Vasaka VisoottivisethPhuripat AkarasiriwongSiravitch ChaiyasartSiravit ChotivatunyuMahidol University2018-12-212019-03-142018-12-212019-03-142017-12-19IEEE Region 10 Annual International Conference, Proceedings/TENCON. Vol.2017-December, (2017), 2279-228421593450215934422-s2.0-85044187794https://repository.li.mahidol.ac.th/handle/20.500.14594/42310© 2017 IEEE. The Internet of Thing (IoT) technology has been growing rapidly with many implementations. However, because of its ability to perform tasks and handle the sensitive information and also the paucity of user security awareness, IoT devices contain many potential risks and are the new target of attacks. In this paper, we develop a penetration testing system for IoT devices called PENTOS in order to increase the user security awareness. The system comes with the GUI running on Kali Linux which is specifically designed for ethical hacking. PENTOS automatically gathers the information of the target IoT device through the wireless communication, which are WiFi and Bluetooth. The system allows users to perform various kinds of penetration testing on their IoT devices such as the password attack, web attack, and wireless attack in order to gain the privilege access by multiple algorithms. Moreover, the system also provides the basic security guidance according to the OWASP's Top 10 IoT Vulnerabilities to educate users and increase the security awareness. After the penetration testing, the system then summarizes the results of all attacking modules and gives the recommendations for the secure deployment to avoid possible threats.Mahidol UniversityComputer ScienceEngineeringConference PaperSCOPUS10.1109/TENCON.2017.8228241