Awesome Automotive Security [](https://awesome.re)

March 23, 2026 ยท View on GitHub

A curated Awesome-list for automotive security tools and knowledge. If other better lists exist, we'll try to reference them instead of duplicating work.

Table of Contents

CAN Bus Analysis

  • can-utils - Linux-CAN SocketCAN userspace utilities including cansniffer, candump, cansend, canplayer, and cangen for CAN bus analysis.
  • SavvyCAN - Cross-platform Qt-based CAN bus reverse engineering and capture tool with DBC file loading, UDS scanning, and fuzzing support.
  • Kayak - Java-based CAN bus analysis tool with bus monitoring and DBC/KCD file loading support.
  • ICSim - Instrument Cluster Simulator for safe CAN bus security testing with virtual dashboard controls.
  • CANToolz - Black-box CAN network analysis framework also known as YACHT with modular architecture for fuzzing and ECU discovery.
  • cantools - Python library for CAN bus diagnostics, DBC parsing, and message decoding/encoding.
  • Lindwurm - Open-source CAN bus tracing and fuzzing tool designed for penetration testing with Burp Suite-inspired workflow.
  • CANgaroo - Open-source CAN bus analyzer with transmit/receive support for standard and FD frames plus DBC decoding.
  • CaringCaribou - Python automotive security exploration tool designed as the nmap of CAN bus with fuzzing, ECU discovery, and attack modules.
  • CANalyse - Vehicle network analysis tool with SQL-like queries on CAN data, smart signal scanning, and Telegram bot integration.
  • CANter - Intrusion detection system for CAN and CAN-FD that detects drop-and-spoof attacks using frequency analysis of frame intervals.
  • OBDium - Rust-based OBD-II diagnostic tool with modern Tauri GUI supporting live data, DTC analysis, and offline VIN decoding.

Diagnostic Tools

  • UDSim - UDS (Unified Diagnostic Services) ECU simulator and fuzzer for discovering and testing UDS services.
  • VW_Flash - Flashing tools for VW AG control units over UDS supporting Simos18.1/6/10 and DQ250-MQB.
  • conescan - Automotive ECU hacking supertool for firmware dumping and manipulation via J2534 OBD interfaces.
  • uds-firmware-extraction - Tool for extracting ECU firmware from UDS flash traffic following ISO-14229 standard.
  • Atlas - Open-source ECU calibration application for Subaru and Toyota with Ghidra integration for firmware analysis.
  • UnlockECU - Free seed-key unlocking tool for Bosch, Continental, Delphi, Daimler, and Marquardt ECUs without proprietary DLLs.
  • Ford-ECU-Bruteforcer - Security access brute-force tool for pre-2011 Ford ECUs with 3-byte seed and 5-byte key.
  • pq-flasher - Python tools for reflashing VW PQ35 EPS using TP 2.0 transport layer and KWP2000 diagnostics.

Automotive Ethernet

  • ICS CAP - Free Wireshark plugin for monitoring Automotive Ethernet, CAN, CAN FD, LIN, and FlexRay networks.
  • eth-ws-someip - Wireshark LUA dissectors for Automotive Ethernet SOME/IP and SOME/IP-SD protocols (Autosar 4.2).
  • Scapy - Python packet manipulation library with support for DoIP, SOME/IP, AUTOSAR PDUs, SecOC, CAN-FD, and FlexRay protocols.
  • ProtoCrawler - Intelligent protocol fuzzer for SOME/IP, DoIP, UDS, and Ethernet AVB satisfying ISO/SAE 21434 testing requirements.

RF and Key Fob Analysis

  • KeyFob Analysis Toolkit (KAT) - Toolkit for analyzing, decoding, and retransmitting key fob signals with support for HackRF, RTL-SDR, and Flipper Zero.
  • Universal Radio Hacker (URH) - Open-source suite for wireless protocol investigation with native SDR support and easy signal demodulation.
  • rtl_433 - Generic ISM band receiver for decoding TPMS sensors and key fobs at 315/433/868/915 MHz with RTL-SDR.
  • Flipper Zero - Handheld multi-tool with Sub-GHz capabilities for reading, saving, and transmitting key fob signals with automotive database.
  • Proxmark3 - Industry-standard RFID/NFC research tool for reading, cloning, and emulating immobilizer transponders at 125kHz and 13.56MHz.
  • Flipper-ARF - Automotive-focused firmware fork for Flipper Zero supporting Keeloq, rolling codes, and VAG protocol analysis.

Infotainment and IVI

  • ic1101 - Open research project for reverse engineering 10th generation Honda Civic infotainment systems (Android-based, NVIDIA Tegra 3).
  • Chimaera - Research framework for IVI (In-Vehicle Infotainment) firmware reverse engineering and exploitation targeting Hyundai/Kia Gen5W_L systems.

V2X Security

  • V2Verifier - Open-source V2X security testbed with first open-source IEEE 1609.2 implementation for DSRC and C-V2X.

Security Analysis

  • QuickTARA - Professional-grade TARA (Threat Analysis and Risk Assessment) tool implementing STRIDE analysis and ISO 21434/UN R155 compliance.
  • Security AutoDesigner - Automated TARA platform for creating ISO 21434 and UNR 155 compliant threat analysis reports.

Penetration Testing

  • Car Toolkit - Python-based toolkit for automotive penetration testing with CAN suite, CARAL, and virtual test bench setup.
  • PiCCANTE - Dirt-cheap CAN bus exploration tool built on Raspberry Pi Pico as an open-source hardware/software solution.
  • pwnobd - Offensive cybersecurity toolkit for vulnerability analysis of OBD-II devices presented at Black Hat Europe 2024.
  • DongleScope - Automated tool for detecting vulnerabilities in wireless OBD-II dongles based on USENIX Security 2020 research.
  • SecOC Key Extractor - Scripts to extract SecOC (Secure On-Board Communication) keys from Toyota vehicles using comma.ai panda hardware.
  • tesla-opener - Open-source tool to open Tesla charging port using HackRF and WebUSB with ASK/OOK RF transmission.

Learning Resources