Tools

cotopaxi: Set of tools for security testing of Internet of Things devices

Cotopaxi

Set of tools for security testing of Internet of Things devices using protocols like CoAP, DTLS, HTCPCP, mDNS, MQTT, SSDP.

Tools in this package:

  • service_ping
  • server_fingerprinter
  • resource_listing
  • server_fingerprinter
  • protocol_fuzzer (for fuzzing servers)
  • client_proto_fuzzer (for fuzzing clients)
  • vulnerability_tester (for testing servers)
  • client_vuln_tester (for testing clients)
  • amplifier_detector

Protocols supported by different tools:

ToolCoAPDTLSHTCPCPmDNSMQTTSSDP
service_ping
server_fingerprinter
resource_listing
protocol_fuzzer
client_proto_fuzzer
vulnerability_tester
client_vuln_tester
amplifier_detector

cotopaxi.service_ping

Tool for checking availability of network service at given IP and port ranges.

cotopaxi.server_fingerprinter

Tool for software fingerprinting of network servers at given IP and port ranges

Currently supported servers:

  • CoAP:
    • aiocoap,
    • CoAPthon,
    • FreeCoAP,
    • libcoap,
    • MicroCoAP,
    • Mongoose
    • Wakaama (formerly liblwm2m)
  • DTLS:
    • GnuTLS,
    • Goldy,
    • LibreSSL,
    • MatrixSSL,
    • mbed TLS,
    • OpenSSL,
    • TinyDTLS

cotopaxi.resource_listing

Tool for checking availability of resource named url on the server at given IP and port ranges. Sample URL lists are available in the urls directory

cotopaxi.protocol_fuzzer

Black-box fuzzer for testing protocol servers

cotopaxi.client_proto_fuzzer

Black-box fuzzer for testing protocol clients

cotopaxi.vulnerability_tester

Tool for checking vulnerability of network service at given IP and port ranges

cotopaxi.client_vuln_tester

Tool for checking vulnerability of network clients connecting to the server provided by this tool

cotopaxi.amplifier_detector

Tool for detection of network devices amplifying reflected traffic by observing the size of the incoming and outgoing size of packets

Install & Use

Copyright (C) 2019 Samsung Electronics. All Rights Reserved.

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Malware analyst || Malware Investigator || Reverse Engineering