Cotopaxi

Set of tools for security testing of Internet of Things devices using protocols like CoAP, DTLS, HTCPCP, mDNS, MQTT, SSDP.

Tools in this package:

• service_ping
• server_fingerprinter
• resource_listing
• server_fingerprinter
• protocol_fuzzer (for fuzzing servers)
• client_proto_fuzzer (for fuzzing clients)
• vulnerability_tester (for testing servers)
• client_vuln_tester (for testing clients)
• amplifier_detector

Protocols supported by different tools:

cotopaxi.service_ping

Tool for checking availability of network service at given IP and port ranges.

cotopaxi.server_fingerprinter

Tool for software fingerprinting of network servers at given IP and port ranges

Currently supported servers:

• CoAP:
  • aiocoap,
  • CoAPthon,
  • FreeCoAP,
  • libcoap,
  • MicroCoAP,
  • Mongoose
  • Wakaama (formerly liblwm2m)
• DTLS:
  • GnuTLS,
  • Goldy,
  • LibreSSL,
  • MatrixSSL,
  • mbed TLS,
  • OpenSSL,
  • TinyDTLS

cotopaxi.resource_listing

Tool for checking availability of resource named url on the server at given IP and port ranges. Sample URL lists are available in the urls directory

cotopaxi.protocol_fuzzer

Black-box fuzzer for testing protocol servers

cotopaxi.client_proto_fuzzer

Black-box fuzzer for testing protocol clients

cotopaxi.vulnerability_tester

Tool for checking vulnerability of network service at given IP and port ranges

cotopaxi.client_vuln_tester

Tool for checking vulnerability of network clients connecting to the server provided by this tool

cotopaxi.amplifier_detector

Tool for detection of network devices amplifying reflected traffic by observing the size of the incoming and outgoing size of packets

Install & Use

Copyright (C) 2019 Samsung Electronics. All Rights Reserved.