Skip to content
Attempts to determine the configuration, behavior, and type of a remote MQTT broker
Branch: master
Clone or download
Latest commit c545dea Mar 27, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.


mqttinfo is a command-line utility to retrieve information on an MQTT broker.

To get the mqttinfo utility, you may run:

go get -u -v

Otherwise, clone this repository and run ./scripts/ to build mqttinfo, then run it from ./bin/mqttinfo.


./bin/mqttinfo --help
      --help          shows this
  -h, --host string   MQTT broker to connect to (default "localhost")
  -j, --json          writes JSON-formatted output to mqttinfo.json
  -p, --port int      network port to connect to (default 1883)
  -P, --pwd string    password, if authentication is needed
  -u, --user string   username, if authentication is needed

Key features of mqttinfo:

  • MQTT v3.1.1 and v5.0 support
  • Multiplatform: Will run on Linux, macOS, Windows.
  • Broker fingerprinting: Attempts to identify the broker product.
  • Human- and machine-readable output: Prints results to stdout and writes JSON to a file.

Current limitations:

  • TLS is not supported yet.
  • WebSocket is not supported yet.
  • Only HiveMQ, mosquitto, and VerneMQ are identified as brokers.
  • Broker fingerprinting is pretty dumb, can be enhanced for example by looking at reason strings.

To analyze a remote broker, you can for example do the following:

Please note that the last step (product detection) may take up to a minute, because it's awaiting for the publication of messages from the $SYS tree.


The behavior of a broker depends on several factors: the broker product, the version of the software, the parameters defined in the configuration file, and the MQTT version. It's therefore unwise to conclude that broker product X is "better" than broker product "Y" after you've observed that some instance of X looks better than some instance of Y.

mqttinfo doesn't perform any intrusive operations but can be seen as a reconnaissance tool in an offensive context, and in the worst case it could crash particularly fragile brokers. So use at your own risk, note that we decline any responsibility etc. etc.

Broker detection is based on heuristics, and therefore is not 100% reliable. Please feel free to file an issue in GitHub if you encounter misidentified brokers, we'll do our best to improve mqttinfo's detection capabilities.

Intellectual property

mqttinfo is copyright (c) 2019, Teserakt AG.

The code is released under AGPLv3, please contact us if that's an issue for you.

You can’t perform that action at this time.