IoTMap - Research Project On Heterogeneous IoT Protocols Modelling

ID KITPLOIT:1589295726133194863
Type kitploit
Reporter KitPloit
Modified 2020-10-06T11:30:05


IoTMap is a tool that models IoT networks using one or multiple protocols simultaneously. This is work in progress, as a part of a PhD thesis on Internet Of Things security. This repository is regularly updated as new results are obtained. This project supports 3 protocol as this time : BLE, ZigBee and OS4I. More are coming.

Requirements :

Python 3 requirements

  • Python > 3.5
  • Scapy (Can be installed through the requirements file but building from the latest source is recommended)
  • neo4j-1.7.6
  • docopt-0.6.2
  • prompt-toolkit-3.0.5
  • terminaltables-3.1.0
  • pycryptodomex-3.9.7

You can use the requirements.txt file to install the packages:

pip3 install -r requirements.txt

OS libraries

  • libgcrypt20-dev (Needed for sniffing capabilities through KillerBee) Depending on the system you used (debian-based OS, archlinux-based OS) you can use:

    sudo apt-get install libgcrypt20-dev # (debian-based distribs)
    sudo pacman -S libgcrypt # (archlinux-based distribs)


Clone this repo and install all requirements described above:

# For any distrib  
git clone  
cd iotmap  
sudo pip install -r requirements.txt

# If debian-based  
sudo apt-get install libgcrypt20-dev

# If archlinux-based  
sudo pacman -S libgcrypt

Now we gonna install Neo4J. Most distributions ships Neo4J through the built-in package manager. However, it may be simpler to install and use it from the tarball:

cd /path/to/iotmap  
cd database

# Replace the version number with the latest in the URL if necessary  
wget -O neo4j-community.tar ""  
mkdir neo4j-community && tar xvf neo4j-community.tar -C neo4j-community --strip-components 1

First run

For the first run of the project, you need to define a username and a password for the database. Start the database with the following:

cd database  
./neo4j-community/bin/neo4j console

Neo4J will start and is accessible at http://localhost:7474 . Default username and password are neo4j and neo4j respectively. Iotmap uses the default username and iotmap for password.

If you want to set different credentials, you must update the values in core/ at line 46 as follows:

model = Model("bolt:http://localhost:7474", "username", "password")

How to use iotmap

A more detailed documentation on how to use IoTMap with an example is available here

Start the framework:


IoTMap will start the neo4j database before running, however the database is not immediately available. Sometimes the sleep of 10 seconds is enough for the database to be available, sometimes not and you need to rerun iotmap.

IoTMap provides 3 modules: Database, Modelling and Sniffing . The sniffing module is a work in progress and not fully operational. To switch between modules, simply type the name of the module.

Starting the database  
Database is available at http://localhost:7474/

I::::::::I              T:::::::::::::::::::::TM:::::::M             M:::::::M  
I::::::::I              T:::::::::::::::::::::TM::::::::M           M::::::::M  
II::::::II              T:::::TT:::::::TT:::::TM:::::::::M         M:::::::::M  
  I::::I     oooooooooooTTTTTT  T:::::T  TTTTTTM::::::::::M       M::::::::::M  aaaaaaaaaaaaa  ppppp   ppppppppp  
  I::::I   oo:::::::::::oo      T:::::T        M:::::::::::M     M:::::::::::M  a::::::::::::a p::::ppp:::::::::p  
  I::::I  o:::::::::::::::o     T:::::T        M:::::::M::::M   M::::M:::::::M  aaaaaaaaa:::::ap:::::::::::::::::p  
  I::::I  o:::::ooooo:::::o     T:::::T        M::::::M M::::M M::::M M::::::M           a::::app::::::ppppp::::::p  
  I::::I  o::::o     o::::o     T:::::T        M::::::M  M::::M:::   :M  M::::::M    aaaaaaa:::::a p:::::p     p:::::p  
  I::::I  o::::o     o::::o     T:::::T        M::::::M   M:::::::M   M::::::M  aa::::::::::::a p:::::p     p:::::p  
  I::::I  o::::o     o::::o     T:::::T        M::::::M    M:::::M    M::::::M a::::aaaa::::::a p:::::p     p:::::p  
  I::::I  o::::o     o::::o     T:::::T        M::::::M     MMMMM     M::::::Ma::::a    a:::::a p:::::p    p::::::p  
II::::::IIo:::::ooooo:::::o   TT:::::::TT      M::::::M               M::::::Ma::::a    a:::::a p:::::ppppp:::::::p  
I::::::::Io:::::::::::::::o   T:::::::::T      M::::::M               M::::::Ma:::::aaaa::::::a p::::::::::::::::p  
I::::::::I oo:::::::::::oo    T:::::::::T      M::::::M               M::::::M a::::::::::aa:::ap::::::::::::::pp  
IIIIIIIIII   ooooooooooo      TTTTTTTTTTT      MMMMMMMM               MMMMMMMM  aaaaaaaaaa  aaaap::::::pppppppp  


IoTMap > help

Core commands  

 Commands  Description  
 database  Use database mode.  
 sniffing  Use sniffing mode.  
 exploit   Use exploit mode.

IoTMap >

Each module and functions provide a help menu to list the functions available and how to use them.

Database module

This module manages and interacts with the neo4j database.

IoTMap > database  
IoTMap database > help

Core commands  

 Commands  Description  
 database  Use database mode.  
 sniffing  Use sniffing mode.  
 exploit   Use exploit mode.

Database commands  

        Interact with the neo4j database.

List of available commands :  

For more information about any commands hit :  
        <command name> -h

IoTMap database >

To populate the database you can import an existing database or Pcaps files. ImportPcaps converts Pcaps to our unified format used to generate the modelling. This module uses different extractors according to the protocol given in argument that you can find in the extractors folder. The main program chooses the appropriate extractor then runs the packets generator ( in a multithreading way to generate the pcap with the unified format.

Modelling module

IoTMap modelling > help

Core commands  

 Commands  Description  
 database  Use database mode.  
 sniffing  Use sniffing mode.  
 exploit   Use exploit mode.

Modelling commands  

        Map the network of IoT devices detected by sniffing.

List of available commands :  

For more information about any commands hit :  
        <command name> -h

IoTMap modelling >

This program starts the Neo4J database before creating the modelling. Once the database is up, the modelling begins. It starts with the analysis of the pcap given in input to extract and create nodes then edges that link nodes. After the 4 graphs created, the result can be viewed on the web application provided by Neo4J available at http://localhost:7474/

You can also request the database directly from the web application by using cypher request in the input box.

Download Iotmap