{"id":15115379,"url":"https://github.com/umair9747/Genzai","last_synced_at":"2025-09-27T21:30:27.812Z","repository":{"id":231427796,"uuid":"745855384","full_name":"umair9747/Genzai","owner":"umair9747","description":"The IoT security toolkit to help identify IoT related dashboards and scan them for default passwords and vulnerabilities.","archived":false,"fork":false,"pushed_at":"2024-11-26T06:55:39.000Z","size":17183,"stargazers_count":164,"open_issues_count":1,"forks_count":23,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-01-12T00:07:01.280Z","etag":null,"topics":["cybersecurity","golang","hacking","iot","iot-security","penetration-testing","pentesting","redteam","security","security-scanner","security-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/umair9747.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-01-20T10:56:54.000Z","updated_at":"2025-01-11T16:18:19.000Z","dependencies_parsed_at":"2024-11-25T17:29:13.720Z","dependency_job_id":null,"html_url":"https://github.com/umair9747/Genzai","commit_stats":null,"previous_names":["umair9747/genzai"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umair9747%2FGenzai","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umair9747%2FGenzai/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umair9747%2FGenzai/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/umair9747%2FGenzai/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/umair9747","download_url":"https://codeload.github.com/umair9747/Genzai/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234460505,"owners_count":18836837,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cybersecurity","golang","hacking","iot","iot-security","penetration-testing","pentesting","redteam","security","security-scanner","security-tools"],"created_at":"2024-09-26T01:43:48.485Z","updated_at":"2025-09-27T21:30:27.144Z","avatar_url":"https://github.com/umair9747.png","language":"Go","funding_links":["https://www.buymeacoffee.com/umair9747"],"categories":["Go"],"sub_categories":[],"readme":"\u003ch1 align=\"center\"\u003eGenzai\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\u003cb\u003eThe IoT Security Toolkit\u003c/b\u003e\u003c/p\u003e\n\u003cp align=\"center\"\u003e\n\u003ca href=\"#description\"\u003eDescription\u003c/a\u003e • \u003ca href=\"#features\"\u003eFeatures\u003c/a\u003e • \u003ca href=\"./docs/documentation.md#setupnusage\"\u003eSetup \u0026 Usage\u003c/a\u003e • \u003ca href=\"#acknowledgements\"\u003eAcknowledgements\u003c/a\u003e • \u003ca href=\"#contact\"\u003eContact Me\u003c/a\u003e\u003cbr\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Version-2.0-green\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Black%20Hat%20Arsenal-%20Asia%202024-blue\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/Black%20Hat%20Arsenal-%20MEA%202024-blue\"\u003e\n  \u003cimg src=\"https://img.shields.io/badge/GISEC Armory-%20Dubai%202024-blue\"\u003e\n  \u003ca href=\"https://www.buymeacoffee.com/umair9747\" target=\"_blank\"\u003e\u003cimg src=\"https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png\" alt=\"Buy Me A Coffee\" style=\"height: 21px !important;width: 94px !important;\" \u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003c/p\u003e\n\u003chr\u003e\n\u003cimg src=\"./genzai.png\"\u003e\n\u003chr style=\"width:300px; height: 1px; margin: auto; margin-top: 20px;\" /\u003e\n\u003cbr\u003e\n\u003cdiv id=\"description\"\u003e\n\u003ch2\u003e Description \u003c/h2\u003e\nGenzai helps you identify IoT or Internet of Things related dashboards across a single or set of targets provided as an input and furthermore scan them for default password issues and potential vulnerabilities based on paths and versions.\n\u003cbr\u003e\u003c/br\u003e\nAn example would be an admin panel for a home automation device acceessible over the internet. The tool will firstly fingerprint the IoT (product) based on a set of signatures from \u003ca href=\"./signatures.json\"\u003esignatures.json\u003c/a\u003e and then based on the product identified, and the relevant templates in its DBs (\u003ca href=\"./vendor-logins.json\"\u003evendor-logins.json\u003c/a\u003e and \u003ca href=\"./vendor-vulns.json\"\u003evendor-vulns.json\u003c/a\u003e), scan it for vendor-specific default passwords like  admin:admin as well as look for any potential vulnerabilities.\n\u003cbr\u003e\u003cbr\u003e\nGenzai currently supports fingerprinting over 20 IoT-based dashboards and has the same amount of templates to look for default password issues across them. It currently has a total of 10 vulnerability templates which will increase with coming updates.\n\u003c/div\u003e\n\u003chr style=\"height: 1px;\"\u003e\n\n\u003cdiv id=\"features\"\u003e\n\u003ch2\u003e Features \u003c/h2\u003e\n\n\u003ch4\u003eFingerprinting - The Wappalyzer of IoT Devices\u003c/h4\u003e\nWith Genzai, you can fingerprint the IoT Product running over a target based on the HTTP response received through it. With a support of 20 templates and counting, Genzai can look for categories such as:\n\u003cbr\u003e\n\n- Wireless Router\n- Surveillance Camera\n- HMI or Human Machine Interface\n- Smart Power Control\n- Building Access Control System\n- Climate Control\n- Industrial Automation\n- Home Automation\n- Water Treatment System\n\n\u003ch4\u003eDefault Password Checks\u003c/h4\u003e\nBased on the IoT product identified and the presence of a relevant template in \u003ca href=\"./vendor-logins.json\"\u003eVendor Logins DB\u003c/a\u003e, Genzai will also check if the target is still using a vendor-specific default password considering how several devices across the internet still use a default password letting anyone to log in as an administrative user.\n\u003c/div\u003e\n\n\u003ch4\u003eVulnerability Scanning\u003c/h4\u003e\nAlso based on the IoT product identified and with the presence of a relevant template in \u003ca href=\"./vendor-vulns.json\"\u003eVendor Vulns DB\u003c/a\u003e, Genzai will check for any potential vulnerabilities across the target. While some of the templates actively flag issues based on an exposed endpoint or file, others may flag based on a vulnerable version.\n\u003c/div\u003e\n\n\u003cdiv id=\"v2\"\u003e\n\u003ch2\u003ev2 is here! 🚀\u003c/h2\u003e\nIn this November 2024 update prior to \u003ca href=\"https://blackhatmea.com/agenda-2024\"\u003eBlack Hat MEA\u003c/a\u003e, we are glad to announce the v2 update for Black Hat MEA with some really exciting new features!\n\n\u003ch4\u003e📡 API Mode: Integrate Seamlessly\u003c/h4\u003e\nWant to supercharge your existing pipeline or application with Genzai? The all-new API mode allows you to deploy an API server effortlessly and perform scans with ease. No fuss, just results. [\u003ca href=\"./docs/v2.md#apimode\"\u003eLearn more\u003c/a\u003e]  \n\n\u003ch4\u003e🖥️ GUI Mode: Simplicity Meets Power\u003c/h4\u003e\nLet’s face it—CLI is functional, but not always fun. That’s why we’ve introduced a sleek, web-based GUI mode! It’s intuitive, engaging, and designed to take your productivity to the next level. Say goodbye to monotony and hello to efficiency. [\u003ca href=\"./docs/v2.md#guimode\"\u003eLearn more\u003c/a\u003e]  \n\n\u003ch4\u003e🌐 Recon Mode: Explore at Warp Speed\u003c/h4\u003e\nCurious to see if IoT devices are lurking in a subnet? Or perhaps you need to probe a private network for vulnerabilities? Recon mode has your back, offering lightning-fast scanning to uncover hidden gems (or threats). [\u003ca href=\"./docs/v2.md#reconmode\"\u003eLearn more\u003c/a\u003e]\n\u003c/div\u003e\n\n\u003c/div\u003e\n\n\u003cdiv id=\"acknowledgements\"\u003e\n\u003ch2\u003e Acknowledgements \u003c/h2\u003e\nGenzai has been or will be noticed at,\n\u003cul type=\"disc\"\u003e\n\u003cli\u003e\u003ca href=\"https://www.blackhat.com/asia-24/arsenal/schedule/index.html#genzai---the-iot-security-toolkit-37373\"\u003eBlack Hat Asia 2024 [Arsenal]\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://www.gisec.ae/gisec-armory\"\u003eGISEC Armory Edition 1 Dubai 2024\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"https://blackhatmea.com/agenda-2024\"\u003eBlack Hat MEA 2024 [Arsenal]\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/div\u003e\n\n\u003cdiv id=\"contact\"\u003e\n\u003ch2\u003e Let's Connect! \u003c/h2\u003e\nIf you have any questions or feedback about Genzai or just want to connect with me, feel free to reach out via \u003ca href=\"https://in.linkedin.com/in/umair-nehri-49699317a\"\u003eLinkedIn\u003c/a\u003e or \u003ca href=\"mailto:umairnehri9747@gmail.com\"\u003eEmail\u003c/a\u003e.\n\u003c/div\u003e\n\n\u003ch2\u003eLegal Disclaimer\u003c/h2\u003e\nUsage of Genzai for scanning or attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fumair9747%2FGenzai","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fumair9747%2FGenzai","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fumair9747%2FGenzai/lists"}