Shulou(Shulou.com)05/31 Report--

This article will explain what kind of tool Peniot is for you in detail. The editor thinks it is very practical, so I share it for you as a reference. I hope you can get something after reading this article.

Peniot

Peniot is a professional penetration testing tool for Internet of things devices, which can help us test the security of target Internet of things devices through a variety of different types of network security attacks. In other words, we can expose the Internet of things devices to be tested under active / passive security attack scenarios, and after determining the relevant information and parameters of the target device, we can use Peniot to perform attack tests on it, such as changing or consuming system resources, replaying effective communication units, and so on. In addition, we can also use Peniot to perform passive security attacks, such as violating the confidentiality of important data or traffic analysis (MitM), and so on. It is worth mentioning that all attacks and analysis operations are implemented in a fully automated manner. In short, Peniot is a package / framework that can be used to test protocol-based security attacks against Internet of things devices.

In addition, Peniot can also provide an infrastructure for researchers to further inject new security attacks or new Internet of things protocols. One of the most important features of Peniot is its scalability. By default, it supports security attack testing against common Internet of things protocols and other related protocols. And it can also be extended by exporting the basic structure of the internal usage components, so that we can develop attack tests that coordinate with the internal structure of Peniot.

The role of Peniot

The model of the Internet of things has undergone great changes in the past decade, and billions of devices are now connected to the Internet. Due to capacity constraints, most devices even lack basic security protection measures, and because the time to market is short, security is not considered in the design, so many devices have security problems. Because of the high connectivity of the Internet of things, it is easy for hackers to launch attacks that have a destructive impact on the extended network through vulnerable devices.

So far, penetration tests for the Internet of things have been done manually. This process makes the testing process of the equipment very slow. On the other hand, companies that produce Internet of things devices need to constantly update and upgrade the reliability, robustness, and features provided by their devices to prevent security attacks from having an unintended impact on users. The main purpose of Peniot is to speed up the process of security testing, which can help researchers identify security defects in Internet of things devices through automated penetration testing.

Introduction to Peniot function

With the rapid increase in the number of Internet of things devices, Internet of things devices are becoming more and more common in our daily life. Smart homes, smart bicycles, medical sensors, fitness trackers and smart door locks are just a few examples of Internet of things products. With this in mind, we think it is necessary to choose some of the most commonly used Internet of things protocols to be implanted into Peniot by default. We choose the following protocols as the default IoT protocols included in Peniot. These Internet of things protocols can be embedded in various types of security attacks, such as DoS, ambiguity testing, sniffing attacks, replay attacks, and so on.

The current version of Peniot supports the following protocols:

Advanced message queuing Protocol (AMQP)

Low Power Bluetooth Protocol (BLE)

Restricted Application Protocol (CoAP)

Message queuing Telemetry Transport Protocol (MQTT)

In addition, Peniot also allows researchers to import their own external protocols to implement attack testing against other protocols. Don't forget that Peniot also gives us an easy-to-use and user-friendly graphical user interface.

Build command

First, we need to install the setuptools module of Python and install python-tk and bluepy.

In short, we need to configure the following components before installing and running Peniot:

Setuptoolspython-tkBluepy

Next, we can execute the following command to install and configure the project on the local device:

$git clone git@github.com:yakuza8/peniot.git$ cd peniot$ python setup.py install project architecture tool test

Peniot comes with some integration test samples for common attacks by default, and before performing these attack tests, we need to execute a program that runs the target protocol. Specific test samples for each protocol can be found in the examples/ directory of the project directory.

This is the end of the article on "what is Peniot?". I hope the above content can be helpful to you, so that you can learn more knowledge. if you think the article is good, please share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.