A collection of open source firmware tools
- aolofsson/awesome-hardware-tools - List of awesome open source hardware tools
- nebgnahz/awesome-iot-hacks - A Collection of Hacks in IoT Space so that we can address them (hopefully).
- PreOS-Security/awesome-firmware-security - Awesome Firmware Security & Other Helpful Documents
- nsacyber/Hardware-and-Firmware-Security-Guidance - Guidance for the Spectre, Meltdown, Speculative Store Bypass, Rogue System Register Read, Lazy FP State Restore, Bounds Check Bypass Store, TLBleed, and L1TF/Foreshadow vulnerabilities as well as general hardware and firmware security guidance
- IoT-PTv/List-of-Tools - List of the tools and usage
- Embedded Systems Security and TrustZone
硬件市场
Firmware analysis
- PreOS-Security/fwaudit - Platform Firmware Auditing Tool
- binarly-io/fwhunt-scan - Tools for analyzing UEFI firmware and checking UEFI modules with FwHunt rules
- quarkslab/binbloom - Raw binary firmware analysis software - 自动分析加载地址、大端还是小端等等
- FirmWire - a full-system baseband firmware emulation platform for fuzzing, debugging, and root-cause analysis of smartphone baseband firmwares
- e-m-b-a/embark - The firmware security scanning environment
- fkie-cad/FACT_core - Firmware Analysis and Comparison Tool
- sgayou/rbasefind - A firmware base address search tool - 确定加载基地址的
- adi0x90/attifyos - Attify OS - Distro for pentesting IoT devices
- ReFirmLabs/binwalk - Firmware Analysis Tool
- cruise-automation/fwanalyzer - a tool to analyze filesystem images
- craigz28/firmwalker - Script for searching the extracted firmware file system for goodies
- sviehb/jefferson - JFFS2 filesystem extraction tool
- therealsaumil/emux - EMUX Firmware Emulation Framework (formerly ARMX)
- firmadyne - Platform for emulation and dynamic analysis of Linux-based firmware
- platomav/MEAnalyzer - Intel Engine Firmware Analysis Tool
- e-m-b-a/emba - Embedded Analyzer - 1.2K star
USB generic
- 0xADE1A1DE/USB-Injection - USB device hardware core with modified behaviour capable of injecting transmissions on behalf of other devices
- cea-sec/usbsas - usbsas is a tool and framework for securely reading untrusted USB mass storage devices
- xairy/raw-gadget - USB Raw Gadget — low-level interface for the Linux USB Gadget subsystem
- AristoChen/usb-proxy - A USB proxy based on raw-gadget and libusb
BLE
- Charmve/BLE-Security-Attack-Defence - The dangers of Bluetooth Low Energy(BLE)implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth LE stacks
- smartlockpicking/BLE_HackMe - Bluetooth Low Energy hardware-less HackMe
HID
- Alwinator/JustUSB - A custom-built USB stick which registers as HID-keyboard to automatically run commands
- whid-injector/WHID - WiFi HID Injector - An USB Rubberducky / BadUSB On Steroids
- tenable/router_badusb - BadUSB in Routers
- RoganDawes/P4wnP1 - a highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W
- spacehuhn/WiFiDuck - Keystroke injection attack plattform
- hak5/bashbunny-payloads - The Official Bash Bunny Payload Repository
- ondrejbudai/hidviz - A tool for in-depth analysis of USB HID devices communication
- spacehuhn/wifi_ducky - Upload, save and run keystroke injection payloads with an ESP8266 + ATMEGA32U4
Decryption
- chrivers/samsung-firmware-magic - Tool for decrypting the firmware files for Samsung SSDs
- 0x00sec: Breaking the D-Link DIR3060 Firmware Encryption - Static analysis of the decryption routine - Part 2.2
Exploit frameworks
Zigbee
- IoTsec/Z3sec - Penetration testing framework for ZigBee security research
- riverloopsec/killerbee - IEEE 802.15.4/ZigBee Security Research Toolkit
Mikrotik
DMA
BIOS
- platomav/BIOSUtilities - Various BIOS Utilities for Modding/Research
- LongSoft/UEFITool - UEFI firmware image viewer and editor
- HackingThings/SignedUEFIShell - Information about a signed UEFI Shell that can be used when Secure Boot is enabled - 代签名的UEFI启动程序利用
Bluetooth
- engn33r/awesome-bluetooth-security - List of Bluetooth BR/EDR/LE security resources
- virtualabs/btlejack - Bluetooth Low Energy Swiss-army knife
- evilsocket/bleah - A BLE scanner for "smart" devices hacking
- securing/gattacker - A Node.js package for BLE (Bluetooth Low Energy) security assessment using Man-in-the-Middle and other attacks
- greatscottgadgets/ubertooth - Software, firmware and hardware designs for Ubertooth
AirTag
- pd0wm/airtag-dump - Utility to glitch and dump an AirTag
- positive-security/send-my - Upload arbitrary data via Apple's Find My network
- positive-security/find-you - A stealth AirTag clone that bypasses all of Apple's tracking protection features
Uncategorized
- Push3AX/GrabAccess - Bypass Windows Password And Bitlocker - 刚开源的,近源攻击神器
- hardenedvault/vaultboot - In the highest level of security profile (CRITICAL), the Vault 111 hardware node enables multi-trust anchors through the chip security features. The Next-Gen firmware architecture deal with hardware initialization and execution payload separately
- gist: emumipsel.sh - qemu + MIPS内核,模拟启动固件;一般而言,启动后还得修复各种问题。提前编译好的内核,是从 debian 一个服务器上下载的。
- SciresM/boot9strap - Boot9/Boot11 code execution
- SigPloiter/SigPloit - SigPloit: Telecom Signaling Exploitation Framework - SS7, GTP, Diameter & SIP
- Or3stis/apparatus - A graphical security analysis tool for IoT networks
- duo-labs/EFIgy - a RESTful API and client that helps Apple Mac users determine if they are running the expected EFI firmware version given their Mac hardware and OS build version
- ionescu007/tpmtool - a simple cross-platform tool for accessing TPM2.0 Non-Volatile (NV) Spaces (Index Values) on compliant systems, with zero dependencies on any TPM2.0 stack
- seemoo-lab/polypyus - locate functions in raw binaries by extracting known functions from similar binaries - 说是不用反汇编二进制文件
- insecurityofthings/jackit - Exploit Code for Mousejack
- mharjac/bad_ducky - Rubber Ducky compatible clone based on CJMCU BadUSB HW
- chipsec - Platform Security Assessment Framework
- samyk/poisontap - Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi - 模拟USB设备实现劫持功能
- inversepath/usbarmory - open source flash-drive-sized computer
- therealsaumil/custom_nvram - Shared Library to intercept nvram get/set/match calls for emulating libnvram.so used by many IoT firmware software
- rapid7/IoTSeeker - scan a network for specific types of IoT devices to detect if they are using the default, factory set credentials
- SafeBreach-Labs/SirepRAT - Remote Command Execution as SYSTEM on Windows IoT Core
- PowerShell/PowerShell-IoT - Interact with I2C, SPI & GPIO devices using PowerShell Core
- nccgroup/phantap - an ‘invisible’ network tap aimed at red teams
- Relaying YubiKeys
- MiSecurity/Cyber-Security-Baseline-for-Consumer-Internet-of-Things - 消费级物联网安全基线 - 有个PDF
- Inside a low budget consumer hardware espionage implant
- 360: 2017年度安全报告 - IoT安全威胁
- OWASP Firmware Security Testing Methodology
- https://help.apple.com/pdf/security/en_US/apple-platform-security-guide.pdf