Embedded and IoT Security


Awesome Embedded and IoT Security Awesome

A curated list of awesome resources about embedded and IoT security. The list contains software and hardware tools, books, research papers and more.

Botnets like Mirai have proven that there is a need for more security in embedded and IoT devices. This list shall help beginners and experts to find helpful resources on the topic.
If you are a beginner, you should have a look at the Books and Case Studies sections.
If you want to start right away with your own analysis, you should give the Analysis Frameworks a try. They are easy to use and you do not need to be an expert to get first meaningful results.

Items marked with 💶 are comercial products.

Software Tools

Software tools for analyzing embedded/IoT firmware.

Analysis Frameworks

  • EXPLIoT - Pentest framework like Metasploit but specialized for IoT.
  • FACT - The Firmware Analysis and Comparison Tool - Full-featured static analysis framework including extraction of firmware, analysis utilizing different plug-ins and comparison of different firmware versions.
  • FwAnalyzer - Analyze security of firmware based on customized rules. Intended as additional step in DevSecOps, similar to CI.

Analysis Tools

  • Binwalk - Searches a binary for "interesting" stuff.
  • Firmadyne - Tries to emulate and pentest a firmware.
  • firmwalker - Searches extracted firmware images for interesting files and information.
  • Firmware Slap - Discovering vulnerabilities in firmware through concolic analysis and function clustering.
  • Ghidra - Software Reverse Engineering suite; handles arbitrary binaries, if you provide CPU architecture and endianness of the binary.
  • Radare2 - Software Reverse Engineering framework, also handles popular formats and arbitrary binaries, has an extensive command line toolset.
  • Trommel - Searches extracted firmware images for interesting files and information.

Extraction Tools

  • Binwalk - Extracts arbitrary files utilizing a carving approach.
  • FACT Extractor - Detects container format automatically and executes the corresponding extraction tool.
  • Firmware Mod Kit - Extraction tools for several container formats.
  • The SRecord package - Collection of tools for manipulating EPROM files (can convert lots of binary formats).

Support Tools

  • JTAGenum - Add JTAG capabilities to an Arduino.
  • OpenOCD - Free and Open On-Chip Debugging, In-System Programming and Boundary-Scan Testing.

Hardware Tools

  • Bus Blaster - Detects and interacts with hardware debug ports like UART and JTAG.
  • Bus Pirate - Detects and interacts with hardware debug ports like UART and JTAG.
  • JTAGULATOR - Detects JTAG Pinouts fast.
  • Saleae - Easy to use Logic Analyzer that support many protocols 💶.
  • Ikalogic - Alternative to Saleae logic analyzers 💶.
  • HydraBus - Open source multi-tool hardware similar to the BusPirate but with NFC capabilities.
  • ChipWhisperer - Detects Glitch/Side-channel attacks.
  • Glasgow - Tool for exploring and debugging different digital interfaces.
  • J-Link - J-Link offers USB powered JTAG debug probes for multiple different CPU cores 💶.


Research Papers

Case Studies

Free Training



Conferences focused on embedded and/or IoT security.


Contributions welcome! Read the contribution guidelines first.



To the extent possible under law, Fraunhofer FKIE has waived all copyright and related or neighboring rights to this work.