Password bruteforcer for MikroTik devices or boxes running RouterOS
Switch branches/tags
Nothing to show
Clone or download
rcaire Merge pull request #4 from lisogallo/stable
[FIX] Bugfix writeStr() function in OS X environment
Latest commit ddd5f8e Apr 12, 2016
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CHANGELOG Version 1.0.2 released Mar 15, 2014
LICENSE MKBRUTUS Licence Updated Dec 25, 2013
README.md Update README.md May 31, 2015
agpl.txt MKBRUTUS Licence Updated Dec 25, 2013
mkbrutus.py Merge pull request #4 from lisogallo/stable Apr 12, 2016

README.md

MKBRUTUS.py

Password bruteforcer for MikroTik devices or boxes running RouterOS

AUTHORS:
Ramiro Caire - email: ramiro.caire@gmail.com / Twitter: @rcaire
Federico Massa - email: fmassa@vanguardsec.com / Twitter: @fgmassa

WEB SITES:
http://mkbrutusproject.github.io/MKBRUTUS/
https://github.com/mkbrutusproject/mkbrutus

SUMMARY:
Some boxes running Mikrotik RouterOS (3.x or newer) have the API port enabled (by default, in the port 8728/TCP) for administrative purposes instead SSH, Winbox or HTTPS (or have all of them). This is (another) attack vector as it might be possible to perform a bruteforce to obtain valid credentials if no protection is available on that port. As the API uses a specific privative protocol, some code published by the vendor was included. Python 3.x is required in order to run this tool.

DISCLAIMER:
This tool is intended only for testing Mikrotik devices security in ethical pentest or audits process. The authors are not responsible for any damages you use this tool.