gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ecf0ccb9fb
secubox-openwrt/package/secubox/luci-app-iot-guard
History
CyberMind-FR e58f479cd4 feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats 
Add detection patterns for latest actively exploited vulnerabilities:
- CVE-2025-55182 (React2Shell, CVSS 10.0)
- CVE-2025-8110 (Gogs RCE), CVE-2025-53770 (SharePoint)
- CVE-2025-52691 (SmarterMail), CVE-2025-40551 (SolarWinds)
- CVE-2024-47575 (FortiManager), CVE-2024-21887 (Ivanti)
- CVE-2024-3400, CVE-2024-0012, CVE-2024-9474 (PAN-OS)

New attack categories based on OWASP Top 10 2025:
- HTTP Request Smuggling (TE.CL/CL.TE conflicts)
- AI/LLM Prompt Injection (ChatML, instruction markers)
- WAF Bypass techniques (Unicode normalization, double encoding)
- Supply Chain attacks (CI/CD poisoning, dependency confusion)
- Extended SSTI (Jinja2, Freemarker, Velocity, Thymeleaf)
- API Abuse (BOLA/IDOR, mass assignment)

CrowdSec scenarios split into 11 separate files for reliability.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-12 05:02:57 +01:00
..
htdocs/luci-static/resources/view/iot-guard feat(waf): Update WAF scenarios with 2024-2025 CVEs and OWASP threats 2026-02-12 05:02:57 +01:00
root fix(iot-guard): Add default UCI config file 2026-02-11 11:42:03 +01:00
Makefile
README.md

README.md

LuCI IoT Guard

LuCI dashboard for IoT Guard device isolation and security monitoring.

Features

  • Overview Dashboard - Security score, device counts, risk distribution
  • Device List - Filterable table with device details
  • Device Actions - Isolate, trust, or block devices
  • Cloud Mapping - View cloud services each device contacts
  • Anomaly Alerts - Real-time anomaly notifications
  • Policy Management - Vendor classification rules
  • Settings - Configure auto-isolation, thresholds, zones

Installation

opkg install luci-app-iot-guard

Requires secubox-iot-guard backend package.

Menu Location

SecuBox > Services > IoT Guard

Screens

Overview (/iot-guard/overview)

Dashboard with:

  • Device count, isolated, blocked, high-risk stats
  • Security score (0-100%)
  • Device grid grouped by risk level
  • Recent anomaly events

Devices (/iot-guard/devices)

Device management table:

  • MAC, IP, hostname, vendor, class, risk, score, zone, status
  • Click to view device detail modal with cloud deps and anomalies
  • Quick actions: Isolate, Trust, Block

Policies (/iot-guard/policies)

Vendor classification rules:

  • View/add/delete vendor rules
  • Configure OUI prefix, pattern, class, risk level
  • Device class reference table

Settings (/iot-guard/settings)

Configuration options:

  • Enable/disable service
  • Scan interval
  • Auto-isolation threshold
  • Anomaly detection sensitivity
  • Zone policy (block LAN, allow internet, bandwidth limit)
  • Allowlist/blocklist management

RPCD Methods

Method Description
status Dashboard stats
get_devices List devices (optional filter)
get_device Device detail with cloud map
get_anomalies Recent anomaly events
get_vendor_rules List classification rules
get_cloud_map Device cloud dependencies
scan Trigger network scan
isolate_device Move device to IoT zone
trust_device Add to allowlist
block_device Block device
add_vendor_rule Add classification rule
delete_vendor_rule Delete classification rule

Public Access

The overview and device list are available publicly via the unauthenticated ACL group.

Dependencies

  • secubox-iot-guard
  • luci-base

License

GPL-3.0