medaudit: A tool for auditing medical devices and healthcare infrastructure
A tool for auditing medical devices and healthcare infrastructure. I wrote this tool because I could not find any tool that would help me assist in medical device auditing / pentesting.
I also added the support for web API so we can use the skill set of web application testing to test medical devices.
The tool is written to audit networks, protocols, and infrastructure that runs in hospitals. At the time of writing this, the tools support HL7 protocol. The tool will support FHIR auditing in the near future.
Here are the features of the tool:
- HL7 message sender
- HL7 Scanner
- DOS Testing
- Traffic Analysis
- API Support for using Proxies (Burp, ZAP) and REST client (e.g. Postman)
- Fuzzer – Written by Adwait Joshi (https://github.com/AdvaitJ)
git clone https://github.com/anirudhduggal/medaudit.git
pip install –r requirements.txt
python manage.py runserver 8082
Open your browser and navigate to
You should see the GUI now.
A postman is a client tool which can be used to send REST API requests. To use postman, install the software – https://www.getpostman.com/. Then import the JSON collections in the Postman tool. You can then modify the parameters in a JSON format and send it forward to the device you are testing.
Copyright (C) 2019 anirudhduggal