awesome-embedded-and-iot-security
IoT security toolkit
A curated collection of resources and tools for analyzing and securing embedded and IoT devices
A curated list of awesome embedded and IoT security resources.
2k stars
65 watching
240 forks
last commit: about 1 year ago
Linked from 5 awesome lists
awesomeawesome-listembeddedfirmwareiotsecurity
Awesome Embedded and IoT Security / Software Tools / Analysis Frameworks | |||
| EXPLIoT | Pentest framework like Metasploit but specialized for IoT | ||
| FACT - The Firmware Analysis and Comparison Tool | Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions | ||
Awesome Embedded and IoT Security / Software Tools / Analysis Frameworks / FACT - The Firmware Analysis and Comparison Tool | |||
| Improving your firmware security analysis process with FACT | Conference talk about FACT | ||
Awesome Embedded and IoT Security / Software Tools / Analysis Frameworks | |||
| FwAnalyzer | 492 | about 1 year ago | Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI |
| HAL – The Hardware Analyzer | 626 | 10 days ago | A comprehensive reverse engineering and manipulation framework for gate-level netlists |
| HomePWN | 878 | almost 2 years ago | Swiss Army Knife for Pentesting of IoT Devices |
| IoTSecFuzz | Framework for automatisation of IoT layers security analysis: hardware, software and communication | ||
| Killerbee | 764 | about 1 year ago | Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks |
| PRET | 3,935 | 4 months ago | Printer Exploitation Toolkit |
| Routersploit | 12,208 | 28 days ago | Framework dedicated to exploit embedded devices |
Awesome Embedded and IoT Security / Software Tools / Analysis Tools | |||
| Binwalk | 11,276 | 8 days ago | Searches a binary for "interesting" stuff, as well as extracts arbitrary files |
| cwe_checker | 1,124 | 3 months ago | Finds vulnerable patterns in binary executables - ELF support for x86, ARM, and MIPS, experimental bare-metal support |
| emba | 2,700 | 4 days ago | Analyze Linux-based firmware of embedded devices |
| Firmadyne | 1,830 | 4 months ago | Tries to emulate and pentest a firmware |
| Firmwalker | 1,057 | about 1 year ago | Searches extracted firmware images for interesting files and information |
| Firmware Slap | 470 | about 4 years ago | Discovering vulnerabilities in firmware through concolic analysis and function clustering |
| Ghidra | Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary | ||
| Radare2 | 20,705 | 6 days ago | Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset |
| Trommel | 207 | over 4 years ago | Searches extracted firmware images for interesting files and information |
Awesome Embedded and IoT Security / Software Tools / Extraction Tools | |||
| FACT Extractor | 83 | 6 days ago | Detects container format automatically and executes the corresponding extraction tool |
| Firmware Mod Kit | 835 | 3 months ago | Extraction tools for several container formats |
| The SRecord package | Collection of tools for manipulating EPROM files (can convert lots of binary formats) | ||
Awesome Embedded and IoT Security / Software Tools / Support Tools | |||
| JTAGenum | 725 | about 1 year ago | Add JTAG capabilities to an Arduino |
| OpenOCD | Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing | ||
Awesome Embedded and IoT Security / Software Tools / Misc Tools | |||
| Cotopaxi | 351 | 6 months ago | Set of tools for security testing of Internet of Things devices using specific network IoT protocols |
| dumpflash | 288 | over 2 years ago | Low-level NAND Flash dump and parsing utility |
| flashrom | 897 | 7 days ago | Tool for detecting, reading, writing, verifying and erasing flash chips |
| Samsung Firmware Magic | 210 | over 3 years ago | Decrypt Samsung SSD firmware updates |
Awesome Embedded and IoT Security / Hardware Tools | |||
| Bus Blaster | Detects and interacts with hardware debug ports like and | ||
| Bus Pirate | Detects and interacts with hardware debug ports like UART and JTAG | ||
| Shikra | Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols | ||
| JTAGULATOR | Detects JTAG Pinouts fast | ||
| Saleae | Easy to use Logic Analyzer that support many protocols | ||
| Ikalogic | Alternative to Saleae logic analyzers | ||
| HydraBus | Open source multi-tool hardware similar to the BusPirate but with NFC capabilities | ||
| ChipWhisperer | Detects Glitch/Side-channel attacks | ||
| Glasgow | 1,921 | 12 days ago | Tool for exploring and debugging different digital interfaces |
| J-Link | J-Link offers USB powered JTAG debug probes for multiple different CPU cores | ||
Awesome Embedded and IoT Security / Hardware Tools / Bluetooth BLE Tools | |||
| UberTooth One | Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation | ||
| Bluefruit LE Sniffer | Easy to use Bluetooth Low Energy sniffer | ||
Awesome Embedded and IoT Security / Hardware Tools / ZigBee Tools | |||
| ApiMote | ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible | ||
| Freakduino | Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer | ||
Awesome Embedded and IoT Security / Hardware Tools / SDR Tools | |||
| RTL-SDR | Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz | ||
| HackRF One | Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex) | ||
| YardStick One | Half-duplex sub-1 GHz wireless transceiver | ||
| LimeSDR | Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex) | ||
| BladeRF 2.0 | Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex) | ||
| USRP B Series | Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex) | ||
Awesome Embedded and IoT Security / Hardware Tools / RFID NFC Tools | |||
| Proxmark 3 RDV4 | Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags | ||
| ChamaleonMini | Programmable, portable tool for NFC security analysis | ||
| HydraNFC | Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate | ||
Awesome Embedded and IoT Security / Books | |||
| Practical IoT Hacking | 2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino Calderon, Beau Woods: | ||
| The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks | 2020, Jasper van Woudenberg, Colin O'Flynn: | ||
| The Hacker's Hardware Toolkit: The best collection of hardware gadgets for Red Team hackers, Pentesters and security researchers | 2,078 | about 4 years ago | 2019, Yago Hansen: |
| The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things | 2019, Aditya Gupta: | ||
| Hardware Security: A Hands-on Learning Approach | 2018, Mark Swarup Tehranipoor: | ||
| Pentesting Hardware - A Practical Handbook (DRAFT) | 492 | over 5 years ago | 2018, Mark Carney: |
| Inside Radio: An Attack and Defense Guide | 2018, Qing Yang, Lin Huang | ||
| IoT Penetration Testing Cookbook | 2017, Aditya Gupta, Aaron Guzman: | ||
| The Hardware Hacker: Adventures in Making and Breaking Hardware | 2017, Andrew Huang: | ||
| The Car Hacker's Handbook: A Guide for the Penetration Tester | 2016, Craig Smith: | ||
| The Art of PCB Reverse Engineering | 2015, Keng Tiong Ng: | ||
| Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts | 2015, Nitesh Dhanjan: | ||
| Hacking Wireless Exposed | 2015, Joshua Wright , Johnny Cache: | ||
| Hardware Security: Design, Threats, and Safeguards | 2014, Debdeep Mukhopadhyay: | ||
| The Firmware Handbook (Embedded Technology) | 2014, Jack Ganssle: | ||
| Hacking the XBOX | 2013, Andrew Huang: | ||
Awesome Embedded and IoT Security / Research Papers | |||
| SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization | 2020, Oser et al: | ||
| Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk | 2019, Agarwal et al: | ||
| BenchIoT: A Security Benchmark for the Internet of Things | 2019, Almakhdhub et al: | ||
| SoK: Security Evaluation of Home-Based IoT Deployments | 2019, Alrawi et al: | ||
| Challenges in Designing Exploit Mitigations for Deeply Embedded Systems | 2019, Abbasi et al: | ||
| PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary | 2019, Song et al: | ||
| What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices | 2018, Muench et al: | ||
| Embedded Device Vulnerability Analysis Case Study Using Trommel | 2017, O'Meara et al: | ||
| How to Break Secure Boot on FPGA SoCs through Malicious Hardware | 2017, Jacob et al: | ||
| Towards Automated Classification of Firmware Images and Identification of Embedded Devices | 2017, Costin et al: | ||
| Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation | 2016, Kammerstetter et al: | ||
| Towards Automated Dynamic Analysis for Linux-based Embedded Firmware | 2016, Chen et al: | ||
| Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces | 2016, Costin et al: | ||
| Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware | 2015, Shoshitaishvili et al: | ||
| Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy | 2015, Papp et al: | ||
| Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares | 2014, Zaddach et al: | ||
| Analysis of embedded applications by evolutionary fuzzing | 2014, Alimi et al: | ||
| A Large-Scale Analysis of the Security of Embedded Firmwares | 2014, Costin et al: | ||
| FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution | 2013, Davidson et al: | ||
Awesome Embedded and IoT Security / Case Studies | |||
| Binary Hardening in IoT products | |||
| Cracking Linksys “Encryption” | |||
| Deadly Sins Of Development | Conference talk presenting several real world examples on real bad implementations | ||
| Dumping firmware from a device's SPI flash with a buspirate | |||
| Hacking the DSP-W215, Again | |||
| Hacking the PS4 | Introduction to PS4's security | ||
| IoT Security@CERN | |||
| Multiple vulnerabilities found in the D-link DWR-932B | |||
| Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol | |||
| PWN Xerox Printers (...again) | |||
| Reversing Firmware With Radare | |||
| Reversing the Huawei HG533 | |||
Awesome Embedded and IoT Security / Free Training | |||
| CSAW Embedded Security Challenge 2019 | 34 | almost 5 years ago | CSAW 2019 Embedded Security Challenge (ESC) |
| Embedded Security CTF | Microcorruption: Embedded Security CTF | ||
| Hardware Hacking 101 | 46 | over 5 years ago | Workshop @ BSides Munich 2019 |
| IoTGoat | 180 | over 4 years ago | IoTGoat is a deliberately insecure firmware based on OpenWrt |
| Rhme-2015 | 0 | 3 months ago | First riscure Hack me hardware CTF challenge |
| Rhme-2016 | 2 | 3 months ago | Riscure Hack me 2 is a low level hardware CTF challenge |
| Rhme-2017/2018 | 0 | 3 months ago | Riscure Hack Me 3 embedded hardware CTF 2017-2018 |
Awesome Embedded and IoT Security / Websites | |||
| Hacking Printers Wiki | All things printer | ||
| OWASP Embedded Application Security Project | Development best practices and list of hardware and software tools | ||
| OWASP Internet of Things Project | IoT common vulnerabilities and attack surfaces | ||
| Router Passwords | Default login credential database sorted by manufacturer | ||
| Siliconpr0n | A Wiki/Archive of all things IC reversing | ||
Awesome Embedded and IoT Security / Websites / Blogs | |||
| RTL-SDR | |||
| /dev/ttyS0's Embedded Device Hacking | |||
| Exploiteers | |||
| Hackaday | |||
| jcjc's Hack The World | |||
| Quarkslab | |||
| wrong baud | |||
| Firmware Security | |||
| PenTestPartners | |||
| Attify | |||
| Patayu | |||
| GracefulSecurity - Hardware tag | |||
| Black Hills - Hardware Hacking tag | |||
Awesome Embedded and IoT Security / Websites / Tutorials and Technical Background | |||
| Azeria Lab | Miscellaneous ARM related Tutorials | ||
| JTAG Explained | A walkthrough covering UART and JTAG bypassing a protected login shell | ||
| Reverse Engineering Serial Ports | Detailed tutorial about how to spot debug pads on a PCB | ||
| UART explained | An in depth explanation of the UART protocol | ||
Awesome Embedded and IoT Security / Websites / YouTube Channels | |||
| Flashback Team | A duo of hackers explaining their step by step approach to finding and exploiting vulnerabilities in embedded devices | ||
| StackSmashing | Reverse engineering and hardware hacking of embedded devices | ||
Awesome Embedded and IoT Security / Conferences | |||
| Hardwear.io | |||
sindresorhus/awesome
hack-with-github/awesome-hacking
0ex/more-awesome
netanmangal/awesome-hacking
hexsecs/awesome-embedded-security
lprat/static_file_analysis
contiki-ng/contiki-ng
fluent/fluent-bit
as0ler/r2flutch
rust-iot/radio-hal
google/honggfuzz
0x4d31/detection-and-response-pipeline
aaaguirrep/offensive-docker