Offensive Security Tool: Genzai
Reading Time: 2 Minutes
Genzai
Genzai by umair9747, is a tool designed to identify and analyze IoT (Internet of Things) dashboards across single or multiple targets. It scans for default password issues and potential vulnerabilities based on specific paths and software versions.
An example would be an admin panel for a home automation device acceessible over the internet. The tool will firstly fingerprint the IoT (product) based on a set of signatures from signatures.json and then based on the product identified, and the relevant templates in its DBs (vendor-logins.json and vendor-vulns.json), scan it for vendor-specific default passwords like admin:admin as well as look for any potential vulnerabilities.
Genzai currently supports fingerprinting over 20 IoT-based dashboards and has the same amount of templates to look for default password issues across them. It currently has a total of 10 vulnerability templates which will increase with coming updates.
See Also: A Practical Guide to Hacking Techniques for finding Top Bugs.
The Bug Bounty Hunting Course
Features
Fingerprinting – The Wappalyzer of IoT Devices
With Genzai, you can fingerprint the IoT Product running over a target based on the HTTP response received through it. With a support of 20 templates and counting, Genzai can look for categories such as:
- Wireless Router
- Surveillance Camera
- HMI or Human Machine Interface
- Smart Power Control
- Building Access Control System
- Climate Control
- Industrial Automation
- Home Automation
- Water Treatment System
See Also: Offensive Security Tool: SQLMutant
Default Password Checks
Based on the IoT product identified and the presence of a relevant template in Vendor Logins DB, Genzai will also check if the target is still using a vendor-specific default password considering how several devices across the internet still use a default password letting anyone to log in as an administrative user.
Vulnerability Scanning
Also based on the IoT product identified and with the presence of a relevant template in Vendor Vulns DB, Genzai will check for any potential vulnerabilities across the target. While some of the templates actively flag issues based on an exposed endpoint or file, others may flag based on a vulnerable version.
Disclaimer
Usage of Genzai for scanning or attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
Clone the repo from here: GitHub Link
Recent Tools
Offensive Security Tool: Freeway
Freeway is a Python scapy-based tool for Wi-Fi penetration testing, …Offensive Security Tool: PingRAT
PingRAT is a tool designed to secretly passes C2 traffic …OSINT Tool: SiteDorks
SiteDorks is a tool that allows users to query multiple …Digital Forensics Tool: dnstwist
dnstwist is a tool designed to identify potentially malicious domains …
Offensive Security & Ethical Hacking Course
Begin the learning curve of hacking now!
Information Security Solutions
Find out how Pentesting Services can help you.
