Many traditional pen test tools are applicable to the IoT, although there are also IoT-specific tools now coming online. Examples of tools that may be useful during IoT penetration testing are provided in the following table:
Tool |
Description |
Available at |
BlueMaho |
Suite of Bluetooth security tools. Can scan/track BT devices, and supports simultaneous scanning and attacking. |
http://git.kali.org/gitweb/?p=packages/bluemaho.git;a=summary |
FACT |
Firmware Analysis and Comparison Tool
|
|
MobSF |
Mobile Security Framework |
|
Bluelog |
Good for long-term scanning at a location to identify discoverable BT devices. |
|
crackle |
A tool designed to crack BLE encryption. |
|
SecBee |
A ZigBee vulnerability scanner. Based on KillerBee and scapy-radio. |
|
KillerBee |
A tool for evaluating the security posture of ZigBee networks. Supports emulation and attack of end devices and infrastructure equipment. |
|
scapy-radio |
A modification to the scapy tool for RF-based testing. Includes support for Bluetooth-LE, 802.15.4-based protocols and ZWave. |
|
Wireshark |
An old favorite. |
|
Aircrack-ng |
A wireless security tool for exploiting Wi-Fi networks—supports 802.11a, 802.11b, and 802.11g. |
|
Chibi |
An MCU integrated with an open-sourced ZigBee stack. |
|
Hardsploit |
A new tool aimed at providing Metasploit-like flexibility to IoT hardware testing. |
|
HackRF |
Flexible and turnkey platform for RX and TX 1 MHZ to 6 GHZ. |
|
Shikra |
The Shikra is a device that allows the user to interface (via USB) to a number of different low-level data interfaces such as JTAG, SPI, I2C, UART, and GPIO. |
Test teams should of course also keep track of the latest vulnerabilities that can impact IoT implementations. For example, it is always useful to track the National Vulnerability Database (NVD) at https://nvd.nist.gov/. In some cases, vulnerabilities may not be directly in the IoT devices, but in the software and systems to which they connect. IoT system owners should maintain a comprehensive version tracking system for all devices and software in their enterprise. This information should be regularly checked against vulnerability databases and, of course, be shared with the whitebox penetration testing teams.