IoT Crusher
OpCode 41 Security Inc.

Test for Default Credentials Across Legacy & Current Systems

HTTP Apps, IoT & Network Devices

Unique to our software is able to identify and test web applications in addition to identifying and testing IoT and network devices.

Plugin-in Architecture

Our plug-in architecture allows new devices and web application checks to be easily added and customized to specific environments. Our software also can generate the majority of the plugin code: writing a new plugin check is fast and easy.

No Brute Force Testing

Our code method tests just the credentials assigned to the device or application. Gone are lists of usernames and passwords like used in other software. The result is very little risk of account lockout.

Defeat CSRF & Tokens

Our HTTP application tests can dynamically log into web pages so CSRF and other token mechanisms are properly used for logins.

Accurate Fast Multi-Threaded Testing

Our application is multi-threaded. Combined with highly specific credential testing we achieve lightening fast scan times and extremely accurate results.

Intuitive Reports

Our reporting output is intuitive: either the default credentials exist and there is a vulnerability or not.

Python3, Platform & Protocol

Our core software is written in Python3 for forward compatibility, compatibility across multiple platforms as well as the ability to script plug-in checks to test any protocol Python allows.

The Business Case for IoT Crusher

Devices Not Managed Through a Centralized Policy Are The Most Potentially Vulnerable
Current Vulnerability Scanners Do Not Have Credential Intelligence
Most Default Credentials are Adminstrator or root Access

We use fingerprints for devices and run our own http application fingerprinting before testing to prevent breaches that may be due to vendor / 3rd party installation and repairs, system maintenance, configuration errors as well as human oversight that can lead to the default credentials either not being changed or being reset to the factory machine state. Our professional experience has led us to see credentialing issues occur in the field on the following types of systems:

Legacy & Network Systems:
*Point of Sale (PoS) Card Readers
*Vendor products (such as VoIP)
*Web Firewall Interfaces

Embedded Systems (IoT):
*Video Monitoring Systems
*Baby Cams

  • Help meet your regulartory and compliance needs by monitoring for credentialing issues across device types and protocols

  • Have a unique device? Easily script a solution through our plugin architecture using Python3

  • The speed of our checks and that our interface can easily be scripted means that our technology can be configured into a continuous monitoring solution to meet organizational needs

  • Our technology interfaces with industry known applications ensuring high quality idenfication and accurate device checks

How can we help you?