“HEATHEN” IoT Pentesting Framework is Released

August 25, 2016 | Views: 12293

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Oxford defines the Internet of Things as: “A proposed development of the Internet in which everyday objects have network connectivity, allowing them to send and receive data.”
Heathen IoT of Things Penetration Testing Framework developed as a research project, which automatically help developers and manufacturers build more secure products in the Internet of Things space based on the Open Web Application Security Project (OWASP). It provides a set of features in every fundamental era.

-Insecure Web Interface
-Insufficient Authentication/Authorization
-Insecure Network Services
-Lack of Transport Encryption
-Privacy Concerns
-Insecure Cloud Interface
-Insecure Mobile Interface
-Insufficient Security Configurability
-Insecure Software/Firmware
-Poor Physical Security

Getting Started with Heathen Framework:

Installation : https://github.com/chihebchebbi/Internet-Of-Things-Pentesting-Framework

To start, just make sure that you got all the dependencies. If not, just run the deps.sh script.
To Lunch Heathen IoT Pentesting Framework run  Heathen.sh

-Insecure Web Interface:

  • Now, you can scan all your web interfaces to ensure that any web interface in the product has been tested for XSS, SQLi and CSRF vulnerabilities


-Insecure Network Service:

  • Ensure all devices do not make network ports and/or services available to the internet via UPnP, for example


-Lack of Transport Encryption:

  • Ensure all communication between system components is encrypted as well as encrypting traffic between the system or device and the internet
  • Use recommended and accepted encryption practices and avoid proprietary protocols
  • Ensure SSL/TLS implementations are up to date and properly configured


 -Insecure Software/Firmware:

  • Ensure all system devices have update capability and can be updated quickly when vulnerabilities are discovered
  • Ensure update files are encrypted and that the files are also transmitted using encryption
  • Ensure that update files are signed and then validated by the device before installing
  • Ensure update servers are secure
  • Ensure the product has the ability to implement scheduled updates

Acknowledgments: Craig Smith – Daniel Miessler – Dirk Wetter -Justin Klein Keane – Yunsoul

PS: This is a Beta Version.The final release will be ready shortly.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. I just join and wish that someone can help me out

  2. is this a open source tool to test IoT device and application?
    and the github is empty, when it will be back?

  3. ih,
    When will files come Back? i have seen the presentation at Bh Europe and i wanted to run it myself./

  4. files removed from github repo

  5. It will be great if there any article on how to use this IoT framework

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?