EVSE Red Team Toolkit
Project description
evsetool
A command-line utility to probe EVSE and CSMS over OCPP1.6, and sniff OCPP traffic over LAN.
Description
Open Charge Point Protocol (OCPP) is used to communicate betweeen Electric Vehicle Supply Equipment (EVSE) and Charge Station Management Systems (CSMS). This tool makes use of the OCPP library provided by MobilityHouse to query these systems for purposes of red team engagement. Using scapy, evsetool can also listen for all OCPP1.6 traffic sent over the local network (i.e. the WiFi network the EVSE is connected to).
Versions 2.0 and later of the OCPP protocol implement actual encryption, so the purpose of this tool in its current form is to demonstrate the vulnerability of OCPP1.6 in order to speed adoption of newer versions of the protocol.
*** This tool is for educational and awareness purposes only. Do NOT use this tool to attempt to breach systems for which you do not have explicit authorization to do so. The author(s) of this tool are not liable for any misuse of the tool ***
Getting Started
Dependencies
evsetool requires the following dependencies:
The tutorial in this section requires the following additional dependencies:
- Docker, with Docker Compose available
Installing
To install evsetool:
git clone https://github.com/witchofthewires/evsetool.git
cd evsetool
python -m venv venv
venv/bin/python -m pip install -r requirements.txt
To install StEVe, an open source CSMS, for purposes of testing:
git clone https://github.com/steve-community/steve.git
cd steve
sudo docker-compose up -d
Wait about 5 minutes for Docker Compose to bring the StEVE application online, then execute the following:
mariadb -u steve --password=changeme -P 3306 --skip-ssl < steve-config.sql
To run the sniffer, execute the following in the evsetool directory:
sudo venv/bin/python evsetool/evsetool.py --sniff -v
To query the CSMS with a dummy transaction, open a different terminal and execute the following in the same directory:
venv/bin/python evsetool/evsetool.py --csms -v
If all goes well, your output should resemble the following.
Running the tests
venv/bin/python -m pytest
License
This project is licensed under the MIT License - see the LICENSE.md file for details
Acknowledgements
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file evsetool-0.1.2.tar.gz.
File metadata
- Download URL: evsetool-0.1.2.tar.gz
- Upload date:
- Size: 4.8 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
80266f68d73e62905f502ce1533e02924372598e145b7c8aa463eb5c7bab4e17
|
|
| MD5 |
28b086ccea28dd5d460125fe8eb3ad7b
|
|
| BLAKE2b-256 |
0e89ffbc868cfe907544348229fe95d49aca043eb0282cfbe82f27d8653ebb17
|
File details
Details for the file evsetool-0.1.2-py3-none-any.whl.
File metadata
- Download URL: evsetool-0.1.2-py3-none-any.whl
- Upload date:
- Size: 10.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.0.1 CPython/3.12.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bd349b3ead0649522239a3ececa5911288db2da8e5caef589d2900e336d26d3d
|
|
| MD5 |
1d9a3cc9e2b428cab212983e8748644d
|
|
| BLAKE2b-256 |
4472937140ad7d699046b9c086825d4fce9d1bcea17c5d24400b2476903d98b1
|
