HardSploit: Dedicated hardware pentesting tool

As Internet of Things adoption is gaining momentum, and we hear time and time again that making it secure will be the biggest challenge, French IT security consultancy Opale Security has come out with a plan for a tool that will allow auditors to audit IoT and industrial device, SCADA systems and basic electronic products used in everyday life.

It’s called HardSploit, and it’s a modular hardware and software framework aimed at making it easier for security industry workers to audit electronic systems. In short, it’s a tool for hardware hacking.

“Hardsploit modules will let hardware pentester intercept, replay and/or and send data via each type of electronic bus used by the hardware target. The level of interaction that pen-testers will have depend on the electronic bus features,” the company explained.

The tool will have sniffing and scanning capabilities, it will be able to perform a memory dump, proxy data, and more.

“The software part of the project will help conducting an end-to-end security audit. It will be compatible (integrated) with existing tools such as Metasploit. We will offer integration with other API in the future,” they noted.

The company has recently set up a crowfunding campaign on IndieGoGo, looking to amass 22,000 euros (around $24,000) in order to finish the project.

The HardSploit Hardware prototype PCB board is apparently near completion, and firmware programming is in progress. Work on the GUI and integration with Metasploit Framework has just begun. Here is a general roadmap and schedule for future development of features.




Share this