
Heathen Internet of Things Penetration Testing Framework developed as a research project, which automatically help developers and manufacturers build more secure products in the Internet of Things space based on the Open Web Application Security Project (OWASP). It provides a set of features in every fundamental era.
-Insecure Web Interface
-Insufficient Authentication/Authorization
-Insecure Network Services
-Lack of Transport Encryption
-Privacy Concerns
-Insecure Cloud Interface
-Insecure Mobile Interface
-Insufficient Security Configurability
-Insecure Software/Firmware
-Poor Physical Security
Getting Started with Heathen Framework:
Installation : https://github.com/chihebchebbi/Internet-Of-Things-Pentesting-Framework
To start, just make sure that you got all the dependencies. If not, just run the deps.sh script.
To Lunch Heathen IoT Pentesting Framework run Heathen.sh
Features
-Insecure Web Interface:
- Now, you can scan all your web interfaces to ensure that any web interface in the product has been tested for XSS, SQLi and CSRF vulnerabilities
-Insecure Network Service:
- Ensure all devices do not make network ports and/or services available to the internet via UPnP, for example
-Lack of Transport Encryption:
- Ensure all communication between system components is encrypted as well as encrypting traffic between the system or device and the internet
- Use recommended and accepted encryption practices and avoid proprietary protocols
- Ensure SSL/TLS implementations are up to date and properly configured
-Insecure Software/Firmware:
- Ensure all system devices have update capability and can be updated quickly when vulnerabilities are discovered
- Ensure update files are encrypted and that the files are also transmitted using encryption
- Ensure that update files are signed and then validated by the device before installing
- Ensure update servers are secure
- Ensure the product has the ability to implement scheduled updates
Acknowledgments: Craig Smith – Daniel Miessler – Dirk Wetter -Justin Klein Keane – Yunsoul