Skip to content

omererdem/honeything

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
src
src
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.md
README.md
 
 
setup.py
setup.py
 
 

Repository files navigation

HoneyThing

HoneyThing is a honeypot for Internet of TR-069 things. It's designed to act as completely a modem/router that has RomPager embedded web server and supports TR-069 (CWMP) protocol.

Project idea was created by Ali Ikinci and offered as Honeynet GSoC project in 2015.

Features

Basic features:

  • Emulates some popular vulnerabilities for RomPager as Misfortune Cookie, Rom-0 etc.
  • TR-069 protocol support. Implements mostly used TR-069 CPE commands. e.g: GetRPCMethods, Get/Set ParameterValues, Download...
  • Modem web interface to increase the interaction with attacker.
  • All communication with services (http.log, cwmp.log) and state of honeypot (started/stopped, error etc. to honeything.log) are logged in parsable text format.

Download

Debian and RPM packages will be available soon.

Installation

There're 2 ways to install HoneyThing:

For all of them, your system must have Python 2.7 (or above) and PycURL package.

  • Setup Script: Using setup script requires python setuptools package installed on the system. After downloading and extracting HoneyThing, you can simply go to extracted directory and run;

python setup.py install

  • Pre-Built Packages: HoneyThing can be installed by using pre-built packages for Ubuntu and CentOS. Packages can be downloaded from download section and will be added for any stable release.

For Ubuntu;

dpkg -i honeything_x.y.z.deb

For CentOS;

rpm -i honeything_x.y.z.rpm

Configuration

After installation, some parameters can be changed optional by using configuration file. There're 4 section in config file:

  • http: HTTP listen address/port can be edited in this section.
  • cwmp: Some TR-069 parameters as listen address/port, ACS url, download directory for "download" CPE command, connection request path etc. can be edited.
  • cpe: In cpe section, there're lots of variables related to modem/router device like manufacturer, serial number, model name etc. They can be edited to provide device variety in ACS communication.
  • logging: Log file paths, log level and some protocol specific parameters can be changed in this section.

Run

If you installed HoneyThing with setup script or pre-built packages, honeything can be run by using following commands:

service honeything {start|stop|restart|status}

or

/etc/init.d/honeything {start|stop|restart|status}

Documentation

A paper about this project is published (in TURKISH) at International Conference on Information Security and Cryptology [ISCTurkey 2015]. It is accessible online from here.

Credits

The project:

and special thanks to Bâkır Emre for taking the first step.

Note: This project is also being developed as Istanbul Sehir University master's thesis.

About

TR-069 Honeypot

Resources

Readme

License

GPL-3.0 license
Activity

Stars

122 stars

Watchers

13 watching

Forks

43 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages