awesome-embedded-security

Awesome list for embedded security tools and knowledge
https://github.com/hexsecs/awesome-embedded-security

Last synced: 4 days ago
JSON representation

Further Learning and Training
- Wifi Tools
  - Embeddedsecurity.io - Beginners resource on embedded systems security.
  - SecuringHardware.com - Training by the legendary Joe Fitz [@securlyfitz](https://x.com/securelyfitz).
  - GrandIdeaStudio.com - Hardware hacking training with Joe Grand (aka Kingpin).
  - raelize.com - Blog - Great insight into hardware hacking such as fault injection and side-channel attacks.
  - riscure.com - Blog - One of the OG companies working on fault injection. Jasper van Woudenberg (Riscure) and Colin O'Flynn (Newae) literally [wrote the book](https://nostarch.com/hardwarehacking) on hardware hacking.
  - synacktiv - Blog - A how-to on voltage fault injection.
  - riscure.com - Blog - One of the OG companies working on fault injection. Jasper van Woudenberg (Riscure) and Colin O'Flynn (Newae) literally [wrote the book](https://nostarch.com/hardwarehacking) on hardware hacking.
  - riscure.com - Blog - One of the OG companies working on fault injection. Jasper van Woudenberg (Riscure) and Colin O'Flynn (Newae) literally [wrote the book](https://nostarch.com/hardwarehacking) on hardware hacking.
  - GrandIdeaStudio.com - Hardware hacking training with Joe Grand (aka Kingpin).
Hardware Tools
- Chip-Off and Memory Forensics
  - Flashrom - Utility for identifying, reading, writing, and verifying SPI flash chips common in embedded boards.
  - CHIPSEC - Platform security assessment framework with firmware and chipset checks relevant to offline dump triage.
  - The Sleuth Kit - File system forensic toolkit for carving and examining recovered NAND/eMMC/UFS image dumps.
- Hardware Debug Interfaces
  - JTAGenum - Enumerates JTAG pinouts on unknown boards by brute-force testing candidate pin mappings.
  - UrJTAG - Open-source JTAG toolkit for boundary scan, flash programming, and low-level target interaction.
- Hardware Reverse Engineering Multitools
  - Tiguard - An FTDI FT2232H-based multi-protocol tool for hardware hacking.
  - Bus Pirate - The Bus Pirate is an open source hacker multi-tool that talks to electronic stuff. It's got a bunch of features an intrepid hacker might need to prototype their next project.
  - Bus Pirate - Open source hacker multi-tool that talks to electronic stuff. It's got a bunch of features an intrepid hacker might need to prototype their next project.
- Logic Analyzer
  - Saleae - Logic analyzers used by electrical engineers, firmware developers, enthusiasts, and engineering students to record, measure, visualize, and decode the signals in their electrical circuits.
  - Sigrok - The sigrok project aims at creating a portable, cross-platform, Free/Libre/Open-Source signal analysis software suite that supports various device types (e.g. logic analyzers, oscilloscopes, and many more).
  - Sigrok - Portable, cross-platform, Free/Libre/Open-Source signal analysis software suite that supports various device types (e.g. logic analyzers, oscilloscopes, and many more).
- RF Tools (Non-SDR)
  - Flipper Zero - Flipper Zero is a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more. It's fully open-source and customizable, so you can extend it in whatever way you like.
  - Yard Stick One - Transmit or receive digital wireless signals at frequencies below 1 GHz. It uses the same radio circuit as the popular IM-Me.
  - Proxmark - The Proxmark is an RFID swiss-army tool, allowing for both high and low level interactions with the vast majority of RFID tags and systems world-wide. Originally built by Jonathan Westhues over 10 years ago, the device has progressively evolved into the industry standard tool for RFID Analysis.
  - Awesome Flipper Zero - A collection of Awesome resources for the Flipper Zero device.
  - ChameleonUltra - Pocket friendly powerful LF and HF emulation & manipulation tool which is based on the open-source project ChameleonMini.
  - Bruce - Powerful open-source ESP32 firmware designed for offensive security and Red Team operations.
  - Flipper Zero - Portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware and more.
  - Proxmark3 - Open-source RFID research platform for low-level interaction, analysis, and testing across a wide range of LF and HF tags and systems.
- Side-Channel Analysis
  - ChipWhisperer - An open-source toolchain for side-channel power analysis and fault injection attacks with complete hardware and software stack.
  - SCALE - Side-Channel Attack Lab Exercises providing educational material for learning power analysis attacks with low-cost hardware.
- Software Defined Radios
  - HackRF One - Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz.
  - ADALM-PLUTO (PlutoSDR) - The easy to use ADALM-PLUTO active learning module (PlutoSDR) helps introduce electrical engineering students to the fundamentals of software-defined radio (SDR), radio frequency (RF), and wireless communications. Designed for students at all levels and from all backgrounds, the module can be used for both instructor-led and self-directed learning to help students develop a foundation in real-world RF and communications that they can build on as they pursue science, technology, or engineering degrees.
  - RTL-SDR - Very cheap ~$30 USB dongle that can be used as a computer based radio scanner for receiving live radio signals in your area (no internet required).
  - ADALM-PLUTO (PlutoSDR) - Active learning module (PlutoSDR) used to explore software-defined radio, RF experimentation, and wireless communications.
- Software Defined Radio Software
  - Future SDR - Supports Blocks with synchronous or asynchronous implementations for stream-based or message-based data processing.
  - Maia SDR - Open-source FPGA-based SDR project focusing on the ADALM Pluto.
- Wifi Tools
  - Pwnagotchi - A2C-based “AI” powered by bettercap and running on a Raspberry Pi Zero W that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures.
  - ESP32Maurauder - A suite of WiFi/Bluetooth offensive and defensive tools for the ESP32.
Open Source Intelligence (OSINT)
- Wifi Tools
  - Awesome OSINT
Other Awesome Lists
- Wifi Tools
Software Tools
- Binary Parsing and Analysis Tools
  - Kaitai Struct - Declarative language used to describe various binary data structures, laid out in files or in memory: i.e. binary file formats, network stream packet formats, etc.
  - Binwalk - Fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.
  - OFRAK - Binary analysis and modification platform that combines the ability to unpack, analyze, modify, and repack binaries.
  - LIEF - Library to Instrument Executable Formats: parse, modify, and abstract ELF, PE, Mach-O, DEX, and OAT binaries found in firmware images.
  - firmwalker - Searches extracted firmware filesystems for interesting files, credentials, configuration, and known-vulnerable components.
  - SCOUT - Deterministic firmware analysis pipeline emitting SARIF 2.1, CycloneDX 1.6 + VEX SBOM, and hash-anchored evidence chains; auto-detects Ghidra and runs P-code SSA dataflow taint with 4-tier confidence caps. Pure stdlib (no pip dependencies).
- Bluetooth and BLE Security
  - nRF Sniffer for Bluetooth LE - Nordic Semiconductor's BLE packet sniffer for capturing and analyzing Bluetooth Low Energy traffic with Wireshark integration.
  - GATTacker - BLE MITM tool for intercepting and relaying GATT profiles to test BLE device authentication and data integrity.
  - BtleJuice - Bluetooth Low Energy MITM proxy framework for real-time interception and manipulation of BLE communications.
  - Bettercap BLE - BLE scanning, enumeration, and characteristic read/write module integrated into the bettercap Swiss-army knife framework.
- Debugging Tools
  - Open OCD - OpenOCD provides on-chip programming and debugging support with a layered architecture of JTAG interface and TAP support.
  - GDB - The GNU Project debugger, allows you to see what is going on `inside' another program while it executes -- or what another program was doing at the moment it crashed.
  - GEF - Kick-ass set of commands for X86, ARM, MIPS, PowerPC and SPARC to make GDB cool again for exploit dev. It is aimed to be used mostly by exploit developers and reverse-engineers, to provide additional features to GDB using the Python API to assist during the process of dynamic analysis and exploit development.
  - Black Magic Probe - An open-source JTAG/SWD debugger with embedded GDB server and automatic target detection.
  - pyOCD - An open-source Python library for programming and debugging Arm Cortex-M microcontrollers with cross-platform debug probe support.
  - assembly-repl - Native assembly, LLVM IR, C, C++, and Objective-C REPLs for macOS and Linux.
  - probe-rs - Modern Rust-based embedded debug toolkit supporting SWD/JTAG with built-in flashing, RTT logging, and GDB server for ARM and RISC-V targets.
  - Frida - Dynamic instrumentation toolkit for injecting JavaScript or native code into running processes on embedded Linux, Android, iOS, and bare-metal targets.
- Disassember/Decompilers
  - IDA Pro - IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro so that it can generate assembly language source code from machine-executable code and make this complex code more human-readable.
- Disassemblers/Decompilers
  - Binary Ninja - Interactive disassembler, decompiler, and binary analysis platform for reverse engineers, malware analysts, vulnerability researchers, and software developers that runs on Windows, macOS, and Linux.
  - Cutter - Free and Open Source RE Platform powered by Rizini.
  - Rizin - A free and open-source Reverse Engineering framework, providing a complete binary analysis experience with features like Disassembler, Hexadecimal editor, Emulation, Binary inspection, Debugger, and more.
  - radare2 - A free/libre toolchain for easing several low level tasks like forensics, software reverse engineering, exploiting, debugging. It is composed by a bunch of libraries (which are extended with plugins) and programs that can be automated with almost any programming language.
  - Vivisect - A combined disassembler/static analysis/symbolic execution/debugger framework.
  - Angr Management - Multi-architecture binary analysis toolkit, with the capability to perform dynamic symbolic execution (like Mayhem, KLEE, etc.) and various static analyses on binaries. If you'd like to learn how to use it, you're in the right place!
  - Angr - Platform-agnostic binary analysis framework. Brought to you by the Computer Security Lab at UC Santa Barbara, SEFCOM at Arizona State University, their associated CTF team, Shellphish, the open source community, and @rhelmot.
  - Capstone - Lightweight multi-platform, multi-architecture disassembly framework. Their target is to make Capstone the ultimate disassembly engine for binary analysis and reversing in the security community.
  - Ghidra - A software reverse engineering (SRE) suite of tools developed by NSA's Research Directorate in support of the Cybersecurity mission.
  - IDA Pro - Disassembler capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro so that it can generate assembly language source code from machine-executable code and make this complex code more human-readable.
  - Keystone - A lightweight multi-architecture assembler framework that complements Capstone.
  - BARF - A binary analysis and reverse engineering framework with support for ROP gadget search and CFG recovery.
  - RetDec - Retargetable machine-code decompiler from Avast supporting ARM, MIPS, x86, and other architectures common in embedded firmware.
- Emulation Tools
  - FirmAE - An automated framework for emulation and vulnerability analysis of IoT firmware with an 79% success rate using arbitration techniques.
  - Qiling - An advanced binary emulation framework supporting cross-platform OS-level emulation for Windows, Linux, Android, BSD, UEFI, and multiple architectures.
  - Unicorn Engine - A lightweight multi-architecture CPU emulator framework providing pure CPU emulation for ARM, MIPS, x86, RISC-V, and more.
  - PANDA - Platform for Architecture-Neutral Dynamic Analysis with record/replay functionality and LLVM IR translation for whole-system analysis.
  - Renode - Open-source hardware simulation framework from Antmicro for functional testing and security analysis of embedded firmware without physical hardware.
  - Avatar2 - Dynamic analysis orchestration framework for binary firmware that coordinates execution across emulators (QEMU, Unicorn) and real hardware targets.
- Firmware Malware Analysis
  - Firmware Security Testing - OWASP firmware security testing methodology and practical guidance for assessing embedded devices.
  - Firmware Analysis Toolkit - Automated tool for firmware emulation and vulnerability discovery.
  - emba - Efficient malware analysis framework for embedded firmware with scanning and reporting.
- Firmware Supply Chain and SBOM
  - in-toto - Framework for supply chain integrity that records signed provenance steps and enforces layout verification.
  - Sigstore Cosign - Tooling for keyless signing and verification of firmware/container artifacts in CI/CD pipelines.
  - Syft - SBOM generator for filesystems and artifacts, useful for firmware package/component inventories.
  - Grype - Vulnerability scanner that consumes SBOMs to identify known CVEs in firmware dependencies.
- Fuzzing Tools
  - AFL++ - A coverage-guided fuzzer with enhanced mutations, QEMU and Unicorn emulation modes, and custom power schedules.
  - honggfuzz - A feedback-driven evolutionary fuzzer supporting hardware-based coverage (Intel BTS/PT) and persistent mode for extreme speed.
  - Fuzzowski - A network protocol fuzzer based on the Sulley/BooFuzz framework with support for TCP/UDP/SSL protocols.
  - Peach - A smart fuzzer supporting both generation-based and mutation-based fuzzing via Peach Pit definitions.
  - libFuzzer - In-process, coverage-guided, evolutionary fuzzing engine integrated with LLVM.
  - boofuzz - Actively maintained network protocol fuzzer and the spiritual successor to Sulley, with session management, target monitoring, and protocol graph support.
- IoT Protocol Security
  - TLS for MQTT - Overview of TLS implementation for MQTT brokers and clients.
  - wolfMQTT - MQTT client library with TLS support optimized for embedded systems.
  - CoAP Security - Constrained Application Protocol (CoAP) security with DTLS.
  - libcoap - C implementation of CoAP with DTLS support for secure IoT communication.
  - Wireshark MQTT - Protocol analyzer support for MQTT traffic inspection and security analysis.
- Language Specific Decompilers
  - ILSpy - .NET Decompiler with support for PDB generation, ReadyToRun, Metadata (&more) - cross-platform!
  - dnSpy - .NET debugger and assembly editor.
  - de4dot - .NET deobfuscator.
  - JD-GUI - Java decompiler.
  - JADX - Dex to Java decompiler.
- OTA Update Security
  - SUIT - Software Update for the Internet of Things (SUIT) working group developing manifest-based firmware update architecture.
  - RAUC - Safe and secure firmware update framework for embedded Linux with bundle signing and A/B partitioning.
  - Mender - Over-the-air software updater for Linux IoT devices with atomic updates and rollback.
  - SWUpdate - Linux firmware update agent with image verification and incremental updates.
- Root of Trust and TPM
  - TPM 2.0 Reference Implementation - TPM 2.0 specification and reference software from the TCG.
  - IBM Software TPM - Software TPM 2.0 emulator for testing and development.
  - TPM 2.0 TS - TCG Software Stack for TPM 2.0 providing API for key management and attestation.
  - Keylime - Open source TPM-based remote attestation for cloud and edge.
  - AMD fTPM Security Guidance - AMD guidance and security bulletin coverage related to firmware TPM behavior on supported platforms.
- RTOS Security
  - FreeRTOS Security - Security features and documentation for FreeRTOS including MQTT over TLS, PKCS#11, and PSA Certified implementation.
  - Zephyr Project Security - Security documentation for the Zephyr RTOS including TF-M integration, verified boot, and security testing.
  - RT-Thread Security - Security resources and vulnerability reporting for RT-Thread IoT OS.
- Secure Boot and Firmware Trust
  - MCUboot - Secure bootloader for 32-bit microcontrollers supporting signed images, rollback protection, and measured boot flows.
  - AVB (Android Verified Boot) - Reference implementation and design guidance for chained trust and verified partitions in embedded Android systems.
  - U-Boot Verified Boot - FIT-signature based verified boot support for embedded Linux boot chains.
- Security Auditing Frameworks
  - EXPLIoT - EXPLIoT is a Framework for security testing and exploiting IoT products and IoT infrastructure. It provides a set of plugins (test cases) which are used to perform the assessment and can be extended easily with new ones. The name EXPLIoT (pronounced expl-aa-yo-tee) is a pun on the word exploit and explains the purpose of the framework i.e. IoT exploitation.
  - Metasploit - Knowledge is power, especially when it's shared. A collaboration between the open source community and Rapid7, Metasploit helps security teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness.
  - Firmware Analysis and Comparison Tool (FACT) - Automated Firmware Security analysis (Router, IoT, UEFI, Webcams, Drones, …). It is easy to use (web UI), extend (plug-in system) and integrate (REST API).
  - FwAnalyzer (Firmware Analyzer) - Tool to analyze (ext2/3/4), FAT/VFat, SquashFS, UBIFS filesystem images, cpio archives, and directory content using a set of configurable rules.
- TEE/Trusted Execution Environments
  - Trusty TEE - Trusted Execution Environment used in Android for secure services and keystore.
  - Intel SGX SDK - Software Development Kit for Intel Software Guard Extensions providing hardware-based memory enclaves.
  - AMD SEV - Secure Encrypted Virtualization for encrypting VM memory with AMD-V hardware assistance.

Programming Languages

Python 16 C 14 C++ 5 Go 4 C# 3 Shell 3 Java 2 JavaScript 2 Rust 1 PHP 1

awesome-embedded-security

Further Learning and Training

Wifi Tools

Hardware Tools

Chip-Off and Memory Forensics

Hardware Debug Interfaces

Hardware Reverse Engineering Multitools

Logic Analyzer

RF Tools (Non-SDR)

Side-Channel Analysis

Software Defined Radios

Software Defined Radio Software

Wifi Tools

Open Source Intelligence (OSINT)

Wifi Tools

Other Awesome Lists

Wifi Tools

Software Tools

Binary Parsing and Analysis Tools

Bluetooth and BLE Security

Debugging Tools

Disassember/Decompilers

Disassemblers/Decompilers

Emulation Tools

Firmware Malware Analysis

Firmware Supply Chain and SBOM

Fuzzing Tools

IoT Protocol Security

Language Specific Decompilers

OTA Update Security

Root of Trust and TPM

RTOS Security

Secure Boot and Firmware Trust

Security Auditing Frameworks

TEE/Trusted Execution Environments