Ticker

6/recent/ticker-posts

HomePwn: Swiss Army Knife for Penetration Testing of IoT Devices

You probably know about Netcat a Swiss Army Knife for networking pen-testing tool for hackers and cybersecurity experts, but what if you get something like that for Internet Of Things (IoT) devices to test their security before an actual hacker does. Programmers are not cybersecurity experts so they may miss some security flows while coding their programs applications for IoT devices.

You may also like to read: Swiss Army Knife For Networking Pen-testing

In today's article, we will learn about a Swiss Army Knife for IoT device testing: HomePwn, a Python-coded program that runs on Windows and Linux.

HomePwn is a framework that provides features to audit and pen-testing devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office and take advantage of certain vulnerabilities to read or send data to those devices. With a strong library of modules, you can use this tool to load new features and use them on a vast variety of devices.

HomePwn has a modular architecture in which any user can expand the knowledge base about different technologies. Principally it has two different components:

Discovery modules. These modules provide functionalities related to the discovery stage, regardless of the technology to be used. For example, it can be used to conduct WiFi scans via an adapter in monitor mode, perform discovery of BLE devices, Bluetooth Low-Energy, which other devices are nearby, and view their connectivity status, etc. Also, It can be used to discover home or office IoT services using protocols such as SSDP or Simple Service Discovery Protocol and MDNS or Multicast DNS.

Specific modules for the technology to be audited. On the other hand, there are specific modules for audited technology. Today, HomePwn can perform auditing tests on technologies such as WiFi, NFC, or BLE. In other words, there are modules for each of these technologies in which different known vulnerabilities or different techniques are implemented to assess the device's security level and communicate with this kind of technology.

You may also like to read: Introducing Linux For Red Hat Hacking & Teaming

Documentation

It's possible to read the documentation in our papers:

Getting Started

These instructions will help you set up the project on your local machine for development and testing purposes. Refer to the deployment section for guidance on deploying the project to a live system.

sudo apt-get update
git clone https://github.com/Telefonica/HomePWN
cd HomePWN && sudo bash install.sh
sudo python3 homePwn.py

Now simply follow the usage instructions as mentioned in the documentation PDF file given above.

I hope this information is helpful for you and make sure to join our channels to never miss future updates and posts.