Changelog - mrhenrike/MikrotikAPI-BF GitHub Wiki
Language: English Β· PortuguΓͺs (pt-BR)
- 100 CVE/EDB database entries β comprehensive MikroTik vulnerability coverage (2008β2025)
-
97 executable exploit classes β all invocable via
--run-exploit <CVE_ID>or--scan-cve --all-cves - VU#375660 formal entry β author's own brute-force rate-limiting vulnerability (CERT/CC VINCE)
- 2020 memory corruption series β 21 CVEs covering NULL pointer deref, OOB write, memcorrupt in console, graphing, sniffer, resolver, lcdstat, wireless, dot1x, bfd, igmp-proxy, detnet, diskd, mactel, netwatch, traceroute
- Legacy CVE coverage β CVE-2017-17537/17538, CVE-2015-2350, CVE-2012-6050, CVE-2008-6976
- 13 EDB entries synced β EDB-31102, EDB-6366, EDB-44283/44284, EDB-44450, EDB-43317, EDB-41752, EDB-41601, EDB-28056, EDB-24968, EDB-18817, EDB-52366, EDB-48474, EDB-39817
- New exploit classes β DNS cache poisoning (CVE-2019-3979), FTP .rsc overwrite (CVE-2021-27221), Winbox username enumeration (CVE-2024-54772), VXLAN bypass (CVE-2025-6443), DHCPv6 pre-auth RCE (CVE-2023-32154/ZDI-23-717), Bridge2 OOB write, REST ACL bypass, IPv6 FW bypass, Hotspot XSS, L2TP downgrade, and more
-
--auditβ Full 8-phase automated security audit via REST API: system enumeration, service mapping, credential audit, injection testing, Winbox probing, SNMP analysis, debug endpoint discovery, firewall audit -
--run-exploit <CVE_ID>β Run any registered exploit PoC directly by ID -
SARIF v2.1.0 export β
--export sariffor CI/CD pipeline integration (GitHub Code Scanning, Azure DevOps) -
Interactive CLI β new
run <CVE_ID> <target>andaudit <target>REPL commands -
xpl/auditor.pyβ 8-phase MikroTik security auditor (ported from Embedded-Firmware-Research)
- 4 new exploit classes: SSH jailbreak (MIKROTIK-JAILBREAK-001), Winbox credential decryption (CVE-2018-14847-DECRYPT), scheduler command injection (MIKROTIK-CONFIG-004), REST path traversal (MIKROTIK-CONFIG-005)
-
core/apiros_client.pyβ Alternative RouterOS API client with full binary protocol, MD5 challenge/response, and anonymous DH SSL -
tools/binary_analysis.pyβ Offline firmware binary analysis (LIEF ELF parsing + Capstone disassembly) - Total: 100 exploit classes
-
8 new CVEs in
cve_db.py: CVE-2025-61481, CVE-2025-10948, MIKROTIK-CONFIG-003, CVE-2017-20149, CVE-2019-3981, CVE-2020-5720, CVE-2022-45313, CVE-2025-6563 - 3 new exploit classes: WebFig HTTP credential exposure (CVE-2025-61481), REST API stack buffer overflow RCE (CVE-2025-10948), SSRF via /rest/tool/fetch (MIKROTIK-CONFIG-003)
-
NSE auto-installer β copies NSE scripts to Nmap on Windows/Linux/macOS during
pip install -
--install-nseflag andmikrotikapi-install-nseCLI entry point -
300-thread support β
--threads Nup to 300 with--high-threadsdisclaimer -
Delay profiles β
--delay-mode high|balanced|stealth|custom - GitHub Actions β OIDC trusted publishing to PyPI
-
setup.pypost-install hook for NSE scripts
-
Modular architecture: Refactored into
core/,modules/,xpl/packages - CVE/NVD integration: Automatic vulnerability lookup via NVD REST API v2
- Shodan integration: Enhanced fingerprinting with Shodan internet scan data
- Proxy/SOCKS5 support: Route attacks through Tor or any SOCKS5/HTTP proxy
-
Retry logic: Configurable exponential backoff (
core/retry.py) -
xpl/package: CVE database, known RouterOS exploits, vulnerability scanner - Fixed: Telnet validation broken on Python 3.12
- Persistent sessions (resume, ETA, duplicate avoidance)
- Stealth mode (Fibonacci delays, User-Agent rotation)
- Advanced fingerprinting (RouterOS version, board model, serial)
- Post-login validation for FTP, SSH, Telnet
- Multi-format export (JSON, CSV, XML, TXT)
- Progress bar with ETA and rolling average rate
- Complete rewrite with modular codebase
- Network discovery, YAML config support, unit tests
- Initial release, basic RouterOS API brute force
See also: Features Β· Installation