金御网安

物联网设备默认密码扫描检测工具IoTSeeker

发布时间:4年前热度: 1475 ℃评论数:

oTSeeker,Rapid7出品,是一款物联网默认密码凭据网络扫描工具,可以针对特定物联网设备进行扫描检测,发现IoT设备是否使用默认或出厂设置密码凭据。

w8.png

工具介绍


前久美国大规模网络中断的原因,已被调查为恶意软件利用物联网设备(CCTV摄像机,DVR等)默认密码凭据,入侵感染,组建僵尸网络发起的DDoS攻击。IoTSeeker可以帮助企业扫描其网络中的物联网设备,检测其密码是否已被修改,或设备是否处于出厂设置状态。早期的Mirai恶意软件主要利用IoT设备的telnet服务进行入侵感染,而IoTSeeker主要利用HTTP / HTTPS服务来进行检测识别。


项目地址


https://github.com/rapid7/IoTSeeker   


工具特点


为了适应多种类型IoT设备,和大范围IP网络扫描,IoTSeeker具备以下特点:


高并行性:使用Perl模块AnyEvent,可以在同一时间执行数以千计的IoT设备扫描

可扩展性:无需更改或编写大量代码,支持很多新型设备

文件组成:工具文件有两部分组成,一个为设备配置识别的JSON格式文件devices.cfg,另一个为进行扫描控制的Perl文件iotScanner.pl。

运行环境:IoTSeeker目前的运行环境仅支持Linux或Mac OS系统


安装


1.确保系统安装了Perl和cpan(安装方法自行百度)

2.用以下命令安装所需Perl模块 :

cpan AnyEvent::HTTP Data::Dumper JSON


运行示例


perl iotScanner.pl 1.1.1.1-1.1.4.254,2.1.1.1-2.2.3.254


IoTSeeker

This scanner will scan a network for specific types of IoT devices to detect if they are using the default, factory set credentials. The recent Internet outage has been attributed to use the IoT devices (CCTV Cameras, DVRs and others) with default credentials. It's the intention of this tool to help organizations scan their networks to detect these types of IoT devices and to identify whether credentials have been changed or if the device is still using the factory setting. Note that Mirai malware, suspected to have been used to launch the massive internet outage on Oct 21, 2016, mainly focuses on telnet services. IoTSeeker focuses on HTTP/HTTPS services.

In order to accommodate large IP ranges and make it capable of finding a large number of different types of IoT devices, this tool was designed with:

  • High parallelism. So that it can scan thousands of IoT's at the same time
  • Extensibility, making it easy to support new types of devices without needing to change or write lots of code.

The software has two parts. One is the device configuration file which is in JSON format, the other is the scanner, coded in perl, that does scanning, device identification and logging under the control the device configuration file.

This software uses the perl module AnyEvent for high parallelism and as a result, it only runs on Linux or Mac OS.

Here are the steps to install and run it:

  • make sure perl and cpan are installed.
  • Install perl packages by
  • cpan AnyEvent::HTTP Data::Dumper JSON
  • perl iotScanner.pl

    • example: perl iotScanner.pl 1.1.1.1-1.1.4.254,2.1.1.1-2.2.3.254

[本文转载自网络,自行研究,清遵守国家相关法律法规,对自己的行为负责]

IoTSeeker 物联网

手机扫码访问