RouterOS Security Research

This repository contains various tools and exploits developed while performing security research on MikroTik’s RouterOS. The various projects are broken up into the following subdirectories:

• 8291_honeypot: A honeypot that listens for Winbox messages.
• 8291_scanner: A scanner that attempts to talk Winbox to a provided list of IP addresses.
• brute_force: A couple of tools for guessing the admin password on the winbox and www interfaces.
• cleaner_wrasse: A tool to enable the devel backdoor on the majority of RouterOS releases.
• common: Winbox and JSProxy implementations used across multiple projects.
• modify_npk: A tool that overwrites an NPK’s squashfs section with a new squashfs.
• msg_re: Tools for discovering Winbox message routing and handlers.
• pcap_parsers: Various tools that parse Winbox or JSProxy pcap files.
• poc: Proof of concept exploits.
• slides: Slides from talks given on this repositories material.
• tests: A set of unit tests that test the Winbox/JSProxy implementations

For much more detail drill down into the individual directories.

Download

Copyright 2018-2019 Tenable, Inc.