222158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ble","hack","iot","nfc","python"],"created_at":"2024-11-26T07:09:53.939Z","updated_at":"2024-12-19T10:08:57.139Z","avatar_url":"https://github.com/Telefonica.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"![Supported Python versions](https://img.shields.io/badge/python-3.6+-blue.svg?style=flat-square\u0026logo=python)\n![License](https://img.shields.io/badge/license-GNU-green.svg?style=flat-square\u0026logo=gnu)\n\n# **HomePwn - Swiss Army Knife for Pentesting of IoT Devices**\n\n```\n.__                         __________                \n|  |__   ____   _____   ____\\______   \\__  _  ______  \n|  |  \\ /  _ \\ /     \\_/ __ \\|     ___/\\ \\/ \\/ /    \\ \n|   Y  (  \u003c_\u003e )  Y Y  \\  ___/|    |     \\     /   |  \\\n|___|  /\\____/|__|_|  /\\___  \u003e____|      \\/\\_/|___|  /\n     \\/             \\/     \\/                      \\/ \n\n\n       ☠ HomePwn - IoT Pentesting \u0026 Ethical Hacking ☠                 \n\n      Created with ♥  by: 'Ideas Locas (CDO Telefonica)'    \n```\n\nHomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library of modules you can use this tool to load new features and use them in a vast variety of devices.\n\nHomePwn has a modular architecture in which any user can expand the knowledge base about different technologies. Principally it has two different components:\n\n* Discovery modules. These modules provide functionalities related to the discovery stage, regardless of the technology to be used. For example, it can be used to conduct WiFi scans via an adapter in monitor mode, perform discovery of BLE devices, Bluetooth Low-Energy, which other devices are nearby and view their connectivity status, etc. Also, It can be used to discover a home or office IoT services using protocols such as SSDP or Simple Service Discovery Protocol and MDNS or Multicast DNS.\n\n* Specific modules for the technology to be audited. On the other hand, there are specific modules for audited technology. Today, HomePwn can perform auditing tests on technologies such as WiFi, NFC, or BLE. In other words, there are modules for each of these technologies in which different known vulnerabilities or different techniques are implemented to asses the device's security level implemented and communicated with this kind of technologies.\n\n# Built With\n\n* [Python](https://www.python.org/download/releases/3.0/) - Programming language used\n* [Prompt Toolkit](https://python-prompt-toolkit.readthedocs.io/en/stable/) - Python command line\n\n# Documentation\n\nIt's possible to read the documentation in our papers:\n* [Spanish Version](https://github.com/ElevenPaths/HomePWN/blob/master/Papers/%5BPAPER%5D%20homepwn_ES_Version%20.pdf)\n* [English Version](https://github.com/ElevenPaths/HomePWN/blob/master/Papers/%5BPAPER%5Dhomepwn_ENG.pdf)\n\n# Getting Started\n\nThese instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.\n\n## Prerequisites:\n\nYou need to have Linux and python 3.6+ running in your computer, please install them in the download page.\n\n* [Ubuntu](https://ubuntu.com/), [Debian](https://www.debian.org/) or similar.\n* [Python 3.6+](https://www.python.org/downloads/).\n\n## Installing all requisites:\n\nTo install all dependencies in Ubuntu 18.04 or derivatives use the file install.sh\n\n```\n\u003e sudo apt-get update\n\u003e cd [path to the HomePWN project]\n\u003e sudo ./install.sh\n```\nThe script ask you if you want to create a virtualenv, if your answer is 'y' then it installs python libraries within the virtual environment, if not in the system itself\n\n# Usage\n\nTo run the script, if you chose a virtual environment in the installation follow execute the next command to activate the virtual environment:\n\n```\n\u003e source homePwn/bin/activate\n```\n\nLaunch the application:\n\n```\n\u003e sudo python3 homePwn.py\n```\n\n### Configure Alpha Card\n\nhttps://askubuntu.com/questions/1122095/install-alfa-awus036nha-driver-on-ubuntu-18-04-lts\n\n\n# Examples\n\nHere are some videos to see how the tool works.\n\n### **HomePwn. Bluetooth Low-Energy PoC \u0026 Hacking**\n[![HomePwn. Bluetooth Low-Energy PoC \u0026 Hacking](https://img.youtube.com/vi/JgbIsP7IGxo/0.jpg)](https://www.youtube.com/watch?v=JgbIsP7IGxo)\n\n### **HomePwn. Bluetooth Spoofing**\n[![HomePwn. Bluetooth Spoofing](https://img.youtube.com/vi/o9P1BwlHelM/0.jpg)](https://www.youtube.com/watch?v=o9P1BwlHelM)\n\n### **HomePwn. NFC Clone**\n[![HomePwn. NFC Clone](https://img.youtube.com/vi/ZLas04ZCTLU/0.jpg)](https://www.youtube.com/watch?v=ZLas04ZCTLU)\n\n### **HomePwn. BLE capture on PCAP file (sniffing)**\n[![HomePwn. BLE capture on PCAP file (sniffing)](https://img.youtube.com/vi/vw9nr584PJQ/0.jpg)](https://www.youtube.com/watch?v=vw9nr584PJQ)\n\n### **HomePwn. QR Options hack**\n[![HomePwn. QR Options hack](https://img.youtube.com/vi/ta1DbnWOF8M/0.jpg)](https://www.youtube.com/watch?v=ta1DbnWOF8M)\n\n### **HomePwn. Apple BLE Discovery**\n[![HomePwn. Apple BLE Discovery](https://img.youtube.com/vi/xOU34op7Gls/0.jpg)](https://www.youtube.com/watch?v=xOU34op7Gls)\n\n### **HomePwn. Xiaomi IoT Advertisement**\n[![HomePwn. Xiaomi IoT Advertisement](https://img.youtube.com/vi/Xi7KZibJsfE/0.jpg)](https://www.youtube.com/watch?v=Xi7KZibJsfE)\n\n# Authors\n\nThis project has been developed by the team of 'Ideas Locas' (CDO - Telefónica). To contact the authors:\n\nideaslocas@telefonica.com\n\nSee also the list of [CONTRIBUTORS.md](CONTRIBUTORS.md) who participated in this project.\n\n\n# Contributing\n\nPlease read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.\n\n\n# License\n\nThis project is licensed under the GNU General Public License - see the [LICENSE.md](LICENSE.md) file for details.\n\n# Disclaimer!\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. WHENEVER YOU MAKE A CONTRIBUTION TO A REPOSITORY CONTAINING NOTICE OF A LICENSE, YOU LICENSE YOUR CONTRIBUTION UNDER THE SAME TERMS, AND YOU AGREE THAT YOU HAVE THE RIGHT TO LICENSE YOUR CONTRIBUTION UNDER THOSE TERMS. IF YOU HAVE A SEPARATE AGREEMENT TO LICENSE YOUR CONTRIBUTIONS UNDER DIFFERENT TERMS, SUCH AS A CONTRIBUTOR LICENSE AGREEMENT, THAT AGREEMENT WILL SUPERSEDE.\n\nThis software doesn't have a QA Process.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelefonica%2Fhomepwn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftelefonica%2Fhomepwn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftelefonica%2Fhomepwn/lists"}