# Cotopaxi - IoT Protocols Security Testing Toolkit ## Brief Cotopaxi is a set of tools for security testing of Internet of Things devices using specific network IoT/IIoT/M2M protocols (AMQP, CoAP, DTLS, gRPC, HTTP/2, HTCPCP, KNX, mDNS, MQTT, MQTT-SN, QUIC, RTSP, SSDP). ## Tool - https://github.com/Samsung/cotopaxi - https://pypi.org/project/cotopaxi/ ## Main Features - Checking availability of network services for supported IoT protocols at given IPs and port ranges ("service ping"), - Recognizing the software used by remote network server ("software fingerprinting") based on responses for given messages using machine learning classifier, - Analysis of network traffic to identify network protocols used, - Classification of IoT devices based on captured traffic samples, - Discovering resources identified by given URLs ("dirbusting" of URLs or services), - Performing black-box fuzzing of IoT protocols based on corpus of packets prepared using coverage-based fuzzer, - Identifying known vulnerabilities (3 new vulnerabilities and 37 in total are supported by the new version of Cotopaxi), - Detecting network traffic amplification (cases where network servers are responding with larger network messages than received requests). ## Requirements Currently Cotopaxi works only with Python 2.7.x, but future versions will work also with Python 3. Note: If you have previous installation of scapy without scapy-ssl_tls, please remove it or use venv.