add Secure MQTT

pentesting/1883-8883-pentesting-mqtt-mosquitto.md

@@ -1,10 +1,10 @@
-# 1883 - Pentesting MQTT (Mosquitto)
+# 1883,8883 - Pentesting MQTT (Mosquitto)
 
 ## Basic Information
 
 MQTT stands for MQ Telemetry Transport. It is a publish/subscribe, **extremely simple and lightweight messaging protocol**, designed for constrained devices and low-bandwidth, high-latency or unreliable networks. The design principles are to minimise network bandwidth and device resource requirements whilst also attempting to ensure reliability and some degree of assurance of delivery. These principles also turn out to make the protocol ideal of the emerging “machine-to-machine” (M2M) or “Internet of Things” world of connected devices, and for mobile applications where bandwidth and battery power are at a premium.
 
-**Default port:** 1883
+**Default port:** 1883 (clear), 8883 (Secure MQTT, MQTT over TLS) [[1][1]]
 
 ```
 PORT     STATE SERVICE                 REASON
@@ -43,6 +43,7 @@ mosquitto_sub -t 'test/topic' -v #Subscriribe to 'test/topic'
 Or you could **run this code to try to connect to a MQTT service without authentication, subscribe to every topic and listen them**:
 
 ```python
+#!/usr/bin/env python
 #This is a modified version of https://github.com/Warflop/IOT-MQTT-Exploit/blob/master/mqtt.py
 import paho.mqtt.client as mqtt
 import time
@@ -99,3 +100,6 @@ The first field of the fixed header represents the type of the MQTT Packet. All
 ## Shodan
 
 * `port:1883 MQTT`
+* `port:8883 MQTT`
+
+[1]:http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Network_Connections