Fingerprinting - mrhenrike/MikrotikAPI-BF GitHub Wiki

Fingerprinting

Language: English · Português (pt-BR)

Non-destructive device fingerprinting before any attack — understand what you're targeting.

Usage

# Fingerprint only (no attack)
python mikrotikapi-bf.py -t 192.168.88.1 --fingerprint

# Fingerprint + CVE lookup (requires NVD API key in config.json)
python mikrotikapi-bf.py -t 192.168.88.1 --fingerprint --nvd

# Fingerprint as part of an attack (auto-prefill wordlist with discovered serial)
python mikrotikapi-bf.py -t 192.168.88.1 -d combos.txt --fingerprint --progress

What Is Detected

Field Source Example
RouterOS version API banner, HTTP header, Winbox 7.12.1
Hardware model SNMP sysDescr, API RouterBOARD 450Gx4
Board serial API /system/routerboard, HTTP EWS HF507ABCDE12
Architecture Model string parsing MIPS, ARM, x86
Open ports TCP connect scan 22, 23, 80, 8291, 8728
Enabled services RouterOS /ip/service api, ftp, ssh, telnet, www
Risk score Firmware age + CVE count 8.2 / 10 (High)

Fingerprint Sources

1. RouterOS API Banner

The first response from port 8728 includes the RouterOS version in plaintext before any authentication.

2. Winbox Port (8291)

Winbox sends a device description packet before authentication, including board name and RouterOS version.

3. HTTP / EWS Headers

Port 80/443 returns Server: Mikrotik HttpProxy and the board name in the HTML.

4. SNMP sysDescr

sysDescr: RouterOS RB450Gx4 CHR

CVE Lookup

When --nvd is specified (or nvd.api_key is set in config.json):

  1. Detected RouterOS version is matched against NVD CPE database: cpe:2.3:o:mikrotik:routeros:7.12.1:*
  2. All matching CVEs are retrieved with CVSS score and description
  3. Known RouterOS CVEs in local xpl/cve_db.py are always checked (offline)

Example output:

[FINGERPRINT] 192.168.88.1
  RouterOS  : 7.12.1
  Board     : RouterBOARD 450Gx4
  Serial    : HF507ABCDE12
  Arch      : MIPS
  Open ports: 22/tcp, 80/tcp, 8291/tcp, 8728/tcp
  Services  : api, www, ssh, winbox
  Risk score: 7.8 (High)

[CVE]
  CVE-2023-30799  CVSS 9.1  Privilege escalation via /nova endpoint
  CVE-2022-45315  CVSS 8.8  Buffer overflow in Winbox handler

See also: Features · Usage Examples · API Reference