IoTSeeker, produced by Rapid7, is a network scanning tool for default password credentials of IoT devices, capable of scanning specific IoT devices to determine whether they are using default or factory-set password credentials.
Tool Introduction
The cause of the large-scale network outage in the United States was investigated to be malware exploiting default password credentials of IoT devices (CCTV cameras, DVRs, etc.) to infiltrate and infect, forming a botnet to launch DDoS attacks. IoTSeeker can help enterprises scan their network for IoT devices, checking whether their passwords have been modified or if the devices are still in factory settings. Early Mirai malware primarily exploited the telnet service of IoT devices for infiltration, while IoTSeeker mainly utilizes HTTP / HTTPS services for detection and identification.
Project Address
https://github.com/rapid7/IoTSeeker
Tool Features
To accommodate various types of IoT devices and wide-range IP network scanning, IoTSeeker has the following features:
High Parallelism: Using the Perl module AnyEvent, it can execute scans of thousands of IoT devices simultaneously.
Scalability: Supports many new types of devices without needing to change or write a lot of code.
File Composition: The tool consists of two parts, one being a JSON format file for device configuration identification (devices.cfg), and the other being a Perl file for scan control (iotScanner.pl).
Operating Environment: Currently, IoTSeeker only supports Linux or Mac OS systems.
Installation
1. Ensure that Perl and cpan are installed on the system (installation method can be searched online).
2. Use the following command to install the required Perl modules:
cpan AnyEvent::HTTP Data::Dumper JSON
Running Example
perl iotScanner.pl 1.1.1.1-1.1.4.254,2.1.1.1-2.2.3.254
*Source Reference: Rapid7, compiled by FB editor clouds, please indicate the source from FreeBuf.COM when reprinting.
