KillerBee 介绍

KillerBee是勘探和开发的ZigBee和IEEE 802.15.4网络的安全性基于Python的框架和工具集。使用KillerBee工具和兼容的IEEE 802.15.4无线接口,你就可以窃听ZigBee网络,重播流量,攻击密码系统等等。使用KillerBee框架,你可以建立自己的工具,实现ZigBee的模糊测试,仿真和攻击终端设备,路由器和协调等等。

资料来源:https://code.google.com/p/killerbee/
KillerBee 首页
KillerBee 源代码版本库

包含在killerbee包工具

zbid - 识别可用的接口

标识可以由KillerBee和相关工具可用的接口。

zbfind - 用于跟踪一个IEEE 802.15.4发射机的位置的GTK GUI应用程序

一个基于GTK GUI应用程序通过测量RSSI跟踪的IEEE 802.15.4发射机的位置。 Zbfind可以是被动的发现(仅侦听分组),​​或者它可以通过发送信标请求帧和记录从ZigBee的路由器和协调器的响应是活动的。

zbgoodfind - 对于指定的SNA,搜索二进制文件来识别加密密钥

:~# zbgoodfind -h

zbgoodfind - search a binary file to identify the encryption key for a given
SNA or libpcap IEEE 802.15.4 encrypted packet -

Usage: zbgoodfind [-frRFd] [-f binary file] [-r pcapfile] [-R daintreefile]
         [-F Don't skip 2-byte FCS at end of each frame]
         [-d genenerate binary file (test mode)]

zbassocflood - 发送一个洪水关联请求到目标网络

:~# zbassocflood -h

zbassocflood: Transmit a flood of associate requests to a target network.


Usage: zbassocflood [-pcDis] [-i devnumstring] [-p PANID] [-c channel]
                        [-s per-packet delay/float]

e.x. zbassocflood -p 0xBAAD -c 11 -s 0.1

zbreplay - 重播的ZigBee/802.15.4网络通信

:~# zbreplay -h

zbreplay: replay ZigBee/802.15.4 network traffic from libpcap or Daintree files


Usage: zbreplay [-rRfiDch] [-f channel] [-r pcapfile] [-R daintreefile]
         [-i devnumstring] [-s delay/float] [-c countpackets]

zbdsniff - 从捕获文件解码明文密钥的ZigBee交付

:~# zbdsniff

zbdsniff: Decode plaintext key ZigBee delivery from a capture file.  Will
process libpcap or Daintree SNA capture files.  

Usage: zbdsniff [capturefiles ...]

zbconvert - 转换Daintree SNA文件libpcap的格式,反之亦然

:~# zbconvert -h

zbconvert - Convert Daintree SNA files to libpcap format and vice-versa.

Note: timestamps are not preserved in the conversion process.  Sorry.

Usage: zbconvert [-n] [-i input] [-o output] [-c count]

zbdump - 一个tcpdump的一样工具,用于ZigBee/IEEE 802.15.4网络

:~# zbdump -h

zbdump - a tcpdump-like tool for ZigBee/IEEE 802.15.4 networks
Compatible with Wireshark 1.1.2 and later - jwright@willhackforsushi.com

Usage: zbdump [-fiwDch] [-f channel] [-w pcapfile] [-W daintreefile] [-i devnumstring]

zbstumbler - 发送信标请求帧到广播地址

:~# zbstumbler -h

zbstumbler: Transmit beacon request frames to the broadcast address while
channel hopping to identify ZC/ZR devices.

Usage: zbstumbler [-iscwD] [-i devnumstring] [-s per-channel delay] [-c channel]
                          [-w report.csv]

KillerBee 用法示例

:~# coming soon