Heathen – IoT Pentesting Framework

Heathen Internet of Things Penetration Testing Framework developed as a research project, which automatically help developers and manufacturers build more secure products in the Internet of Things space based on the Open Web Application Security Project (OWASP)

It provides a set of features in every fundamental era.

-Insecure Web Interface
-Insufficient Authentication/Authorization
-Insecure Network Services
-Lack of Transport Encryption
-Privacy Concerns
-Insecure Cloud Interface
-Insecure Mobile Interface
-Insufficient Security Configurability
-Insecure Software/Firmware
-Poor Physical Security

Getting Started with Heathen Framework:

Installation : https://github.com/chihebchebbi/Internet-Of-Things-Pentesting-Framework

To start, just make sure that you got all the dependencies. If not, just run the deps.sh script.
To Lunch Heathen IoT Pentesting Framework run  Heathen.sh

-Insecure Web Interface:

  • Now, you can scan all your web interfaces to ensure that any web interface in the product has been tested for XSS, SQLi and CSRF vulnerabilities


-Insecure Network Service:

  • Ensure all devices do not make network ports and/or services available to the internet via UPnP, for example



-Lack of Transport Encryption:

  • Ensure all communication between system components is encrypted as well as encrypting traffic between the system or device and the internet
  • Use recommended and accepted encryption practices and avoid proprietary protocols
  • Ensure SSL/TLS implementations are up to date and properly configured



 -Insecure Software/Firmware:

  • Ensure all system devices have update capability and can be updated quickly when vulnerabilities are discovered
  • Ensure update files are encrypted and that the files are also transmitted using encryption
  • Ensure that update files are signed and then validated by the device before installing
  • Ensure update servers are secure
  • Ensure the product has the ability to implement scheduled updates


Download Heathen framework

Leave a Reply

Your email address will not be published. Required fields are marked *