{"id":19408826,"url":"https://github.com/rundtstykker/application-security---mqtt","last_synced_at":"2026-06-18T00:31:38.477Z","repository":{"id":176472033,"uuid":"465793908","full_name":"rundtstykker/Application-security---MQTT","owner":"rundtstykker","description":"Lego windmill project (private)","archived":false,"fork":false,"pushed_at":"2023-06-24T19:43:32.000Z","size":6,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-02-25T02:17:54.089Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rundtstykker.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-03-03T16:16:21.000Z","updated_at":"2023-06-28T01:39:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"656cec74-b50b-4cf0-8c58-ff8437bdf4af","html_url":"https://github.com/rundtstykker/Application-security---MQTT","commit_stats":null,"previous_names":["regneisokgen/application-security---mqtt","rundtstykker/application-security---mqtt"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/rundtstykker/Application-security---MQTT","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rundtstykker%2FApplication-security---MQTT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rundtstykker%2FApplication-security---MQTT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rundtstykker%2FApplication-security---MQTT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rundtstykker%2FApplication-security---MQTT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rundtstykker","download_url":"https://codeload.github.com/rundtstykker/Application-security---MQTT/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rundtstykker%2FApplication-security---MQTT/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34471638,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-17T02:00:05.408Z","response_time":127,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-10T12:08:09.531Z","updated_at":"2026-06-18T00:31:38.461Z","avatar_url":"https://github.com/rundtstykker.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# lego MQTT publisher/subscriber\nDemostatres how securtity vulnerabilities materialize in the kinetic world, especially in thr IoT field.\n\n# Application vulnerabilities\nOften custom-deployed MQTT brokers are not secured against strong authentication/authorization mechanism. This is often seen in upper-layer LoRa security, where application layer security is not present in LoRa and LoRaWAN networks. It's not uncommon to see clear-text MQTT messages used over LoRa and LoRaWAN networks. In the field, I've seen 1. no authentication or authorization on MQTT broker and topics 2. no encryption on the transit data with TLS or mcrypt for payload encryption.\n\nYou should encrypt MQTT traffic with TLS 1.2. Considering on the processing cycles available on hardware, this may not always be possible. Because proper (v1.2) TLS implementation requires overhead for generating thecertificate, applying and verifying the validity and certificate chains.\n\n# Uage\nmain_run.py runs on the Onion Omega\n\ntest_pub.py is the attacker publishing messages to the MQTT broker on the Onion Omega\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frundtstykker%2Fapplication-security---mqtt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frundtstykker%2Fapplication-security---mqtt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frundtstykker%2Fapplication-security---mqtt/lists"}