An interactive IoT vulnerability scanner for detecting vulnerabilities in an enterprise network by scanning multiple communication protocols. The application scans through the given IP range, detects devices present on each IP and tries to log in into the IoT device by using the database given by the administrator.
The app is meant for usage my an admin of the network who can detect such vulnerabilities and notify device owners insside the enterprise by email. (which is known whenever the IoT device would be configured to log in into the enterprise wireless network)
Clone the repository and run pip3 install -r requirements.txt
Open the file config.config and replace host and port parameters as per your requirements. Change adminemail in config.config currently as networkadminemail and the sender (iotscanner) email, password currently as systemscanneremail and systemscannerpassword to your own email addresses.
Run the web application by using the command : python3 app.py and open the link in your browser.
The repository contains a database iot.db which can be re-initialised by deleting the database and running the script python3 extensions.py
- Log in into the system by using admin credentials as {username: admin, password: password} by default (change if to be deployed)
- Register an admin
The Admin Dashboard.
- Enter range of IP to be scanned
- View current scan results after entering the IP range
- View all scan results performed so far (history)
- Adding functionality for additional protocols
- View graphical history
- Handling end-to-end exceptions
- Notify admin via email
- Notify device owners
Add or Delete Credentials Page
- Add new tuple of default credentials
- Delete existing default credentials
- View default credentials table
For testing the code, we have used a Raspberry Pi 1B via Ethernet. You can connect multiple IoT devices to the laptop network and run the application.