{"id":13843092,"url":"https://github.com/yakuza8/peniot","last_synced_at":"2025-05-07T15:40:53.227Z","repository":{"id":122523559,"uuid":"230720900","full_name":"yakuza8/peniot","owner":"yakuza8","description":"PENIOT: Penetration Testing Tool for IoT","archived":false,"fork":false,"pushed_at":"2022-02-22T14:29:13.000Z","size":5017,"stargazers_count":218,"open_issues_count":2,"forks_count":49,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-03-31T11:34:49.322Z","etag":null,"topics":["amqp","ble","coap","hacking","hacking-tools","iot","iot-hacking","mqtt","penetration-testing","penetration-testing-framework","penetration-testing-tools","python","python2-7","security","security-attacks"],"latest_commit_sha":null,"homepage":"https://senior.ceng.metu.edu.tr/2019/peniot/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/yakuza8.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2019-12-29T08:00:34.000Z","updated_at":"2025-03-20T22:39:27.000Z","dependencies_parsed_at":"2023-06-29T02:46:07.521Z","dependency_job_id":null,"html_url":"https://github.com/yakuza8/peniot","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yakuza8%2Fpeniot","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yakuza8%2Fpeniot/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yakuza8%2Fpeniot/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/yakuza8%2Fpeniot/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/yakuza8","download_url":"https://codeload.github.com/yakuza8/peniot/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252907778,"owners_count":21823274,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["amqp","ble","coap","hacking","hacking-tools","iot","iot-hacking","mqtt","penetration-testing","penetration-testing-framework","penetration-testing-tools","python","python2-7","security","security-attacks"],"created_at":"2024-08-04T17:01:55.055Z","updated_at":"2025-05-07T15:40:53.204Z","avatar_url":"https://github.com/yakuza8.png","language":"Python","funding_links":[],"categories":["Python","Python (1887)","Tools"],"sub_categories":["Hardware Tools"],"readme":"# PENIOT: Penetration Testing Tool for IoT\n\n#### Table of Contents\n* [Project Description](#Project-Description)\n    * [What is PENIOT?](#What-is-PENIOT)\n    * [Why is PENIOT required?](#Why-is-PENIOT-required)\n    * [What does PENIOT provide?](#What-does-PENIOT-provide)\n* [Build Instructions](#Build-Instructions)\n* [Documentation](#Documentation)\n* [Testing](#Testing)\n* [Contributors](#Contributors)\n* [Developer's Note](#Developers-Note)\n* [Project Poster](#Project-Poster)\n\n## Project Description\n\n### What is PENIOT?\n\n[PENIOT](https://senior.ceng.metu.edu.tr/2019/peniot/) is a penetration testing tool for Internet of Things (IoT) devices. \nIt helps you to test/penetrate your devices by targeting their internet connectivity\nwith different types of security attacks. In other words, you can expose your device\nto both active and passive security attacks. After deciding target device and necessary\ninformation (or parameters) of that device, you can perform active security attacks like\naltering/consuming system resources, replaying valid communication units and so on.\nAlso, you can perform passive security attacks such as breaching of confidentiality of\nimportant information or reaching traffic analysis. Thanks to PENIOT, all those operations\ncan be semi-automated or even fully automated. In short, PENIOT is a package/framework for\ntargeting IoT devices with protocol based security attacks.\n\nAlso, it gives you a baseline structure for your further injections of new security attacks\nor new IoT protocols. One of the most important features of PENIOT is being extensible.\nBy default, it has several common IoT protocols and numerous security attacks related to\nthose protocols. But, it can be extended further via exporting basic structure of internally\nused components so that you can develop your attacks in harmony with the internal structure\nof the PENIOT.\n\n### Why is PENIOT required?\n\nThe IoT paradigm has experienced immense growth in the past decade, with billions of devices\nconnected to the Internet. Most of these devices lack even basic security measures due to\ntheir capacity constraints and designs made without security in mind due to the shortness\nof time-to-market. Due to the high connectivity in IoT, attacks that have devastating\neffects in extended networks can easily be launched by hackers through vulnerable devices.\n\nUp until now, penetration testing was done manually if it was not ignored at all.\nThis procedure made testing phase of devices very slow. On the other hand, the firms which\nproduce IoT devices should always be up to date on testing their devices in terms of\nreliability, robustness as well as their provided functionalities since being exposed to\nsecurity attacks by malicious people could cause unexpected impacts on end-users.\nThe main aim of PENIOT is to accelerate the process of security testing. It enables you to\nfigure out security flaws on your IoT devices by automating the time consuming penetration\ntesting phase.\n\n### What does PENIOT provide?\n\nFirst of all, PENIOT provides novelty. It is one of the first examples of penetration testing\ntools on IoT field. There are only one or two similar tools which are specialized on IoT,\nbut they are still on development phase, so not completed yet.\n\nSince the number of IoT devices is increasing drastically, IoT devices become more and more\ncommon in our daily life. Smart homes, smart bicycles, medical sensors, fitness trackers,\nsmart locks and connected factories are just a few examples of IoT products. Given this,\nwe felt the need to choose some of the most commonly used IoT protocols to plant into PENIOT\nby default. We chose the following protcols as the default IoT protocols included in the\nPENIOT. These IoT protocols are tested with various types of security attacks such as DoS,\nFuzzing, Sniffing and Replay attacks. \n\nFollowing protocols are currently supported:\n* Advanced Message Queuing Protocol ([AMQP](https://www.amqp.org/))\n* Bluetooth Low Energy ([BLE](https://www.bluetooth.com/))\n* Constraint Application Protocol ([CoAP](https://coap.technology/))\n* Message Queuing Telemetry Transport ([MQTT](http://mqtt.org/))\n\nMoreover, it enables you to export internal mainframe of its own implemented protocol and\nattacks to implement your own protocols or attacks. Also, you can extend already existing\nprotocols with your newly implemented attacks. And lastly, it provides you an easy to use,\nuser friendly graphical user interface. \n\n## Build Instructions\nFirstly, you need to have Python's **setuptools** module installed in your machine. Also,\nyou need to install **python-tk** and **[bluepy](https://github.com/IanHarvey/bluepy)**\nbefore installation and build.\n\nIn short, you need the followings before running installation script.\n* setuptools\n* python-tk\n* bluepy\n\n\u003e Note that it is suggested to have a separate virtual environment particularly created\n\u003e for Peniot since the dependent libraries are pretty old and can cause some trouble to\n\u003e install them among your existing external libraries\n\nYou can build project in your local by executing following codes.\n```shell\n$ git clone git@github.com:yakuza8/peniot.git\n$ cd peniot\n$ python setup.py install\n```\nEven if we try to provide you up-to-date installation script, there can be some missing parts in\nit since the project cannot be maintained so long. Please inform us if there is any problem\nwith installation.\n\n**Important Note**: You need to have [Radamsa](https://gitlab.com/akihe/radamsa) installed\nin your machine in order for generating fuzzing payloads in fuzzing attacks.  \n\n## Execution\n\nYou can run Peniot via command line or your favorite IDE after setting up a virtual environment and \ninstalling the necessary libraries described above.\n\n```shell\n$ python src/peniot.py\n```\n\nAfter running this command, you should see an user interface appeared. Then you can explore the tool\nby yourself.\n\n## Documentation\nYou can find *Design Overview Document* and *Final Design Document* under the **resources/documents** folder.\nSeveral diagrams are attached under the **resources/diagrams** folder. Here is the simplest\nrepresentation of how PENIOT is separated modules and how it is designed.\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"/resources/diagrams/peniot_structure_component_diagram.png\"\u003e\n\u003c/p\u003e\n\n## Testing\nMost of the attacks have their own sample integration tests under their attack scripts. In\norder to run those tests, you need to have a running program for the target protocol. We try to\nprovide you with example programs for each protocol where one can find server/client scripts\nunder each protocol's **examples** directory. \n\n## Contributors\nThis project is contributed by the following project members:\n- Berat Cankar\n- Bilgehan Bingöl\n- Doğukan Çavdaroğlu\n- Ebru Çelebi\n\nand is supervised by **Pelin Angın**.\n\n## Developer's Note\nFirstly, let me thank you for visiting our project site. We tried to provide you how one can\npenetrate and hack IoT devices over the protocols they use thanks to end-to-end security attacks.\nOur main purpose is to hack those devices with generic security attacks. One can simply find\nspecific attacks for any protocol, but as I said ours was to provide generic and extendable\npenetration framework. \n\nSecondly, PENIOT is developed with **Python2.7**. And our code maybe had gone into *legacy state*.\nBut nevertheless, we wanted to share it to public so that anyone could get insight and\ninspiration to develop their own penetration tools, that is what makes us happy if it could happen.\n\nThirdly, we also will try to port our tool into **Python3** if we can spare necessary time for that.\nWhen it happens, we will inform it from this page as well. Thanks for your attention.\n\nDeveloper: @yakuza8 (Berat Cankar)\n\n## Project Poster\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"/resources/peniot_vectorized.svg\"\u003e\n\u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyakuza8%2Fpeniot","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fyakuza8%2Fpeniot","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fyakuza8%2Fpeniot/lists"}