KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. Using KillerBee tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the KillerBee framework, you can build your own tools, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more.
Source: https://code.google.com/p/killerbee/
Tools included in the killerbee package
zbid – Identifies available interfaces
Identifies available interfaces that can be used by KillerBee and associated tools.
zbfind – GTK GUI application for tracking the location of an IEEE 802.15.4 transmitter
A GTK GUI application for tracking the location of an IEEE 802.15.4 transmitter by measuring RSSI. Zbfind can be passive in discovery (only listen for packets) or it can be active by sending Beacon Request frames and recording the responses from ZigBee routers and coordinators.
zbgoodfind – Search a binary file to identify the encryption key for a given SNA
root@kali:~# zbgoodfind -h
zbgoodfind - search a binary file to identify the encryption key for a given
SNA or libpcap IEEE 802.15.4 encrypted packet - jwright@willhackforsushi.com
Usage: zbgoodfind [-frRFd] [-f binary file] [-r pcapfile] [-R daintreefile]
[-F Don't skip 2-byte FCS at end of each frame]
[-d genenerate binary file (test mode)]
zbgoodfind - search a binary file to identify the encryption key for a given
SNA or libpcap IEEE 802.15.4 encrypted packet - jwright@willhackforsushi.com
Usage: zbgoodfind [-frRFd] [-f binary file] [-r pcapfile] [-R daintreefile]
[-F Don't skip 2-byte FCS at end of each frame]
[-d genenerate binary file (test mode)]
zbassocflood – Transmit a flood of associate requests to a target network
root@kali:~# zbassocflood -h
zbassocflood: Transmit a flood of associate requests to a target network.
jwright@willhackforsushi.com
Usage: zbassocflood [-pcDis] [-i devnumstring] [-p PANID] [-c channel]
[-s per-packet delay/float]
e.x. zbassocflood -p 0xBAAD -c 11 -s 0.1
zbassocflood: Transmit a flood of associate requests to a target network.
jwright@willhackforsushi.com
Usage: zbassocflood [-pcDis] [-i devnumstring] [-p PANID] [-c channel]
[-s per-packet delay/float]
e.x. zbassocflood -p 0xBAAD -c 11 -s 0.1
zbreplay – Replay ZigBee/802.15.4 network traffic
root@kali:~# zbreplay -h
zbreplay: replay ZigBee/802.15.4 network traffic from libpcap or Daintree files
jwright@willhackforsushi.com
Usage: zbreplay [-rRfiDch] [-f channel] [-r pcapfile] [-R daintreefile]
[-i devnumstring] [-s delay/float] [-c countpackets]
zbreplay: replay ZigBee/802.15.4 network traffic from libpcap or Daintree files
jwright@willhackforsushi.com
Usage: zbreplay [-rRfiDch] [-f channel] [-r pcapfile] [-R daintreefile]
[-i devnumstring] [-s delay/float] [-c countpackets]
zbdsniff – Decode plaintext key ZigBee delivery from a capture file
root@kali:~# zbdsniff
zbdsniff: Decode plaintext key ZigBee delivery from a capture file. Will
process libpcap or Daintree SNA capture files. jwright@willhackforsushi.com
Usage: zbdsniff [capturefiles ...]
zbdsniff: Decode plaintext key ZigBee delivery from a capture file. Will
process libpcap or Daintree SNA capture files. jwright@willhackforsushi.com
Usage: zbdsniff [capturefiles ...]
zbconvert – Convert Daintree SNA files to libpcap format and vice-versa
root@kali:~# zbconvert -h
zbconvert - Convert Daintree SNA files to libpcap format and vice-versa.
jwright@willhackforsushi.com
Note: timestamps are not preserved in the conversion process. Sorry.
Usage: zbconvert [-n] [-i input] [-o output] [-c count]
zbconvert - Convert Daintree SNA files to libpcap format and vice-versa.
jwright@willhackforsushi.com
Note: timestamps are not preserved in the conversion process. Sorry.
Usage: zbconvert [-n] [-i input] [-o output] [-c count]
zbdump – A tcpdump-like tool for ZigBee/IEEE 802.15.4 networks
root@kali:~# zbdump -h
zbdump - a tcpdump-like tool for ZigBee/IEEE 802.15.4 networks
Compatible with Wireshark 1.1.2 and later - jwright@willhackforsushi.com
Usage: zbdump [-fiwDch] [-f channel] [-w pcapfile] [-W daintreefile]
[-i devnumstring]
zbdump - a tcpdump-like tool for ZigBee/IEEE 802.15.4 networks
Compatible with Wireshark 1.1.2 and later - jwright@willhackforsushi.com
Usage: zbdump [-fiwDch] [-f channel] [-w pcapfile] [-W daintreefile]
[-i devnumstring]
zbstumbler – Transmit beacon request frames to the broadcast address
root@kali:~# zbstumbler -h
zbstumbler: Transmit beacon request frames to the broadcast address while
channel hopping to identify ZC/ZR devices. jwright@willhackforsushi.com
Usage: zbstumbler [-iscwD] [-i devnumstring] [-s per-channel delay] [-c channel]
[-w report.csv]
zbstumbler: Transmit beacon request frames to the broadcast address while
channel hopping to identify ZC/ZR devices. jwright@willhackforsushi.com
Usage: zbstumbler [-iscwD] [-i devnumstring] [-s per-channel delay] [-c channel]
[-w report.csv]
KillerBee Usage Example
root@kali:~# coming soon
No comments :
Post a Comment