Skip to content
Lucas Fernandez edited this page Nov 3, 2019 · 2 revisions

HomePwn is a framework that provides features to audit and pentesting devices that company employees can use in their day-to-day work and inside the same working environment.

HomePwn has a modular architecture in which any user can expand the knowledge base about different technologies. Principally it has two different components:

  • Discovery modules. These modules provide functionalities related to the discovery stage, regardless of the technology to be used. For example, it can be used to conduct WiFi scans via an adapter in monitor mode, perform discovery of BLE devices, Bluetooth Low-Energy, which other devices are nearby and view their connectivity status, etc. Also, It can be used to discover a home or office IoT services usingprotocols such as SSDP or Simple Service Discovery Protocol and MDNS or Multicast DNS.
  • Specific modules for the technology to be audited. On the other hand, there are specific modules for audited technology. Today, HomePwn can perform auditing tests on technologies such as WiFi, NFC, or BLE. In other words, there are modules for each of these technologies in which different known vulnerabilities or different techniques are implemented to asses the device's security level implemented and communicated with this kind of technologies.

We have developed HomePwn with a modular architecture in order to make it quick and easy to build new modules and features. We have a small file as the root component, which has the role of launching the tool and starting the command parser. The command parser will allocate the tasks into the several functions of the tool as it is described in the image bellow.

The modules folder is divided into different subfolders with the goal of grouping several modules by their core functionality. The categories of the modules will be seen in section 2.

In the app folder are located all the possible binaries of external applications that the tool needs. On the other hand, we have the file folder in which the tool will save all files generated by its modules, like .pcap or .ndef files.

The utils folder contains all the auxiliary files that provide functionality to the modules of the tool. These files are quite diverse, as we have helper classes to load modules, the command parser or module related features.

The last folder is utildata, the place where the tool stores useful information required by several modules.

The content is distributed in the following chapters:

  1. Quick Start
  2. Modules
  3. Pentesting Scenarios
Clone this wiki locally