HTTP Apps, IoT & Network Devices
Unique to our software is able to identify and test web applications in addition to identifying and testing IoT and network devices.
Our plug-in architecture allows new devices and web application checks to be easily added and customized to specific environments. Our software also can generate the majority of the plugin code: writing a new plugin check is fast and easy.
No Brute Force Testing
Our code method tests just the credentials assigned to the device or application. Gone are lists of usernames and passwords like used in other software. The result is very little risk of account lockout.
Defeat CSRF & Tokens
Our HTTP application tests can dynamically log into web pages so CSRF and other token mechanisms are properly used for logins.
Accurate Fast Multi-Threaded Testing
Our application is multi-threaded. Combined with highly specific credential testing we achieve lightening fast scan times and extremely accurate results.
Our reporting output is intuitive: either the default credentials exist and there is a vulnerability or not.
Python3, Platform & Protocol
Our core software is written in Python3 for forward compatibility, compatibility across multiple platforms as well as the ability to script plug-in checks to test any protocol Python allows.
The Business Case for IoT Crusher
Current Vulnerability Scanners Do Not Have Credential Intelligence
We use fingerprints for devices and run our own http application fingerprinting before testing to prevent breaches that may be due to vendor / 3rd party installation and repairs, system maintenance, configuration errors as well as human oversight that can lead to the default credentials either not being changed or being reset to the factory machine state. Our professional experience has led us to see credentialing issues occur in the field on the following types of systems:
Legacy & Network Systems:
*Point of Sale (PoS) Card Readers
*Vendor products (such as VoIP)
*Web Firewall Interfaces
Embedded Systems (IoT):
*Video Monitoring Systems
Help meet your regulartory and compliance needs by monitoring for credentialing issues across device types and protocols
Have a unique device? Easily script a solution through our plugin architecture using Python3
The speed of our checks and that our interface can easily be scripted means that our technology can be configured into a continuous monitoring solution to meet organizational needs
Our technology interfaces with industry known applications ensuring high quality idenfication and accurate device checks