Speedy Open Framework for Automated Honeypot-development
SOFAH is an open-source framework designed to facilitate the rapid and automated development of honeypots being specifically optimized for Internet of Things (IoT) devices, but will work for other use cases as well. Developed as part of a project report for a Computer Science program, SOFAH aims to address the challenges in developing flexible honeypots that can adapt to the dynamic landscape of cybersecurity threats targeting IoT devices.
To the GitHub repositoryFeatures #
- Automated Honeypot Development: Quickly generate honeypots tailored for various IoT devices with minimal manual intervention.
- Dockerized Components: Leverages Docker and Docker Compose for easy deployment and isolation of honeypot services.
- Extensible Architecture: Modular design allows for easy extension and customization of the framework to support new types of IoT devices and services.
- Automated Data Generation: Supports the automatic generation and normalization of datasets for honeypot simulation.
- Comprehensive Logging: Integrated logging services for capturing and analyzing interactions with the deployed honeypots.
Components #
SOFAH is composed of several key components, each running in its own Docker container for isolation and scalability:
- Recon: Module for reconnaissance and data collection on IoT devices.
- ENNORM (ENrichment NORMalization): Processes reconnaissance data to generate datasets and configurations for the honeypots.
- Honeypot Services: Dockerized services that simulate various IoT device functionalities.
- Logging Services: Captures and aggregates logs from honeypot interactions for analysis.