KillerBee Package Description
KillerBee is a Python based framework and tool set for exploring and exploiting the security of ZigBee and IEEE 802.15.4 networks. Using KillerBee tools and a compatible IEEE 802.15.4 radio interface, you can eavesdrop on ZigBee networks, replay traffic, attack cryptosystems and much more. Using the KillerBee framework, you can build your own tools, implement ZigBee fuzzing, emulate and attack end-devices, routers and coordinators and much more.
Source: https://code.google.com/p/killerbee/
KillerBee Homepage | Kali KillerBee Repo
- Author: Joshua Wright
- License: BSD
Tools included in the killerbee package
zbid – Identifies available interfaces
Identifies available interfaces that can be used by KillerBee and associated tools.
zbfind – GTK GUI application for tracking the location of an IEEE 802.15.4 transmitter
A GTK GUI application for tracking the location of an IEEE 802.15.4 transmitter by measuring RSSI. Zbfind can be passive in discovery (only listen for packets) or it can be active by sending Beacon Request frames and recording the responses from ZigBee routers and coordinators.
zbgoodfind – Search a binary file to identify the encryption key for a given SNA
[email protected]:~# zbgoodfind -h
zbgoodfind - search a binary file to identify the encryption key for a given
SNA or libpcap IEEE 802.15.4 encrypted packet - [email protected]
Usage: zbgoodfind [-frRFd] [-f binary file] [-r pcapfile] [-R daintreefile]
[-F Don't skip 2-byte FCS at end of each frame]
[-d genenerate binary file (test mode)]
zbassocflood – Transmit a flood of associate requests to a target network
[email protected]:~# zbassocflood -h
zbassocflood: Transmit a flood of associate requests to a target network.
[email protected]
Usage: zbassocflood [-pcDis] [-i devnumstring] [-p PANID] [-c channel]
[-s per-packet delay/float]
e.x. zbassocflood -p 0xBAAD -c 11 -s 0.1
zbreplay – Replay ZigBee/802.15.4 network traffic
[email protected]:~# zbreplay -h
zbreplay: replay ZigBee/802.15.4 network traffic from libpcap or Daintree files
[email protected]
Usage: zbreplay [-rRfiDch] [-f channel] [-r pcapfile] [-R daintreefile]
[-i devnumstring] [-s delay/float] [-c countpackets]
zbdsniff – Decode plaintext key ZigBee delivery from a capture file
[email protected]:~# zbdsniff
zbdsniff: Decode plaintext key ZigBee delivery from a capture file. Will
process libpcap or Daintree SNA capture files. [email protected]
Usage: zbdsniff [capturefiles ...]
zbconvert – Convert Daintree SNA files to libpcap format and vice-versa
[email protected]:~# zbconvert -h
zbconvert - Convert Daintree SNA files to libpcap format and vice-versa.
[email protected]
Note: timestamps are not preserved in the conversion process. Sorry.
Usage: zbconvert [-n] [-i input] [-o output] [-c count]
zbdump – A tcpdump-like tool for ZigBee/IEEE 802.15.4 networks
[email protected]:~# zbdump -h
zbdump - a tcpdump-like tool for ZigBee/IEEE 802.15.4 networks
Compatible with Wireshark 1.1.2 and later - [email protected]
Usage: zbdump [-fiwDch] [-f channel] [-w pcapfile] [-W daintreefile]
[-i devnumstring]
zbstumbler – Transmit beacon request frames to the broadcast address
[email protected]:~# zbstumbler -h
zbstumbler: Transmit beacon request frames to the broadcast address while
channel hopping to identify ZC/ZR devices. [email protected]
Usage: zbstumbler [-iscwD] [-i devnumstring] [-s per-channel delay] [-c channel]
[-w report.csv]
KillerBee Usage Example
[email protected]:~# coming soon