Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/akamai-threat-research/mqtt-pwn

MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
https://github.com/akamai-threat-research/mqtt-pwn

exploitation iot mqtt mqtt-broker mqtt-client python reconnaissance

Last synced: about 1 month ago
JSON representation

MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.

Host: GitHub
URL: https://github.com/akamai-threat-research/mqtt-pwn
Owner: akamai-threat-research
License: gpl-3.0
Created: 2018-08-02T08:36:34.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2023-02-23T14:45:14.000Z (almost 2 years ago)
Last Synced: 2024-08-02T16:01:32.687Z (4 months ago)
Topics: exploitation, iot, mqtt, mqtt-broker, mqtt-client, python, reconnaissance
Language: Python
Size: 319 KB
Stars: 347
Watchers: 16
Forks: 51
Open Issues: 17
Metadata Files:
- Readme: README.rst
- License: LICENSE

Awesome Lists containing this project

awesome-hacking-lists - akamai-threat-research/mqtt-pwn - MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations. (Python)

README

MQTT-PWN
========

.. image:: https://readthedocs.org/projects/ansicolortags/badge/?version=latest
:target: http://mqtt-pwn.readthedocs.io/?badge=latest

.. image:: https://img.shields.io/github/license/akamai-threat-research/mqtt-pwn.svg
:target: https://github.com/akamai-threat-research/mqtt-pwn/blob/master/LICENSE

.. image:: https://img.shields.io/badge/python-3%2E6-green.svg
:target: https://github.com/akamai-threat-research/mqtt-pwn/

.. image:: https://img.shields.io/badge/docker-friendly-blue.svg
:target: https://github.com/akamai-threat-research/mqtt-pwn/

MQTT is a machine-to-machine connectivity protocol designed as an extremely lightweight publish/subscribe
messaging transport and widely used by millions of IoT devices worldwide. MQTT-PWN intends to be a one-stop-shop
for IoT Broker penetration-testing and security assessment operations, as it combines enumeration,
supportive functions and exploitation modules while packing it all within command-line-interface
with an easy-to-use and extensible shell-like environment.

.. image:: https://raw.githubusercontent.com/akamai-threat-research/mqtt-pwn/master/docs/_static/images/another-logo-trans-bg-small.png
:target: https://github.com/akamai-threat-research/mqtt-pwn

Authors
-------

- `Daniel Abeles `_
- `Moshe Zioni `_

Feature Support
---------------

- Credential Brute-Forcer - configurable brute force password cracking to bypass authentication controls
- Topic Enumerator - establishing comprehensive topic list via continuous sampling over time
- Useful Information Grabber - obtaining and labeling data from an extensible predefined list containing known topics of interest
- GPS tracker - plotting routes from devices using OwnTracks app and collecting published coordinates
- Sonoff Exploiter – design to extract passwords and other sensitive information
- Extensibility - the framework was designed to add new custom plugins with ease
- Shodan - search through `Shodan.io` API for available vulnerable MQTT brokers

Documentation
-------------

Documentation is available at https://mqtt-pwn.readthedocs.io/.