If you don’t know what the MQTT protocol is I suggest watching the lecture “DEFCON 24 – Light Weight Protocol: Critical Implications” by Lucas Lundgren.
Joffrey is a wordlist based multi-threaded brute forcer for protected MQTT brokers. It can be found here on Github. The script is written in Python and is pretty straightforward.
Usage: python joffrey.py [ARGS] Options: -h, --help show this help message and exit -t TARGET Target domain or ip to invade -p PORT Target port (optional) --threads=NRTHREADS Amount of threads for the King to do as he please with -u USERNAME Specify username -w WORDLIST Path to wordlist
Leave a Reply