Projects & tools

5GC API Parse

5GC API parse is a BurpSuite extension that assesses 5G core network function by parsing the OpenAPI 3.0 not supported by previous OpenAPI extension in Burp and generating requests for intrusion tests purposes.

Link to the project

LoRa Craft

LoRa Craft is a small set of tools to receive signals with Software-Defined Radio, decode and craft LoRaWAN packets on top of a gr-lora GNU Radio module.

Link to the project

V2G Injector

Tools to intrude a V2G (Vehicle To Grid) PowerLine network and capture and inject V2G packets.

Link to the project

V2G decoder

Encode V2G (Vehicle To Grid) messages on the fly.

Link to the project


A collection of tools and Scapy dissectors to test Power-Line Communication (in)security:

  • Scapy Layers: create and craft your own HomePlugAV packets
  • sends 'GetDeviceTypeRequest' in broadcast mode to discover PLCs of the same AVLN
  • derives MAC address to get a Qualcomm DAK passphrase
  • hashes the DAK or NMK passphrase using the PBKDF1
  • performs a KODAK bruteforce on powerline
  • enables 'Sniffer mode' and uses Sniffer Indicate packet to retrieve CCos MAC address
  • dumps your entire PLC configure (PIB) into a file
  • patch arbitrary bytes of your PLC, or a field between bytes 0x0-0x400 (see the details of ModulePIB conditions in the Scapy layer).
  • parse HPGP messages and collect keys

Link to the project


Map 2G/3G/4G and more cellular networks in real life with a simple smartphone, pretty much like the osmocomBB monitoring feature.

Link to the project


A smart jamming proof of concept for mobile equipment that could be powered with the Modmobmap tool.

Link to the project

Subscribe to our mailing list

New content, events, products, services, and more!

* indicates required