IoTGoat is a deliberately insecure firmware created to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices.
The IoTGoat Project is a deliberately insecure firmware based on OpenWrt and maintained by OWASP as a platform to educate software developers and security professionals with testing commonly found vulnerabilities in IoT devices. The vulnerability challenges are based on the OWASP IoT Top 10 noted below, as well as “easter eggs” from project contributors
The OpenWrt Project is a Linux operating system targeting embedded devices. Instead of trying to create a single, static firmware, OpenWrt provides a fully writable filesystem with package management. This frees you from the application selection and configuration provided by the vendor and allows you to customize the device through the use of packages to suit any application.
For developers, OpenWrt is the framework to build an application without having to build a complete firmware around it, for users this means the ability for full customization, to use the device in ways never envisioned.
Several methods exist to get started with hacking IoTGoat.
- For those looking to extract the filesystem, analyze configurations and binaries statically, download the latest precompiled firmware release from https://github.com/OWASP/IoTGoat/releases. Refer to OWASP’s Firmware Security Testing Methodology to help with identifying vulnerabilities.
- For dynamic web testing and binary runtime analysis, the quickest way to get started is downloading the latest “IoTGoat-x86.vmdk” (VMware) and create a custom virtual machine using the IoTGoat disk image. Refer to OWASP’s Web Security Testing Guide and ASVS projects for additional guidance on identifying web application vulnerabilities
- Emulate firmware with opensource tools (e.g. Firmadyne, ARM-X Framework, and FAT) that leverage QEMU to virtualize IoTGoat locally.
- Use the IoTGoat-raspberry-pi2-sysupgrade.img firmware to flash on a Raspberry Pi 2 (BRCM2708 & BRCM2709).
Building from source
OpenWrt can build many different CPU platforms and boards. Building from source gives users the flexibility to flash IoTGoat on supported OpenWrt hardware. Ensure 10-15GB disk space is available with at least 4GB of RAM and a supported Linux distribution such as Ubuntu 18.04. Use the following steps to get started with building custom firmware.
$ git clone https://github.com/OWASP/IoTGoat.git $ cd IoTGoat/OpenWrt/openwrt-18.06.2/ $ ./scripts/feeds update -a $ ./scripts/feeds install -a $ make menuconfig # select your preferred configuration for the toolchain, target system & firmware packages. $ make # Build your firmware with make. This will download all sources, build the cross-compile toolchain and then cross-compile the Linux kernel & all chosen applications for your target system.
The first build will take some time to complete and will vary based on the provided internet connection for downloading the toolchain. Once a successful build is complete, the compiled firmware will be placed in the following directory IoTGoat/OpenWrt/openwrt-18.06.2/bin/targets/ depending on the target selected in menuconfig.
For example, IoTGoat Raspberry Pi 2 firmware will be located in the following directory IoTGoat/OpenWrt/openwrt-18.06.2/bin/targets/brcm2708/bcm2709.
IoTGoat build configuration files are made availble for x86 (.config-x86) and Raspberry Pi 2 (.config-rpi) platforms.