routeros: RouterOS Security Research Tooling and Proof of Concepts

RouterOS Security

RouterOS Security Research

This repository contains various tools and exploits developed while performing security research on MikroTik’s RouterOS. The various projects are broken up into the following subdirectories:

  • 8291_honeypot: A honeypot that listens for Winbox messages.
  • 8291_scanner: A scanner that attempts to talk Winbox to a provided list of IP addresses.
  • brute_force: A couple of tools for guessing the admin password on the winbox and www interfaces.
  • cleaner_wrasse: A tool to enable the devel backdoor on the majority of RouterOS releases.
  • common: Winbox and JSProxy implementations used across multiple projects.
  • modify_npk: A tool that overwrites an NPK’s squashfs section with a new squashfs.
  • msg_re: Tools for discovering Winbox message routing and handlers.
  • pcap_parsers: Various tools that parse Winbox or JSProxy pcap files.
  • poc: Proof of concept exploits.
  • slides: Slides from talks given on this repositories material.
  • tests: A set of unit tests that test the Winbox/JSProxy implementations

RouterOS Security

For much more detail drill down into the individual directories.

Download

Copyright 2018-2019 Tenable, Inc.