awesome-embedded-and-iot-security
IoT security toolkit
A curated collection of resources and tools for analyzing and securing embedded and IoT devices
A curated list of awesome embedded and IoT security resources.
2k stars
65 watching
241 forks
last commit: about 1 year ago
Linked from 5 awesome lists
awesomeawesome-listembeddedfirmwareiotsecurity
Awesome Embedded and IoT Security / Software Tools / Analysis Frameworks | |||
EXPLIoT | Pentest framework like Metasploit but specialized for IoT | ||
FACT - The Firmware Analysis and Comparison Tool | Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions | ||
Awesome Embedded and IoT Security / Software Tools / Analysis Frameworks / FACT - The Firmware Analysis and Comparison Tool | |||
Improving your firmware security analysis process with FACT | Conference talk about FACT | ||
Awesome Embedded and IoT Security / Software Tools / Analysis Frameworks | |||
FwAnalyzer | 493 | about 1 year ago | Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI |
HAL – The Hardware Analyzer | 626 | about 20 hours ago | A comprehensive reverse engineering and manipulation framework for gate-level netlists |
HomePWN | 880 | almost 2 years ago | Swiss Army Knife for Pentesting of IoT Devices |
IoTSecFuzz | Framework for automatisation of IoT layers security analysis: hardware, software and communication | ||
Killerbee | 767 | about 1 year ago | Framework for Testing & Auditing ZigBee and IEEE 802.15.4 Networks |
PRET | 3,949 | 4 months ago | Printer Exploitation Toolkit |
Routersploit | 12,237 | about 1 month ago | Framework dedicated to exploit embedded devices |
Awesome Embedded and IoT Security / Software Tools / Analysis Tools | |||
Binwalk | 11,412 | 4 days ago | Searches a binary for "interesting" stuff, as well as extracts arbitrary files |
cwe_checker | 1,138 | 4 months ago | Finds vulnerable patterns in binary executables - ELF support for x86, ARM, and MIPS, experimental bare-metal support |
emba | 2,732 | 1 day ago | Analyze Linux-based firmware of embedded devices |
Firmadyne | 1,836 | 5 months ago | Tries to emulate and pentest a firmware |
Firmwalker | 1,062 | over 1 year ago | Searches extracted firmware images for interesting files and information |
Firmware Slap | 471 | about 4 years ago | Discovering vulnerabilities in firmware through concolic analysis and function clustering |
Ghidra | Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary | ||
Radare2 | 20,791 | 4 days ago | Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset |
Trommel | 207 | over 4 years ago | Searches extracted firmware images for interesting files and information |
Awesome Embedded and IoT Security / Software Tools / Extraction Tools | |||
FACT Extractor | 83 | 11 days ago | Detects container format automatically and executes the corresponding extraction tool |
Firmware Mod Kit | 840 | 3 months ago | Extraction tools for several container formats |
The SRecord package | Collection of tools for manipulating EPROM files (can convert lots of binary formats) | ||
Awesome Embedded and IoT Security / Software Tools / Support Tools | |||
JTAGenum | 728 | about 1 year ago | Add JTAG capabilities to an Arduino |
OpenOCD | Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing | ||
Awesome Embedded and IoT Security / Software Tools / Misc Tools | |||
Cotopaxi | 351 | 6 months ago | Set of tools for security testing of Internet of Things devices using specific network IoT protocols |
dumpflash | 290 | over 2 years ago | Low-level NAND Flash dump and parsing utility |
flashrom | 904 | 5 days ago | Tool for detecting, reading, writing, verifying and erasing flash chips |
Samsung Firmware Magic | 212 | over 3 years ago | Decrypt Samsung SSD firmware updates |
Awesome Embedded and IoT Security / Hardware Tools | |||
Bus Blaster | Detects and interacts with hardware debug ports like and | ||
Bus Pirate | Detects and interacts with hardware debug ports like UART and JTAG | ||
Shikra | Detects and interacts with hardware debug ports like UART and JTAG. Among other protocols | ||
JTAGULATOR | Detects JTAG Pinouts fast | ||
Saleae | Easy to use Logic Analyzer that support many protocols | ||
Ikalogic | Alternative to Saleae logic analyzers | ||
HydraBus | Open source multi-tool hardware similar to the BusPirate but with NFC capabilities | ||
ChipWhisperer | Detects Glitch/Side-channel attacks | ||
Glasgow | 1,928 | 1 day ago | Tool for exploring and debugging different digital interfaces |
J-Link | J-Link offers USB powered JTAG debug probes for multiple different CPU cores | ||
Awesome Embedded and IoT Security / Hardware Tools / Bluetooth BLE Tools | |||
UberTooth One | Open source 2.4 GHz wireless development platform suitable for Bluetooth experimentation | ||
Bluefruit LE Sniffer | Easy to use Bluetooth Low Energy sniffer | ||
Awesome Embedded and IoT Security / Hardware Tools / ZigBee Tools | |||
ApiMote | ZigBee security research hardware for learning about and evaluating the security of IEEE 802.15.4/ZigBee systems. Killerbee compatible | ||
Freakduino | Low Cost Battery Operated Wireless Arduino Board that can be turned into a IEEE 802.15.4 protocol sniffer | ||
Awesome Embedded and IoT Security / Hardware Tools / SDR Tools | |||
RTL-SDR | Cheapest SDR for beginners. It is a computer based radio scanner for receiving live radio signals frequencies from 500 kHz up to 1.75 GHz | ||
HackRF One | Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz (half-duplex) | ||
YardStick One | Half-duplex sub-1 GHz wireless transceiver | ||
LimeSDR | Software Defined Radio peripheral capable of transmission or reception of radio signals from 100 KHz to 3.8 GHz (full-duplex) | ||
BladeRF 2.0 | Software Defined Radio peripheral capable of transmission or reception of radio signals from 47 MHz to 6 GHz (full-duplex) | ||
USRP B Series | Software Defined Radio peripheral capable of transmission or reception of radio signals from 70 MHz to 6 GHz (full-duplex) | ||
Awesome Embedded and IoT Security / Hardware Tools / RFID NFC Tools | |||
Proxmark 3 RDV4 | Powerful general purpose RFID tool. From Low Frequency (125kHz) to High Frequency (13.56MHz) tags | ||
ChamaleonMini | Programmable, portable tool for NFC security analysis | ||
HydraNFC | Powerful 13.56MHz RFID / NFC platform. Read / write / crack / sniff / emulate | ||
Awesome Embedded and IoT Security / Books | |||
Practical IoT Hacking | 2020, Fotios Chantzis, Evangel Deirme, Ioannis Stais, Paulino Calderon, Beau Woods: | ||
The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks | 2020, Jasper van Woudenberg, Colin O'Flynn: | ||
The Hacker's Hardware Toolkit: The best collection of hardware gadgets for Red Team hackers, Pentesters and security researchers | 2,083 | about 4 years ago | 2019, Yago Hansen: |
The IoT Hacker's Handbook: A Practical Guide to Hacking the Internet of Things | 2019, Aditya Gupta: | ||
Hardware Security: A Hands-on Learning Approach | 2018, Mark Swarup Tehranipoor: | ||
Pentesting Hardware - A Practical Handbook (DRAFT) | 491 | over 5 years ago | 2018, Mark Carney: |
Inside Radio: An Attack and Defense Guide | 2018, Qing Yang, Lin Huang | ||
IoT Penetration Testing Cookbook | 2017, Aditya Gupta, Aaron Guzman: | ||
The Hardware Hacker: Adventures in Making and Breaking Hardware | 2017, Andrew Huang: | ||
The Car Hacker's Handbook: A Guide for the Penetration Tester | 2016, Craig Smith: | ||
The Art of PCB Reverse Engineering | 2015, Keng Tiong Ng: | ||
Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts | 2015, Nitesh Dhanjan: | ||
Hacking Wireless Exposed | 2015, Joshua Wright , Johnny Cache: | ||
Hardware Security: Design, Threats, and Safeguards | 2014, Debdeep Mukhopadhyay: | ||
The Firmware Handbook (Embedded Technology) | 2014, Jack Ganssle: | ||
Hacking the XBOX | 2013, Andrew Huang: | ||
Awesome Embedded and IoT Security / Research Papers | |||
SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization | 2020, Oser et al: | ||
Detecting IoT Devices and How They Put Large Heterogeneous Networks at Security Risk | 2019, Agarwal et al: | ||
BenchIoT: A Security Benchmark for the Internet of Things | 2019, Almakhdhub et al: | ||
SoK: Security Evaluation of Home-Based IoT Deployments | 2019, Alrawi et al: | ||
Challenges in Designing Exploit Mitigations for Deeply Embedded Systems | 2019, Abbasi et al: | ||
PeriScope: An Effective Probing and Fuzzing Framework for the Hardware-OS Boundary | 2019, Song et al: | ||
What You Corrupt Is Not What You Crash: Challenges in Fuzzing Embedded Devices | 2018, Muench et al: | ||
Embedded Device Vulnerability Analysis Case Study Using Trommel | 2017, O'Meara et al: | ||
How to Break Secure Boot on FPGA SoCs through Malicious Hardware | 2017, Jacob et al: | ||
Towards Automated Classification of Firmware Images and Identification of Embedded Devices | 2017, Costin et al: | ||
Embedded Security Testing with Peripheral Device Caching and Runtime Program State Approximation | 2016, Kammerstetter et al: | ||
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware | 2016, Chen et al: | ||
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces | 2016, Costin et al: | ||
Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware | 2015, Shoshitaishvili et al: | ||
Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy | 2015, Papp et al: | ||
Avatar: A Framework to Support Dynamic Security Analysis of Embedded Systems' Firmwares | 2014, Zaddach et al: | ||
Analysis of embedded applications by evolutionary fuzzing | 2014, Alimi et al: | ||
A Large-Scale Analysis of the Security of Embedded Firmwares | 2014, Costin et al: | ||
FIE on Firmware: Finding Vulnerabilities in Embedded Systems using Symbolic Execution | 2013, Davidson et al: | ||
Awesome Embedded and IoT Security / Case Studies | |||
Binary Hardening in IoT products | |||
Cracking Linksys “Encryption” | |||
Deadly Sins Of Development | Conference talk presenting several real world examples on real bad implementations | ||
Dumping firmware from a device's SPI flash with a buspirate | |||
Hacking the DSP-W215, Again | |||
Hacking the PS4 | Introduction to PS4's security | ||
IoT Security@CERN | |||
Multiple vulnerabilities found in the D-link DWR-932B | |||
Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol | |||
PWN Xerox Printers (...again) | |||
Reversing Firmware With Radare | |||
Reversing the Huawei HG533 | |||
Awesome Embedded and IoT Security / Free Training | |||
CSAW Embedded Security Challenge 2019 | 34 | about 5 years ago | CSAW 2019 Embedded Security Challenge (ESC) |
Embedded Security CTF | Microcorruption: Embedded Security CTF | ||
Hardware Hacking 101 | 46 | over 5 years ago | Workshop @ BSides Munich 2019 |
IoTGoat | 180 | over 4 years ago | IoTGoat is a deliberately insecure firmware based on OpenWrt |
Rhme-2015 | 0 | 3 months ago | First riscure Hack me hardware CTF challenge |
Rhme-2016 | 2 | 3 months ago | Riscure Hack me 2 is a low level hardware CTF challenge |
Rhme-2017/2018 | 0 | 3 months ago | Riscure Hack Me 3 embedded hardware CTF 2017-2018 |
Awesome Embedded and IoT Security / Websites | |||
Hacking Printers Wiki | All things printer | ||
OWASP Embedded Application Security Project | Development best practices and list of hardware and software tools | ||
OWASP Internet of Things Project | IoT common vulnerabilities and attack surfaces | ||
Router Passwords | Default login credential database sorted by manufacturer | ||
Siliconpr0n | A Wiki/Archive of all things IC reversing | ||
Awesome Embedded and IoT Security / Websites / Blogs | |||
RTL-SDR | |||
/dev/ttyS0's Embedded Device Hacking | |||
Exploiteers | |||
Hackaday | |||
jcjc's Hack The World | |||
Quarkslab | |||
wrong baud | |||
Firmware Security | |||
PenTestPartners | |||
Attify | |||
Patayu | |||
GracefulSecurity - Hardware tag | |||
Black Hills - Hardware Hacking tag | |||
Awesome Embedded and IoT Security / Websites / Tutorials and Technical Background | |||
Azeria Lab | Miscellaneous ARM related Tutorials | ||
JTAG Explained | A walkthrough covering UART and JTAG bypassing a protected login shell | ||
Reverse Engineering Serial Ports | Detailed tutorial about how to spot debug pads on a PCB | ||
UART explained | An in depth explanation of the UART protocol | ||
Awesome Embedded and IoT Security / Websites / YouTube Channels | |||
Flashback Team | A duo of hackers explaining their step by step approach to finding and exploiting vulnerabilities in embedded devices | ||
StackSmashing | Reverse engineering and hardware hacking of embedded devices | ||
Awesome Embedded and IoT Security / Conferences | |||
Hardwear.io |