HomePWN: Swiss Army Knife for Pentesting of IoT Devices

by do son ·

HomePWN

HomePwn – Swiss Army Knife for Pentesting of IoT Devices

HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library of modules, you can use this tool to load new features and use them in a vast variety of devices.

It has a modular architecture in which any user can expand the knowledge base about different technologies. Principally it has two different components:

  • Discovery modules. These modules provide functionalities related to the discovery stage, regardless of the technology to be used. For example, it can be used to conduct WiFi scans via an adapter in monitor mode, perform discovery of BLE devices, Bluetooth Low-Energy, which other devices are nearby and view their connectivity status, etc. Also, It can be used to discover a home or office IoT services using protocols such as SSDP or Simple Service Discovery Protocol and MDNS or Multicast DNS.
  • Specific modules for the technology to be audited. On the other hand, there are specific modules for audited technology. Today, it can perform auditing tests on technologies such as WiFi, NFC, or BLE. In other words, there are modules for each of these technologies in which different known vulnerabilities or different techniques are implemented to asses the device’s security level implemented and communicated with this kind of technology.

Install

git clone https://github.com/ElevenPaths/HomePWN.git
cd HomePWN
sudo ./install.sh

Use

sudo python3 homePwn.py

HomePWN

Examples

Here are some videos to see how the tool works.

HomePwn. Bluetooth Low-Energy PoC & Hacking

 

HomePwn. Bluetooth Spoofing

 

HomePwn. NFC Clone

 

HomePwn. BLE capture on PCAP file (sniffing)

 

HomePwn. QR Options hack

 

HomePwn. Apple BLE Discovery

 

HomePwn. Xiaomi IoT Advertisement

 

Tutorial

Copyright (C) 2019 

Tags: HomePWNIOT