MQTT-PWN: Your IoT Swiss-Army Knife

MQTT-PWN intends to be a one-stop-shop for IoT Broker penetration-testing and security assessment operations, as it combines enumeration, supportive functions and exploitation modules while packing it all within command-line-interface with an easy-to-use and extensible shell-like environment.

MQTT is a machine-to-machine connectivity protocol designed as an extremely lightweight publish/subscribe messaging transport and widely used by millions of IoT devices worldwide.

Built-in abilities/modules:

  • Credential Brute-Forcer – configurable brute force password cracking to bypass authentication controls
  • Shodan intelligence broker list integration
  • Topic enumerator – establishing comprehensive topic list via continuous and accumulated sampling
  • Broker information grabber – obtaining and labeling data from an extensible predefined list containing known topics of interest, broker type and version and more
  • GPS tracker – plotting routes from devices using OwnTracks app and collecting published coordinates, battery usage, connection method etc.
  • Sonoff exploiter – design to extract passwords and other sensitive information off smart switches
Also read: CQTools: The New Ultimate Hacking Toolkit 


Generally speaking, MQTT-PWN relies on 2 main components:

  • Python 3.X environment
  • A database backend (PostgreSQL)

The framework can be instantiated using docker or directly on the host.


In order to install MQTT-PWN simply clone or download the repository and follow your preferred deployment method:


In order for the application to work properly, a PostgreSQL database is required. After configuring it correctly, follow the next section to install the virtual environment, on the first run of the application, it will create automatically all required tables.

Virtual Environment

As a ground rule, I recommend using virtual environments using the pyenv. Make sure you have a working installation of pyenv before proceeding, once you have it, first create a virtual environment using:

daniel@lab ~/mqtt_pwn ⇒ pyenv virtualenv mqtt_pwn_env

Now, install the requirements python packages using pip:

daniel@lab ~/mqtt_pwn ⇒ pip install -r requirements.txt

We now have a fully operational virtual environment containing all required packages. To run the application, simply type:

daniel@lab ~/mqtt_pwn ⇒ python

╔╦╗╔═╗╔╦╗╔╦╗  ╔═╗┬ ┬╔╗╔
║║║║═╬╗║  ║───╠═╝│││║║║
╩ ╩╚═╝╚╩  ╩   ╩  └┴┘╝╚╝

    by @Akamai


For usage on the specific features read their documentation

Leave a Reply

Your email address will not be published. Required fields are marked *