MQTT-PWN

MQTT is a machine-to-machine connectivity protocol designed as an extremely lightweight publish/subscribe messaging transport and widely used by millions of IoT devices worldwide. MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations, as it combines enumeration, supportive functions and exploitation modules while packing it all within command-line-interface with an easy-to-use and extensible shell-like environment.

Feature Support

• Credential Brute-Forcer – configurable brute force password cracking to bypass authentication controls
• Topic Enumerator – establishing a comprehensive topic list via continuous sampling over time
• Useful Information Grabber – obtaining and labelling data from an extensible predefined list containing known topics of interest
• GPS tracker – plotting routes from devices using OwnTracks app and collecting published coordinates
• Sonoff Exploiter – design to extract passwords and other sensitive information
• Extensibility – the framework was designed to add new custom plugins with ease

Download && Use

Copyright (C) 2018 Daniel Abeles, Moshe Zioni