About IoPT
IoPT is abbreviated from “Internet of Protected Things”. The aim of IoPT is to check SoHo(small office/home office) network security state by searching for a vulnerable network connected device(s). By using IoPT, you will get know, what security issue(s) do you have and how to fix it.
IMPORTANT: PLEASE READ THE LICENSE CAREFULLY BEFORE USING THIS SOFTWARE.
Key Features
- Security audit - Identify services on a network and perform the security audit
- Host discovery - Identify hosts on a network
- Port scanning - Enumerate the open TCP ports on a target host
- HiBP integration - Ensure your personal data has not been compromised by data breaches
- Shodan integration - Ensure you know all the “things” on a network directly connected to the Internet
- RTSP audit - Perform a security audit for an RTSP source(e.g. CCTV installation). Check your network for unauthorized CCTV installations.
Vulnerability Tests
- CVE–2014–9222 aka “Misfortune Cookie” vulerability
- CVE-2014-4019 The rom-0 backup file disclosure
- CVE-2014-9583 Unauthenticated command execution vulnerability in ASUS “infosrv” UDP service
- Linksys E-Series unauthenticated OS command injection
- DNSBL(Domain Name System Blacklists) enlisting
- CVE-2020-12695 SSRF-like vulnerability detected a.k.a. CallStranger
- Check if DNS server IP address and the network public IP address belong to the same GEO and/or ISP
- CVE-2017-0144 SMB server allows remote attackers to execute arbitrary code via crafted packets
- MikroTik RouterOS contains a remote code execution vulnerability aka “Chimay Red”
- CVE-2017-5135 SNMP authentication bypass(aka StringBleed)
- CVE-2019-7192,CVE-2019-7194,CVE-2019-7195 A local file inclusion vulnerability that allows an unauthenticated attacker to download files from the QNAP filesystem
- CVE-2020-11117 An exploitable command execution vulnerability in the lbd service functionality of Qualcomm
- An unauthenticated PHP code injection in Seagate NAS products
- CVE-2020-27403 A vulnerability in the TCL Android Smart TV series by TCL Technology Group Corporation
- CVE-2020-10882 An unauthenticated network-adjacent RCE by abusing the tldServer daemon
- CVE-2020-28184 XSS in TerraMaster TOS <= 4.2.06
- CVE-2020-28185 User enumeration in TerraMaster TOS <= 4.2.06
- CVE-2020-28186 Email injection in TerraMaster TOS <= 4.2.06
- CVE-2020-28187 Directory traversal in TerraMaster TOS <= 4.2.06
- CVE-2020-28188 Unauthenticated remote command execution in TerraMaster TOS <= 4.2.06
- CVE-2020-28189 Incorrect access control in TerraMaster TOS <= 4.2.06
- CVE-2020-28190 Software update via insecure communication channel in TerraMaster TOS <= 4.2.06
- Netgear httpd upgrade_check.cgi stack buffer overflow
- CVE-2020-35785 Multiple HTTP authentication vulnerabilities on DGN2200v1
- CVE-2018-18472 WD My Book Live RCE via shell metacharacters in language_configuration API endpoint
- CVE-2021-35941 WD My Book Live has an administrator API that can perform a system factory restore without authentication
- CVE-2021-34527 Windows Print Spooler Remote Code Execution Vulnerability aka PrintNightmare
- CVE-2021-31802 NETGEAR Nighthawk R7000 httpd PreAuth RCE
- CVE-2021-34730 Critical UPnP Service Flaw on Cisco Small Business RV Series Routers
- CVE-2020-2501,CVE-2021-28797 Stack Buffer Overflow in QNAP Surveillance Station
- HTTP Path Traversal
- CVE-2021-34730 RCE vulnerability in TP-Link Wi-Fi Extenders via a malformed user agent field in HTTP headers
- CVE-2021-27248,CVE-2021-27249,CVE-2021-27250,CVE-2021-34860,CVE-2021-34861,CVE-2021-34862,CVE-2021-34863 Multiple vulnerabilities in DAP-2020 H/W rev. Ax with F/W v1.01 and below
- CVE-2021-33044,CVE-2021-33045 Identity authentication bypass vulnerability found in some Dahua products
Toolset
- “Have I Been Pwned tool” - Allows to check, if you have an account that has been compromised in a data breach
- “Shodan visibility tool” - Allows to check, if you have someting exposed directly to the Internet
- “Port scanning tool” - Allows to check, which port(s) is open on a remote device
- “RTSP audit” - Allows to check, if you have CCTV installation security issues or find unauthorized CCTV installations