Author: Sean Pesce
Security assessment tool for enumeration of AWS IoT Core (data plane) using compromised IoT device keys.
More information about this project (and the research that led to its development) can be found on my security research blog.
java -jar aws-iot-recon.jar -H <host> -a <action> [options]
See also:
This tool should only be used in testing environments with the goal of securing product implementations. The author of this tool does not endorse the use of this tool against real-world production environments without prior permission from the owner of the target instance(s). Additionally, the use of this tool against real-world implementations may trigger detection/alert mechanisms in IoT Device Defender, resulting in client key disablement/revocation and/or further repercussions (legal or otherwise).
To compile this project, make sure you have a JDK and Apache Maven installed. Then, simply run the following command:
mvn package
The resulting executable JAR file will be in the target/
directory.
- AWS Skill Builder - Deep Dive into AWS IoT Authentication and Authorization
- AWS Skill Builder - Introduction to IoT Device Defender
- AWS IoT Core Developer Guide
If you find any bugs, please open a GitHub issue.
GNU General Public License v2.0
For unrelated inquiries and/or information about me, visit my personal website.