Welcome to MQTT-Security-Labs, a hands-on training platform designed to enhance understanding and awareness of security vulnerabilities within MQTT protocols and brokers. This repository includes practical exercises and simulations for four common MQTT attack scenarios.
-
Sensible Topic Subscribing and Publishing
- This scenario demonstrates how attackers can subscribe to sensitive topics to intercept confidential data or publish malicious data.
- Lab 1: available at labs/sensible-topics/README.md).
-
Information Grabber from Broker
- Explore how attackers can exploit vulnerabilities in MQTT brokers to extract sensitive information, compromising data privacy and integrity.
- Lab 2: available at /labs/info-grabber/README.md.
-
Credentials Brute Force on Broker Topics
- This lab shows how attackers can perform brute force attacks to crack usernames and passwords, gaining unauthorized access to MQTT topics.
- Lab 3: TBA.
-
Command and Control from Vulnerable Brokers
- Learn how compromised MQTT brokers can be used for command and control operations, leading to unauthorized control and manipulation of IoT devices.
- Lab 4: TBA.
To get started with MQTT-Security-Labs:
- Clone this repository.
- Install any required tools and dependencies (listed in each scenario's folder).
- Navigate to each scenario's dedicated folder for detailed instructions and setup guides.
- Basic understanding of MQTT protocol.
- Familiarity with network security concepts.
- Tools for simulating MQTT environments (e.g., Mosquitto broker, MQTT client applications).
We welcome contributions and suggestions! Please open an issue or submit a pull request with your improvements.
This project is licensed under the MIT License - see the LICENSE.md file for details.
- Special thanks to all contributors and the cybersecurity community for their insights and support in creating these labs.
Enjoy your hands-on journey through MQTT security with MQTT-Security-Labs!