Skip to content
MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations.
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
docs initial commit Aug 2, 2018
mqtt_pwn Added the shodan command Dec 5, 2018
mqtt_pwn_victim initial commit Aug 2, 2018
resources Added the shodan command Dec 5, 2018
.gitignore * added the start docker cli file. Aug 2, 2018
Dockerfile
LICENSE Initial commit Aug 2, 2018
README.rst Added the shodan command Dec 5, 2018
_config.yml Set theme jekyll-theme-cayman Aug 5, 2018
docker-compose.yml initial commit Aug 2, 2018
readthedocs.yml updated RTD Aug 2, 2018
requirements.txt
run.py initial commit Aug 2, 2018
start_docker_cli.sh updated the startup script Aug 2, 2018

README.rst

MQTT-PWN

https://readthedocs.org/projects/ansicolortags/badge/?version=latest

MQTT is a machine-to-machine connectivity protocol designed as an extremely lightweight publish/subscribe messaging transport and widely used by millions of IoT devices worldwide. MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations, as it combines enumeration, supportive functions and exploitation modules while packing it all within command-line-interface with an easy-to-use and extensible shell-like environment.

https://raw.githubusercontent.com/akamai-threat-research/mqtt-pwn/master/docs/_static/images/another-logo-trans-bg-small.png

Authors

Feature Support

  • Credential Brute-Forcer - configurable brute force password cracking to bypass authentication controls
  • Topic Enumerator - establishing comprehensive topic list via continuous sampling over time
  • Useful Information Grabber - obtaining and labeling data from an extensible predefined list containing known topics of interest
  • GPS tracker - plotting routes from devices using OwnTracks app and collecting published coordinates
  • Sonoff Exploiter – design to extract passwords and other sensitive information
  • Extensibility - the framework was designed to add new custom plugins with ease
  • Shodan - search through Shodan.io API for available vulnerable MQTT brokers

Documentation

Documentation is available at https://mqtt-pwn.readthedocs.io/.

You can’t perform that action at this time.