LSE toolsLSE toolsExpliot (294)Expliot (294)

Tool and Usage

Project details

Programming language
Aseem Jakhar
Latest release
No release found
Latest release date

Project health

This score is calculated by different factors, like project age, last release date, etc.

Why this tool?

Expliot is a framework to perform security testing and exploitation of IoT infrastructure and IoT devices. It comes with a set of tests in the form of plugins. The framework can be extended by creating custom plugins. As you may expect from a tool like Expliot, the typical communication protocols and message buses are supported. Examples include CANBus, BLE, MQTT, CoAP. In other words, enough acronyms for those familiar with the technology.

How it works

Expliot is started using the efconsole tool. Besides some generic actions, this console can show (list) or execute (run) the defined plugins.

Usage and audience

Expliot is commonly used for IoT security testing, hardware security, or security assessment. Target users for this tool are pentesters and security professionals.


  • Command line interface
  • Extendable with custom tests and plugins

Example usage and output


__ __ _ _ _
\ \ / / | (_) | |
___ \ V / _ __ | |_ ___ | |_
/ _ \/ \| '_ \| | |/ _ \| __|
| __/ /^\ \ |_) | | | (_) | |_
\___\/ \/ .__/|_|_|\___/ \__|
| |

version: 0.1.0a1-1
version name: agni

Internet Of Things
Security Testing and Exploitation

By Aseem Jakhar
==== =======

blecharwrite Write a value to a characteristic on a BLE peripheral
canwrite Send a data frame on CANBus
khijack Remotely Switch Kankun SmartPlug ON/OFF
blecharfuzz Fuzz and write values to a characteristic on a BLE peripheral
mqttsub Subscribe to an MQTT Topic.
serialbrute Brute-force over serial connection to find hidden UART commands
tappunlock Unlock BLE Tapplocks in close proximity
blescan Scan for BLE devices
mbtcpread Read coil and register values from a Modbus server (slave)
mbtcpwrite Write coil and register values to a Modbus server (slave)
canread Read frames from CANBus
coapget Send a GET request to a CoAP server
sample Sample Summary
mqttpub Publish a message on a MQTT Topic.
mqttauth MQTT authentication cracker
Available plugins via efconsole

Tool review and remarks

The review and analysis of this project resulted in the following remarks for this security tool:


  • + The source code of this software is available

History and highlights

  • Demo at DEF CON 26 Demo Labs

Author and Maintainers

Expliot is under development by Aseem Jakhar.


Supported operating systems

Expliot is known to work on Linux.

Expliot alternatives

Similar tools to Expliot:



RouterSploit is a framework to test exploitation of embedded devices. It can be used as part of penetrating testing assignments or security assessments.



Btlejack is a security tool that provides all options to sniff, jam, and hijack Bluetooth Low Energy (BLE) devices. Read how it works in this tool review.



BTLE-Sniffer is a scanning tool that scans Bluetooth Low Energy (BLE) devices and tries to identify them. Read how it works in this tool review.

All Expliot alternatives

This tool page was updated at . Found an improvement? Help the community by submitting an update.

Related tool information


This tool is categorized as a IoT security tools.