HardSploit

Our goal is to design & produce a tool for hardware pentesting :

HardSploit is a Metasploit like tool but for Hardware Hacking.

HardSploit Project is lead by our Company (Opale Security) and its internal teams :

How long can we continue to rely on hardware or critical electronic devices without being able to properly assess their security?

The most surprising (disturbing?) fact is that our industrials and our security experts do not mastered design techniques or audit of hardware systems. There is a gap between the threat and the response capacity of the actors in this field.Therefore the risks of attacks on the processed data increase (personal, supervision process of industrial equipment…).

It is clear that something is needed to help the security community to audit and control embedded systems security.

This is what motivated us to create HardSploit : a complete tool box (Hardware + Software), a Framework which aims to:

What we want to achieve with the HardSploit Project
wohs

HardSploit Framework features

Hardsploit is a tool with software and electronic items. It is a technical and modular plateform (using FPGA) to perform security tests on electronic communications interfaces of embedded devices. It's a Framework.

All-in-one tool for Hardware pentest !

Main Functions (HardSploit modules)

The main Hardware security audit functions are

Hardsploit Modules will let Hardware pentester to intercept, replay and/or and send data via each type of electronic bus used by the Hardware Target. The Level of interaction that pen-testers will have depend on the electronic bus features...

HardSploit 's modules enable you to analyse all sort of electronic bus (serial and parallel type)

Assisted visual wiring function

No more stress with that tremendous part of Hardware pen testing : You will know what need to be connected where !

We integrated into the tool an assisted visual wiring function to help you easier connect all wires to the Hardware target:

GUI and Software associated

The software part of the project will help conducting an end-to-end security audit. It will be compatible (integrated) with existing tools such as Metasploit. We will offer integration with other API in the future.

Our ambition is to provide a tool equivalent to those of the company Qualys or Nessus(Vulnerability Scanner) or the Metasploit framework but in the domain of embedded / electronic devices.

What is the Current Status of the Project?

Crowdfunding campaign launched

https://www.indiegogo.com/projects/hardsploit-like-metasploit-but-for-hardware

We will appreciated your help

;-)

RoadMap & Features

We will soon released our set of fantastic features to simplify most of security audit of embedded devices and Internet of Things stuff…stay tuned…For now, we may disclosed the following roadmap

Hardware features

Version Alpha (June 2015)

Version 1 (octobre 2015)

Version 2 (Dec 2015)

Version 3 (Q1 2016)

Version 4 (Q2 2016)