New HoTBoX Docker!

IoT Exploitation and Analysis (hardware hacking) tools all in one convenient docker. Originally (2017) at cybersyndicates/hot-toolkit.  New version AO 03/19/2018 (8.26GB)

docker pull https://hub.docker.com/r/hotbox/hotbox/

https://github.com/reaperb0t/hotbox/blob/master/Dockerfile

Tools

apktool
attify-badge
Attify-Zigbee-Framework
baudrate
blue_hydra
build-essential
buildroot
burp-retire-js
BusPirateConsole
busybox-static
Clutch
davtest
default-jre
DependencyCheck
dex2jar
dirb
dnsenum
dnsmap
dnsrecon
dnsutils
dumpdecrypted
DVRF
enjarify
enum4linux
exploitdb
EZ-Wave
fakeroot
fierce
firmware-analysis-toolkit
gdb
gdb-multiarch
gef
git
gnuradio
gpp-decrypt
gps-sdr-sim
gqrx-sdr
gr-gsm
hackrf
hackrf-dvb-t
hydra
iceweasel
IMSI-catcher
jad
jadx
jd-gui
jefferson
john
joomscan
JTAGenum
jtagulator
kalibrate
kalibrate-bladeRF
kalibrate-hackrf
kalibrate-rtl
killerbee
kpartx
libbtbb
libgcrypt-dev
liblzma-dev
libmpsse
LibScanner
locate
lynis
metasploit-framework
Mobile-Security-Framework-MobSF
moneyshot
netcat-openbsd
nginx
nmap
nsp
nvram-faker
onesixtyone
openocd
p0f
patator
peda
py-hackrf
python3-psycopg2
python-cairo
python-crypto
python-dev
python-gtk2
python-magic
python-pip
python-psycopg2
python-scapy
python-serial
python-usb
qemu-system-arm
qemu-system-mips
qemu-system-x86
qemu-utils
qspectrumanalyzer
radare2
retire.js
RFSec-ToolKit
ridenum
ROPgadget
rsh-client
sdrangel
sipvicious
smali
snmp
snmpcheck
sqlcipher
sqlmap
sslscan
sslstrip
tcpdump
tree
tuf
ubertooth
uml-utilities
uptane
urh
util-linux
vim
vlan
w3af
webshells
wfuzz
wordlists
x11vnc
xvfb
zlib1g-dev

Run with access to a physical device:

docker run -it –device=/dev/ttyUSB0 cybersyndicates/hot-toolkit bash
OR
docker run -it –privileged -v /dev/bus/usb:/dev/bus/usb cybersyndicates/hot-toolkit bash

Hardware tools confirmed working:

-HackRF (#hack_info)

Exposed Ports

EXPOSED 53, 80, 443, 5900, 8000, 8080, 8443

https://hub.docker.com/r/hotbox/hotbox/

BSidesAugusta 2017 Slides + Recording

Today, I presented the HoT Framework at BSidesAugusta 2017. I have posted the slides (PDF) here. The recording and SlideShare are below. Don’t forget to read the Gitbook and leave some feedback. Check the Gitbook regularly because I will push updates periodically as I update the TAIs. Again, to all of you that attended my talk today, thank you! I look forward to collaborating with each of you to improve the HoT Framework and to get PATRIoTS started.

 


BSIDESAugusta 2017 (September 16, 2017)

The HoT Framework is currently undergoing a complete redesign and will be presented on September 16, 2017 at BSIDESAugusta. Expect to see the framework published here on that date.

Daniel West (@reaperb0t)

The Homeland of Things (HoT) Framework

During 2016, we witnessed the resiliency of our adversaries as they transitioned from zombifying personal computers to zombifying vulnerable and easily accessed IoT nodes with the Mirai botnet. As an informed American citizen, you likely follow best practices for securing your personal computers, but when was the last time you updated the firmware on your wireless router or smart toilet? As a cybersecurity professional, what procedures will your company or government agency follow to detect and mitigate the compromise of IoT devices within your organization? As a Nation, we must greatly improve our ability to handle the growing prevalence and risks of the IoT within our homes, the varying levels of government, industry, and academia. We must prevent our adversaries from harnessing the power of our IoT devices to attack critical infrastructure

HoT Framework Beta Launch

Vulnerabilities, threats, and risks are inherent with Internet of Things (IoT) devices, which typically reside at the meeting place of critical infrastructure and cyberspace. We present the HoT Framework to promote best practices for all Federal and State, Local, Tribal, and Territorial (SLTT) governments, non-government organizations (NGOs), and the private sector to use as a foundation for the reconnaissance, interrogation, and hardening of IoT nodes that are characterized as existing within both critical and non-critical infrastructure throughout the physical network layer, logical network layer, and cyber-persona layer of cyberspace terrain. In addition, we propose solutions for, public awareness of, and information sharing regarding the vulnerabilities, threats, risks, mitigations, and countermeasures associated with the IoT. The HoT Framework serves to assist Federal and SLTT governments, NGOs, and the private sector in thwarting attacks against their IoT devices and preventing their IoT devices from being used as an attack platform. For the framework to be effective, we need direct support from the DHS, DoD, DOJ, and other Federal agencies. We will also need to establish partnerships with SLTT, NGO, and the private sector (academia and industry) to further enrich and develop the framework using real-world data. We will continue to enrich the framework with technical modules and videos that demonstrate how to conduct the steps within the framework. To read the full HoT Framework, please click here.