Skip to content

CMSecurity/CameraObscura

Repository files navigation

CameraObscura - IP Cam Honeypot

Build Status

IP Cameras are often misused for wide range malware campaigns. The purpose of this project is to fake a IP Camera with the common features, such as camera stream, login or firmware upload to protocolize actions done by botnets.

This project is currently under development. Most of the features are not implemented yet.

For God's sake, don't deploy this to productive environments. It's an honeypot which also could be exploited.

(planned) Features

  • Fake Camera Endpoint (for HTTP POST/ GET etc.)
    • Fake camera stream
    • JSON configurable Routes to simulate logins or upload of new firmware according to the specifications of the manufacturers
    • Configurable headers to simulate a vulnerable webserver
  • Web Interface
    • Semi-Fake Web UI
    • Clone existing to simulate running vulnerable IP-Cams
  • Logging
    • JSON
    • Log (text)
    • SQL
    • Payload dump (e. g. on fake firmware upload or POST with file)
  • Fake other services (like RTSP)
    • RTSP
    • SSH/ Telnet (using cowrie)
  • Configuration
    • Company Logos (via config/templates)
    • Service/ Port redirect
    • Routes
  • Deployment/ Analysis/ Usage
    • CLI Commands (like start or restart)
    • Docker Image
    • Splunk/ ELK Usage
    • Upgrade process

Requirements

Python3

Recommendations

  • Don't run the honeypot as root
  • Don't run the honeypot on a productive environment
  • Use a dedicated, isolated environment (like qemu, lxd, lxc or docker)
  • It's still in development :)

License

MPL-2.0