joffrey: stupid MQTT brute forcer

What is MQTT?

MQTT stands for MQ Telemetry Transport. It is a publish/subscribe, extremely simple and lightweight messaging protocol, designed for constrained devices and low-bandwidth, high-latency or unreliable networks. The design principles are to minimise network bandwidth and device resource requirements whilst also attempting to ensure reliability and some degree of assurance of delivery. These principles also turn out to make the protocol ideal of the emerging “machine-to-machine” (M2M) or “Internet of Things” world of connected devices, and for mobile applications where bandwidth and battery power are at a premium. More info, please visit here.

What is joffrey?

Joffrey is a wordlist based multi-threaded brute forcer for protected MQTT brokers. The script is written in Python and is pretty straightforward.

Installation

git clone https://github.com/zombiesam/joffrey.git

Usage

Usage: python joffrey.py [ARGS]



Options:

  -h, --help           show this help message and exit

  -t TARGET            Target domain or ip to invade

  -p PORT              Target port (optional)

  --threads=NRTHREADS  Amount of threads for the King to do as he please with

  -u USERNAME          Specify username

  -w WORDLIST          Path to wordlist

Reference: 0xdeadcode