IoT Security Tools

AFL++ is a superior fork to Google's AFL - more speed, more and better mutations, more and better instrumentation, custom module support, etc.

angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic ("concolic") analysis, providing tools to solve a variety of tasks.

The purpose of the binbloom project is to analyse a raw binary firmware and determine automatically some of its features, such as loading address, endianness and UDS database.

Binwalk can identify, and optionally extract, files and data that have been embedded inside of other files. While its primary focus is firmware analysis, it supports a wide variety of file and data types.

Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything.

ChipWhisperer - the complete open-source toolchain for side-channel power analysis and glitching attacks.

This site provides a large number of ready-to-use cross-compilation toolchains, targetting the Linux operating system on a large number of architectures. Based on gcc and binutils, those toolchains are provided in several variants with the glibc, uClibc-ng and musl C libraries.

The cwe_checker is a tool for finding common bug classes on binaries using static analysis. These bug classes are formally known as Common Weakness Enumerations (CWEs). Its main goal is to aid analysts to quickly find potentially vulnerable code paths.

EMBA is designed as the central firmware analysis and SBOM tool. It supports the complete security analysis process starting with firmware extraction, doing static analysis and dynamic analysis via emulation, building the SBOM and finally generating a web based vulnerability report.

The EMUX Firmware Emulation Framework is a collection of scripts, kernels and filesystems to be used with QEMU to emulate ARM and MIPS Linux IoT devices.

The Firmware Analysis and Comparison Tool (FACT) is intended to automate as much as possible of the manual firmware analysis work. FACT combines a growing set of powerful analyses to create a unified interface that brings the user from an arbitrary firmware sample to a finished analysis.

FIRMADYNE is an automated and scalable system for performing emulation and dynamic analysis of Linux-based embedded firmware.

FirmAE is a fully-automated framework that performs emulation and vulnerability analysis.

This kit is a collection of scripts and utilities to extract and rebuild linux based firmware images.

flashrom is a utility for identifying, reading, writing, verifying and erasing flash chips. It is designed to flash BIOS/EFI/coreboot/firmware/optionROM images on mainboards, network/graphics/storage controller cards, and various other programmer devices.

This is a library that emulates the behavior of the NVRAM peripheral, by storing key-value pairs into a tmpfs.

A simple library to intercept calls to libnvram when running embedded linux applications in emulated environments.

OFRAK is a binary analysis and modification platform that combines the ability to unpack, analyze, modify, and repack binaries.

Peach is a cross-platform fuzzer capable of performing both dumb and smart fuzzing. Peach includes a robust monitoring system allowing for fault detection, data collection, and automation of the fuzzing environment.

Qiling is an advanced binary emulation framework. Supported OS: Linux, MacOS, Windows, FreeBSD, DOS and UEFI. Support Arch: x86(16/32/64), ARM(64) MIPS, EVM and WASM. It also support Linux Kernel Module(.ko) , Windows Driver(.sys) and MacOS Kernel(.kext) via Demigod.

A brute-force firmware address scanner based on basefind.py & basefind.cpp implemented in rust.

Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards.

unblob is an accurate, fast, and easy-to-use extraction suite. It parses unknown binary blobs for more than 30 different archive, compression, and file-system formats, extracts their content recursively, and carves out unknown chunks that have not been accounted for.

Unicorn is a lightweight, multi-platform, multi-architecture CPU emulator framework, based on QEMU.