Skip to content

Latest commit

 

History

History
21 lines (16 loc) · 1.02 KB

README.md

File metadata and controls

21 lines (16 loc) · 1.02 KB

MKBRUTUS.py

Password bruteforcer for MikroTik devices or boxes running RouterOS

AUTHORS:
Ramiro Caire - email: [email protected] / Twitter: @rcaire
Federico Massa - email: [email protected] / Twitter: @fgmassa

WEB SITES:
http://mkbrutusproject.github.io/MKBRUTUS/
https://github.com/mkbrutusproject/mkbrutus

SUMMARY:
Some boxes running Mikrotik RouterOS (3.x or newer) have the API port enabled (by default, in the port 8728/TCP) for administrative purposes instead SSH, Winbox or HTTPS (or have all of them). This is (another) attack vector as it might be possible to perform a bruteforce to obtain valid credentials if no protection is available on that port. As the API uses a specific privative protocol, some code published by the vendor was included. Python 3.x is required in order to run this tool.

DISCLAIMER:
This tool is intended only for testing Mikrotik devices security in ethical pentest or audits process. The authors are not responsible for any damages you use this tool.