IoT Pentesting Tools

Tools

A comprehensive collection of hardware and software tools essential for IoT security testing, from firmware analysis to hardware hacking.

Firmware Analysis Tools

Binwalk

Firmware analysis and extraction tool. Identifies embedded files and executable code in firmware images.

bash 
sudo apt install binwalk

Firmware Mod Kit

Extract, modify, and rebuild firmware images. Supports multiple filesystem types.

bash 
git clone https://github.com/rampageX/firmware-mod-kit

EMBA

Embedded firmware analyzer. Automated security analysis including CVE detection, password extraction, and more.

bash 
git clone https://github.com/e-m-b-a/emba

Firmwalker

Script to search extracted firmware filesystems for sensitive data like passwords and keys.

bash 
git clone https://github.com/craigz28/firmwalker

Reverse Engineering

Ghidra

NSA's free reverse engineering suite. Excellent for analyzing MIPS, ARM, and other IoT architectures.

bash 
# Download from https://ghidra-sre.org/

Radare2

Open-source reverse engineering framework. Command-line based, powerful for scripting.

bash 
sudo apt install radare2

Hardware Tools

Serial/Debug Interfaces

Tool Purpose Price Range
USB-TTL Adapter (FTDI/CH340) UART serial connection $5-15
Bus Pirate Multi-protocol (UART, SPI, I2C, JTAG) $30-40
JTAGulator Automatic JTAG/UART pin identification $170
J-Link Professional JTAG/SWD debugger $50-500+
Logic Analyzer (Saleae) Protocol analysis and debugging $10 (clone) - $500+

Flash Programmers

Tool Supported Chips Price
CH341A Programmer SPI flash (most common) $5-10
FlashcatUSB SPI, I2C, parallel flash $30-100
Raspberry Pi SPI, I2C (with flashrom) $35+

Radio & Protocol Tools

Software Defined Radio (SDR)

HackRF One

1 MHz to 6 GHz SDR. TX/RX capable. Essential for Z-Wave, Zigbee, LoRa testing.

~$300

RTL-SDR

Budget RX-only SDR. Good for reconnaissance and protocol analysis.

~$30

YARD Stick One

Sub-GHz transceiver. Great for Z-Wave and other sub-1GHz protocols.

~$100

Ubertooth One

Bluetooth/BLE monitoring and injection platform.

~$125

Zigbee/BLE Tools

bash 
# KillerBee - Zigbee framework
sudo apt install python3-pip
pip3 install pyusb
git clone https://github.com/riverloopsec/killerbee
cd killerbee && sudo python3 setup.py install

# BLE tools
sudo apt install bluez bluetooth
pip3 install bluepy
pip3 install gattlib

# MQTT testing
sudo apt install mosquitto-clients
pip3 install paho-mqtt

# Install bettercap (BLE + more)
sudo apt install bettercap

Network Analysis

Wireshark

Network protocol analyzer. Essential for IoT traffic analysis. Supports MQTT, CoAP, Zigbee dissectors.

bash 
sudo apt install wireshark

mitmproxy

Interactive HTTPS proxy. Intercept device-to-cloud communications.

bash 
pip3 install mitmproxy

Nmap

Network scanner with IoT-specific scripts for UPnP, MQTT, and service detection.

bash 
sudo apt install nmap

Shodan

Search engine for IoT devices. Find exposed devices, services, and vulnerabilities.

bash 
pip3 install shodan

Multi-Purpose Devices

Flipper Zero

Multi-tool device for RFID, IR, sub-GHz, GPIO, and more. Great for quick IoT reconnaissance.

  • • Sub-GHz transceiver (300-928 MHz)
  • • 125kHz RFID reader/emulator
  • • NFC (13.56 MHz)
  • • Infrared transceiver
  • • GPIO pins for hardware hacking

~$170

Proxmark3

Advanced RFID research tool. Read, clone, and emulate access cards.

  • • 125kHz low frequency
  • • 13.56MHz high frequency
  • • Sniff card communications
  • • Clone most access cards
  • • Attack Mifare crypto

$150-400+

Vulnerability Databases

  • Exploit-DB - exploit-db.com
    Searchable archive of exploits and vulnerable software
  • NIST NVD - nvd.nist.gov
    National Vulnerability Database with CVE details
  • CISA ICS-CERT - cisa.gov/ics
    Industrial control system and IoT advisories
  • AttifyOS - github.com/adi0x90/attifyos
    Pre-configured IoT pentesting OS with tools pre-installed

Tool Installation Script

bash 
#!/bin/bash
# IoT Pentesting Tools Installation Script
# Run on Kali Linux or Ubuntu

echo "[*] Installing IoT pentesting tools..."

# Update system
sudo apt update && sudo apt upgrade -y

# Firmware analysis
sudo apt install -y binwalk firmware-mod-kit squashfs-tools jefferson
pip3 install ubi_reader

# Reverse engineering
sudo apt install -y radare2 ghidra

# Network tools
sudo apt install -y nmap wireshark tcpdump
pip3 install mitmproxy shodan

# Serial/UART tools
sudo apt install -y minicom screen picocom

# Flash tools
sudo apt install -y flashrom openocd

# BLE/Bluetooth
sudo apt install -y bluez bluetooth

# MQTT
sudo apt install -y mosquitto-clients
pip3 install paho-mqtt

# Install bettercap
sudo apt install -y bettercap

# Firmware analysis frameworks
git clone https://github.com/e-m-b-a/emba ~/tools/emba
git clone https://github.com/craigz28/firmwalker ~/tools/firmwalker

# Add user to required groups
sudo usermod -aG dialout $USER
sudo usermod -aG wireshark $USER
sudo usermod -aG bluetooth $USER

echo "[+] Installation complete! Please reboot."

AttifyOS

For a ready-to-use IoT pentesting environment, consider AttifyOS - a pre-built VM with most IoT tools already configured.

Related Topics

IoT Pentesting

Hardware Hacking

All Cheatsheets
← Exploitation Back to IoT Overview →