Hackers of India

EXPLIoT: IoT Security Testing and Exploitation Framework

By  Aseem Jakhar   Murtuja Bharmal  on 08 Aug 2019 @ Blackhat : Arsenal

This Tool Demo covers following tools where the speaker has contributed or authored
EXPLIOT

Abstract

EXPLIoT

noun /ɛkˈsplʌɪəti:/

A Framework for security testing and exploiting IoT products and IoT infrastructure. It provides a set of plugins (test cases) which are used to perform the assessment and can be extended easily with new ones. The name EXPLIoT (pronounced expl-aa-yo-tee) is a pun on the word exploit and explains the purpose of the framework i.e. IoT exploitation. It is developed in python3.

It can be used as a standalone tool for IoT security testing and more interestingly, it provides building blocks for writing new plugins/exploits and other IoT security assessment test cases with ease. EXPLIoT supports most IoT communication protocols, hardware interfacing functionality and test cases that can be used from within the framework to quickly map and exploit an IoT product or IoT Infrastructure. It will help the security community in writing quick IoT test cases and exploits. The objectives of the framework are:

  1. Easy of use
  2. Extendable
  3. Support for hardware, radio and IoT protocol analysis

Currently, the framework has support for analyzing and exploiting various IoT, radio and hardware protocols. The current suite includes:

We are also very happy to announce that we have released a comprehensive documentation including User and Developer guide to help the security community kick start quickly and easily with the framework. Source code and documentation is available here - https://gitlab.com/expliot_framework/expliot

We are currently working on plugins for medical, radio and hardware analysis and will release it at Blackhat.