Locate connected IoT devices and check for default passwords
Don’t be part of the problem – find IoT devices which could easily be hijacked by attackers and used for malicious purposes. The DNS outage believed to have been caused by the Marai botnet demonstrated how the Internet-of-Things can unintentionally be put to misuse, and it is unlikely this will be the first and last time that such an attack happens. So we’ve created a tool for you to check the risk exposure on your own network.
IoTSeeker allows you to scan your network for known device types that could be used as unwilling participants in a distributed denial-of-service attack. With this tool you can find out if you have connected “Things” which are using the default factory password leaving them potentially vulnerable to a hostile takeover. Use the local scan output to determine which devices need to be secured or removed from the network.
IoTSeeker is a free tool created for you by the Rapid7 Metasploit team, and we welcome your feedback. The tool will be periodically updated to include more device types which are of potential risk.
In addition to free tools like IoTSeeker, Rapid7 offers software and services to enable you to reduce your risk of threat, identify active attacks and respond across your entire infrastructure from your endpoints and IoT to your network and cloud applications. Click here to engage one of our sales consultants and learn how we can help you.