• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2019
  • November
  • 6
  • HomePwn – Swiss Army Knife for Pentesting of IoT Devices

HomePwn – Swiss Army Knife for Pentesting of IoT Devices

November 6, 2019 Comments Off on HomePwn – Swiss Army Knife for Pentesting of IoT Devices
HomePwn - Swiss Army Knife for Pentesting of IoT Devices cybersecurity ethical hacking hack android hack app hack wordpress hacker news hacking hacking tools for windows keylogger kit kitploit password brute force penetration testing pentest pentest android pentest linux pentest toolkit pentest tools spy tool kit spyware tools

HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment. It is designed to find devices in the home or office, take advantage of certain vulnerabilities to read or send data to those devices. With a strong library of modules you can use this tool to load new features and use them in a vast variety of devices.
HomePwn has a modular architecture in which any user can expand the knowledge base about different technologies. Principally it has two different components:

  • Discovery modules. These modules provide functionalities related to the discovery stage, regardless of the technology to be used. For example, it can be used to conduct WiFi scans via an adapter in monitor mode, perform discovery of BLE devices, Bluetooth Low-Energy, which other devices are nearby and view their connectivity status, etc. Also, It can be used to discover a home or office IoT services using protocols such as SSDP or Simple Service Discovery Protocol and MDNS or Multicast DNS.
  • Specific modules for the technology to be audited. On the other hand, there are specific modules for audited technology. Today, HomePwn can perform auditing tests on technologies such as WiFi, NFC, or BLE. In other words, there are modules for each of these technologies in which different known vulnerabilities or different techniques are implemented to asses the device’s security level implemented and communicated with this kind of technologies.

Built With

  • Python – Programming language used
  • Prompt Toolkit – Python command line

Documentation
It’s possible to read the documentation in our papers:

  • Spanish Version
  • English Version

Getting Started
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes. See deployment for notes on how to deploy the project on a live system.

Prerequisites:
You need to have Linux and python 3.6+ running in your computer, please install them in the download page.

  • Ubuntu, Debian or similar.
  • Python 3.6+.

Installing all requisites:
To install all dependencies in Ubuntu 18.04 or derivatives use the file install.sh

> sudo apt-get update
> sudo ./install.sh

The script ask you if you want to create a virtualenv, if your answer is ‘y’ then it installs python libraries within the virtual environment, if not in the system itself

Usage
To run the script, if you chose a virtual environment in the installation follow execute the next command to activate the virtual environment:

> source homePwn/bin/activate

Launch the application:

> sudo python3 homePwn.py

Examples
Here are some videos to see how the tool works.

HomePwn. Bluetooth Low-Energy PoC & Hacking

[youtube https://www.youtube.com/watch?v=JgbIsP7IGxo&w=560&h=315]

HomePwn. Bluetooth Spoofing

[youtube https://www.youtube.com/watch?v=o9P1BwlHelM&w=560&h=315]

HomePwn. NFC Clone

[youtube https://www.youtube.com/watch?v=ZLas04ZCTLU&w=560&h=315]

HomePwn. BLE capture on PCAP file (sniffing)

[youtube https://www.youtube.com/watch?v=vw9nr584PJQ&w=560&h=315]

HomePwn. QR Options hack

[youtube https://www.youtube.com/watch?v=ta1DbnWOF8M&w=560&h=315]

HomePwn. Apple BLE Discovery

[youtube https://www.youtube.com/watch?v=xOU34op7Gls&w=560&h=315]

HomePwn. Xiaomi IoT Advertisement

[youtube https://www.youtube.com/watch?v=Xi7KZibJsfE&w=560&h=315]

Authors
This project has been developed by the team of ‘Ideas Locas’ (CDO – Telefónica). To contact the authors:

  • Pablo Gonzázlez Perez — @pablogonzalezpe — [email protected]
  • Josué Encinar García — @JosueEncinar — [email protected]
  • Lucas Fernández Aragón — @lucferbux — [email protected]

See also the list of CONTRIBUTORS.md who participated in this project.

Disclaimer!
THE SOFTWARE (for educational purpose only) IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
This software doesn’t have a QA Process.

Download HomePWN

Post navigation

Los Angeles man Pleads Guilty to Selling Drugs on the Dark Web
Github-Dorks – Collection Of Github Dorks And Helper Tool To Automate The Process Of Checking Dorks

Related Articles

Zmap - A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys

Zmap – A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys

- Hack Tools
January 23, 2021
ipscan

Angry IP Scanner v3.7.4 releases: fast and friendly network scanner

- Hack Tools
January 23, 2021
Sigurlx - A Web Application Attack Surface Mapping Tool

Sigurlx – A Web Application Attack Surface Mapping Tool

- Hack Tools
January 23, 2021
hacker gadgets
hacker phone covers

Recent Posts

Zmap - A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys

Zmap – A Fast Single Packet Network Scanner Designed For Internet-wide Network Surveys

January 23, 2021
VLC 3.0.12 fixes multiple security vulnerabilities

VLC 3.0.12 fixes multiple security vulnerabilities

January 23, 2021
ipscan

Angry IP Scanner v3.7.4 releases: fast and friendly network scanner

January 23, 2021
Sigurlx - A Web Application Attack Surface Mapping Tool

Sigurlx – A Web Application Attack Surface Mapping Tool

January 23, 2021
CSSG: Cobalt Strike Shellcode Generator

CSSG: Cobalt Strike Shellcode Generator

January 22, 2021
DNSpooq Security Vulnerabilities Alert

DNSpooq Security Vulnerabilities Alert

January 22, 2021

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook
Twitter
Google-plus
Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW