Emulate more than 1,200 CPE and IoT devices solely
based on their firmware.
Honware automatically processes a standard firmware image (as is commonly provided for updates), customises the filesystem and runs the system with special pre-built Linux kernels for ARM and MIPS.
Supports more than 1,200 firmware images including images from Asus, Belkin, D-Link, EYEMAX-DVR, Linksys, Netgear, OpenWrt, TP-Link, TRENDNET, Tomato by Shibby and Zyxel.
Honeypots are set up within minutes and shortly thereafter, log traffic. Each honeypot has its own IPv4 address based on DigitalOcean/Hetzner VMs.
Use any firmware image and honware will check if it can be run. Get in touch if you need help processing your image.
Honware uses Moloch to store and index network traffic in standard PCAP format and to provide fast, indexed access with lots of search capabilities.
The honeypot framework allows you to select from more than 1,200 firmware images across 11 vendors, but also to upload your own firmware images.
Lock down your honeypot so that only you can interact with it to find vulnerabilities or to verify system properties.
ADSL Modems, Routers, Access Points, Webcams, DVRs - we got them all.
Each honeypot has its own IPv4 address based on DigitalOcean droplets.
Honware runs Linux-based devices for ARM and MIPS architectures.
We run all applications (e.g. web/telnet/upnp) as shipped by the firmware - run the real "thing" and not just any thing.
Honware uses QEMU and customised kernels to decouple the execution of the firmware from the underlying hardware.
Honware was presented at APWG eCrime 2019. The paper can be found here and the presentation here.
If you want access to honware, you will need to contact me. In the first instance you should briefly describe your (research) project, a bit about yourself/affiliation and how honware can help out. Keep it brief, but write enough so that we can confirm you're going to be using honware non-maliciously.