A list of various tools, articles, books, courses and other resources for cybersecurity in robotics. It's an attempt to gather useful material in one place for everybody who wants to learn more about the field.

Tools

GitHub - vmayoral/robot_hacking_manual: Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity.
Robot Hacking Manual (RHM). From robotics to cybersecurity. Papers, notes and writeups from a journey into robot cybersecurity. - GitHub - vmayoral/robot_hacking_manual: Robot Hacking Manual (RHM)....
vmayoralGitHub

Reconnaissance

  • scapy is a versatile package crafter and dissector which can be used to footprint robots.
  • nmap ("Network Mapper") is a free and open source utility for network discovery and security auditing.
  • sslyze is a fast and powerful SSL/TLS server scanning library.

Testing

git-afsantos/haros
H(igh) A(ssurance) ROS - Static analysis of ROS application code. - git-afsantos/haros
git-afsantosGitHub
Static
  • Cppcheck is a static code analysis tool for the C and C++ programming languages.
  • HAROS is an open source framework for static analysis of ROS-based code.
  • Flawfinder is a simple program that examines C/C++ source code and reports possible security weaknesses (“flaws”) sorted by risk level.
  • Rough-Auditing-Tool-for-Security (RATS) is a tool for scanning C, C++, Perl, PHP, Python and Ruby source code and flagging common security related programming errors such as buffer overflows and TOCTOU (Time Of Check, Time Of Use) race conditions.
  • SonarQube is an open-source platform for continuous inspection of code quality to perform automatic reviews with static analysis of code to detect bugs, code smells, and security vulnerabilities on 20+ programming languages.
Dynamic
  • Google Sanitizers include AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer, and more. AddressSanitizer (ASan) is a fast memory error detector. It finds use-after-free and {heap,stack,global}-buffer overflow bugs in C/C++ programs. ThreadSanitizer is a fast data race detector for C/C++ and Go. MemorySanitizer is a fast LLVM-based tool that detects the use of uninitialized memory.

Exploitation

jr-robotics/ROSPenTo
Penetration testing tool for ROS. Contribute to jr-robotics/ROSPenTo development by creating an account on GitHub.
jr-roboticsGitHub
  • Robosploit is the leading security exploitation framework for robots and robot components that aids in penetration testing and IDS signature development. Like ISF and Metasploit but specialized in robotics. Available from alurity toolbox.
  • ROSPenTo is a penetration testing tool for the Robot Operating System (ROS). Simplifies sending XML remote procedure calls (XMLRPC) to the ROS Master and Nodes.
  • roschaos is a pentesting tool for ROS.
  • metasploit a framework that provides information about security vulnerabilities and aids in penetration testing and IDS signature development.
  • routersploit: is an exploitation framework for Embedded Devices.
  • ISF (Industrial Control System Exploitation Framework) is a exploitation framework based on Python. It's similar to metasploit but for ICS.
  • w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.
  • Social-Engineer Toolkit (SET) is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. Available on demand.

Articles

Scientific, tech reports and white papers

Scientific papers, white papers, technical reports and related.

Advisories