All Projects → tenable → Routeros

tenable / Routeros

Licence: bsd-3-clause
RouterOS Security Research Tooling and Proof of Concepts

Projects that are alternatives of or similar to Routeros

Ddos Rootsec
DDOS Archive by RootSec (Scanners, BotNets (Mirai and QBot Premium & Normal and more), Exploits, Methods, Sniffers)
Stars: ✭ 108 (-82.09%)
Mutual labels:  scanner, honeypot
exploits
Some personal exploits/pocs
Stars: ✭ 52 (-91.38%)
Mutual labels:  exploits, poc
Ladon
大型内网渗透扫描器&Cobalt Strike,Ladon8.9内置120个模块,包含信息收集/存活主机/端口扫描/服务识别/密码爆破/漏洞检测/漏洞利用。漏洞检测含MS17010/SMBGhost/Weblogic/ActiveMQ/Tomcat/Struts2,密码口令爆破(Mysql/Oracle/MSSQL)/FTP/SSH(Linux)/VNC/Windows(IPC/WMI/SMB/Netbios/LDAP/SmbHash/WmiHash/Winrm),远程执行命令(smbexec/wmiexe/psexec/atexec/sshexec/webshell),降权提权Runas、GetSystem,Poc/Exploit,支持Cobalt Strike 3.X-4.0
Stars: ✭ 2,911 (+382.75%)
Mutual labels:  scanner, poc
K8cscan
K8Cscan大型内网渗透自定义插件化扫描神器,包含信息收集、网络资产、漏洞扫描、密码爆破、漏洞利用,程序采用多线程批量扫描大型内网多个IP段C段主机,目前插件包含: C段旁注扫描、子域名扫描、Ftp密码爆破、Mysql密码爆破、Oracle密码爆破、MSSQL密码爆破、Windows/Linux系统密码爆破、存活主机扫描、端口扫描、Web信息探测、操作系统版本探测、Cisco思科设备扫描等,支持调用任意外部程序或脚本,支持Cobalt Strike联动
Stars: ✭ 693 (+14.93%)
Mutual labels:  scanner, poc
K8tools
K8工具合集(内网渗透/提权工具/远程溢出/漏洞利用/扫描工具/密码破解/免杀工具/Exploit/APT/0day/Shellcode/Payload/priviledge/BypassUAC/OverFlow/WebShell/PenTest) Web GetShell Exploit(Struts2/Zimbra/Weblogic/Tomcat/Apache/Jboss/DotNetNuke/zabbix)
Stars: ✭ 4,173 (+592.04%)
Mutual labels:  scanner, poc
Web exploit detector
The Web Exploit Detector is a Node.js application used to detect possible infections, malicious code and suspicious files in web hosting environments
Stars: ✭ 81 (-86.57%)
Mutual labels:  scanner, exploits
PXXTF
Framework For Exploring kernel vulnerabilities, network vulnerabilities ✨
Stars: ✭ 23 (-96.19%)
Mutual labels:  scanner, exploits
Hisilicon Dvr Telnet
PoC materials for article https://habr.com/en/post/486856/
Stars: ✭ 101 (-83.25%)
Mutual labels:  poc, exploits
Api
Vulners Python API wrapper
Stars: ✭ 313 (-48.09%)
Mutual labels:  scanner, exploits
Xunfeng
巡风是一款适用于企业内网的漏洞快速应急,巡航扫描系统。
Stars: ✭ 3,131 (+419.24%)
Mutual labels:  scanner, exploits
Exploits
Exploits by 1N3 @CrowdShield @xer0dayz @XeroSecurity
Stars: ✭ 154 (-74.46%)
Mutual labels:  poc, exploits
Securitymanageframwork
Security Manage Framwork is a security management platform for enterprise intranet, which includes asset management, vulnerability management, account management, knowledge base management, security scanning automation function modules, and can be used for internal security management. This platform is designed to help Party A with fewer security personnel, complicated business lines, difficult periodic inspection and low automation to better achieve internal safety management.
Stars: ✭ 378 (-37.31%)
Mutual labels:  scanner, exploits
Awesome Csirt
Awesome CSIRT is an curated list of links and resources in security and CSIRT daily activities.
Stars: ✭ 132 (-78.11%)
Mutual labels:  poc, exploits
Routersploit
Exploitation Framework for Embedded Devices
Stars: ✭ 9,866 (+1536.15%)
Mutual labels:  scanner, exploits
Poc Exploits
Select proof-of-concept exploits for software vulnerabilities to aid in identifying and testing vulnerable systems.
Stars: ✭ 111 (-81.59%)
Mutual labels:  poc, exploits
Sec Admin
分布式资产安全扫描核心管理系统(弱口令扫描,漏洞扫描)
Stars: ✭ 222 (-63.18%)
Mutual labels:  scanner, exploits
Exploits
Miscellaneous exploit code
Stars: ✭ 1,157 (+91.87%)
Mutual labels:  poc, exploits
NSE-scripts
NSE scripts to detect CVE-2020-1350 SIGRED and CVE-2020-0796 SMBGHOST, CVE-2021-21972, proxyshell, CVE-2021-34473
Stars: ✭ 105 (-82.59%)
Mutual labels:  scanner, poc
Ladongo
Ladon Pentest Scanner framework 全平台LadonGo开源内网渗透扫描器框架,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBanner/HttpTitle/TcpBanner/Weblogic/Oxid多网卡主机,端口扫描服务识别PortScan。
Stars: ✭ 366 (-39.3%)
Mutual labels:  scanner, poc
Hacking
hacker, ready for more of our story ! 🚀
Stars: ✭ 413 (-31.51%)
Mutual labels:  scanner, poc

RouterOS Security Research

This repository contains various tools and exploits developed while performing security research on MikroTik's RouterOS. The various projects are broken up into the following subdirectories:

  • 8291_honeypot: A honeypot that listens for Winbox messages.
  • 8291_scanner: A scanner that attempts to talk Winbox to a provided list of IP addesses.
  • brute_force: A couple of tools for guessing the admin password on the winbox and www interfaces.
  • cleaner_wrasse: A tool to enable the devel backdoor on the majority of RouterOS releases.
  • common: Winbox and JSProxy implementations used across multiple projects.
  • modify_npk: A tool that overwrites an NPK's squashfs section with a new squashfs.
  • msg_re: Tools for discovering Winbox message routing and handlers.
  • pcap_parsers: Various tools that parse Winbox or JSProxy pcap files.
  • poc: Proof of concept exploits.
  • slides: Slides from talks given on this repositories material.
  • tests: A set of unit tests that test the Winbox/JSProxy implementations

For much more detail drill down into the individual directories.

Compilation Requirements

Almost everything here is written in C++ (there are only two exceptions). In order to compile everything you'll need:

  • cmake
  • Boost 1.66 or higher

For a couple of projects you'll also need:

Each project should contain specific instructions but, in general, the following should be sufficient.

mkdir build
cd ./build/
cmake ..
make

Submitting an Issue

When submitting an issue, please ensure that you have included sufficient information to reproduce the issue. Test files, pcaps, and step by step guides are always welcome. Also, please keep in mind that we only support the following OS:

  • Ubuntu 19.04+

Submitting a Pull Request

When submitting a pull request, please try to provide proof that you tested your work. Indicate how I can test it and perhaps most importantly, please try to not to stray from my coding style... as terrible as it is.

License

This repository is released under the 3-clause BSD license. See the LICENSE file for details.

Other Projects

There are other researchers doing neat RouterOS work. Here are a few I know of:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].