TR-069 Honeypot
Python HTML Shell CSS Other
Switch branches/tags
Nothing to show
Clone or download
Latest commit fe47ba9 Mar 16, 2016
Failed to load latest commit information.
src added init script Feb 12, 2016
.gitignore updated gitignore Feb 12, 2016
LICENSE Create LICENSE Jun 2, 2015 added setup file Feb 12, 2016 added setup file Feb 12, 2016


HoneyThing is a honeypot for Internet of TR-069 things. It's designed to act as completely a modem/router that has RomPager embedded web server and supports TR-069 (CWMP) protocol.

Project idea was created by Ali Ikinci and offered as Honeynet GSoC project in 2015.


Basic features:

  • Emulates some popular vulnerabilities for RomPager as Misfortune Cookie, Rom-0 etc.
  • TR-069 protocol support. Implements mostly used TR-069 CPE commands. e.g: GetRPCMethods, Get/Set ParameterValues, Download...
  • Modem web interface to increase the interaction with attacker.
  • All communication with services (http.log, cwmp.log) and state of honeypot (started/stopped, error etc. to honeything.log) are logged in parsable text format.


Debian and RPM packages will be available soon.


There're 2 ways to install HoneyThing:

For all of them, your system must have Python 2.7 (or above) and PycURL package.

  • Setup Script: Using setup script requires python setuptools package installed on the system. After downloading and extracting HoneyThing, you can simply go to extracted directory and run;

python install

  • Pre-Built Packages: HoneyThing can be installed by using pre-built packages for Ubuntu and CentOS. Packages can be downloaded from download section and will be added for any stable release.

For Ubuntu;

dpkg -i honeything_x.y.z.deb

For CentOS;

rpm -i honeything_x.y.z.rpm


After installation, some parameters can be changed optional by using configuration file. There're 4 section in config file:

  • http: HTTP listen address/port can be edited in this section.
  • cwmp: Some TR-069 parameters as listen address/port, ACS url, download directory for "download" CPE command, connection request path etc. can be edited.
  • cpe: In cpe section, there're lots of variables related to modem/router device like manufacturer, serial number, model name etc. They can be edited to provide device variety in ACS communication.
  • logging: Log file paths, log level and some protocol specific parameters can be changed in this section.


If you installed HoneyThing with setup script or pre-built packages, honeything can be run by using following commands:

service honeything {start|stop|restart|status}


/etc/init.d/honeything {start|stop|restart|status}


A paper about this project is published (in TURKISH) at International Conference on Information Security and Cryptology [ISCTurkey 2015]. It is accessible online from here.


The project:

and special thanks to Bâkır Emre for taking the first step.

Note: This project is also being developed as Istanbul Sehir University master's thesis.