5 ESP8266/NodeMCU Security Projects

Firstly, the ESP8266 is a Wifi chip where as the NodeMCU is an open source IoT device which uses the Wifi chip.

These devices can be bought from a lot of different companies for a relatively low cost amount. When I bought some from amazon recently it was £8 for 3. Since then, I’ve seen them for less and I’ve seen them for more.

There are an endless number of projects you can either develop with these and there are existing projects out there on Github.

Below is a list of ones that I’ve come across that I find particularly interesting.

ESPKey

The original Espkey can be found at red team tools or you can download their github and get the plan to build your own, however there is a version that can be run on a NodeMCU.

ESPKey is an interesting device from a physical penetration testing point of view, as once built, these devices sit within an RFID Badge scanner and capture all the instances where someone has used an RFID badge and stores their credentials should you wish to program these to an RFID Tag.

Not only that, you can replay these credentials from your phone as the device is accessed using a built in web interface.

If you ever see anyone doing anything to an RFID reader in a building you work in, challenge them!!

CulbertReport – ESPKEY Link

Rogue Ap

Yes, You can set up a Rogue AP using a NodeMCU, this one however creates a captive login portal whenever someone connects to it.

This comes pre-formatted with things like Google or Facebook but you can easily create your own, maybe for a coffee shop or hotel?

Once someone has entered a username and password this is stored within the webapp.

This project was made by grcasanova and you can find it on their Github Page Here

ESP8266 Deauther

This is a tool for de-authenticating clients, blocking connections and creating multiple fake access points.

It is a powerful NodeMCU project that in the click of a button can put out up to 50 fake SSID’s with randomised signal strength, these can all be different or you can use the same SSID 50 times.

If you want to create a lot of confusion over which AP people should be using, this easily does that.

It was created by SpaceHuhnTech and can be found on Github Here

Wifi Repeater

A NodeMCU can easily be turned into a Wifi repeater using this project!

These can be used in physical penetration testing as their are easy to hide and you can also use these in your home network if you wanted to as they do support mesh!

This particular one was made by MartinGer and can be found on Github Here

ESP8266 Wifi Sniffer

This is a serious eavesdropping tool!

This will not only tell you which mac addresses are within Wifi range to help you with your information gathering but will also tell you which Wifi Networks they are calling out to.

This information, in the wrong hands, creates a serious vulnerability, the worst part is the average customer or employee will not know one of these is nearby.

With this information you can then structure a rogue AP or you could learn the movements of a particular individual by this method.

Its also really difficult to detect one if one of these is in your building or when your in public, as with a battery bank, this fits in a pocket or can be hidden anywhere.

This project was made by kalanda and you can find it on Github Here

Conclusion

I really hoped you liked learning about some of these projects, this list is not exhaustive in any way as there are thousands of these types of projects out there.

Marc

Their Security Blog

A blog relating to the world of pen testing and capture the flag games