Home - mrhenrike/MikrotikAPI-BF GitHub Wiki
MikrotikAPI-BF Wiki
RouterOS Attack & Exploitation Framework — v3.10.0
Welcome to the official MikrotikAPI-BF documentation wiki.
Language / Idioma: English · Português (pt-BR)
Pages
| Page | Description |
|---|---|
| Installation | Prerequisites, virtual environment, dependencies |
| Quick Start | First attack in 60 seconds |
| Complete Usage Guide | All 50+ CLI flags with examples |
| Usage Examples | Real-world scenarios and pentest workflows |
| API Reference | CLI flags, arguments, and return codes |
| Features | All features: CVE scanner, audit mode, stealth, sessions, export, decoders, NSE |
| Stealth Mode | Fibonacci delays, User-Agent rotation |
| Fingerprinting | Device fingerprinting and risk scoring |
| Sessions | Persistent sessions, resume, ETA |
| Export | JSON, CSV, XML, TXT, SARIF export |
| Verbose Guide | Verbosity levels explained |
| Changelog | Version history |
| EDB-Exploit-Coverage | All 100 CVE/EDB exploits documented with PoC usage |
| Audit Report | Generate pentest audit reports and SARIF output |
Quick Reference
# Single credential test
python mikrotikapi-bf.py -t 192.168.88.1 -U admin -P admin
# Wordlist attack
python mikrotikapi-bf.py -t 192.168.88.1 -u users.txt -p passwords.txt --progress
# Multi-target from file
python mikrotikapi-bf.py -T targets.lst -d combos.txt --threads 20 --high-threads
# Full CVE scan (authenticated)
python mikrotikapi-bf.py -t 192.168.88.1 --scan-cve --all-cves -U admin -P pass
# Run specific exploit by CVE ID (v3.10.0+)
python mikrotikapi-bf.py -t 192.168.88.1 --run-exploit CVE-2018-14847
# Full 8-phase security audit with SARIF export (v3.10.0+)
python mikrotikapi-bf.py -t 192.168.88.1 --audit --export sarif -U admin -P pass
# Stealth + export
python mikrotikapi-bf.py -t 192.168.88.1 -d combos.txt --stealth --export-all
# Decode user.dat after CVE-2018-14847
python mikrotikapi-bf.py --decode-userdat user.dat --decode-useridx user.idx
# Layer-2 MAC-Server attack
python mikrotikapi-bf.py --mac-discover --mac-brute -d passwords.lst
# Install NSE scripts to Nmap
mikrotikapi-install-nse
Key Features (v3.10.0)
- 100 CVE/EDB exploit classes — CVE scanner + Exploit-DB PoC coverage + novel research
- 8-phase automated security audit —
--auditvia REST API (system, services, creds, injection, Winbox, SNMP, debug, firewall) - Direct exploit execution —
--run-exploit CVE-IDruns any registered PoC by ID - SARIF v2.1.0 export —
--export sariffor CI/CD pipeline integration - Modular architecture —
core/,modules/,xpl/,tools/,nse/packages - Nmap NSE scripts — 8 scripts auto-installed to Nmap on pip install
- MAC-Server / Layer-2 — MNDP discovery + MAC-Telnet brute (v3.3.0+)
- Offline decoders — user.dat, .backup, supout.rif, NPK analyzer
- Binary firmware analysis — ELF parsing, security features, dangerous imports (LIEF + Capstone)
- 300-thread support —
--threads Nup to 300 with--high-threads - pip install —
pip install mikrotikapi-bf - Stealth mode — Fibonacci delays + User-Agent rotation
- Persistent sessions — Resume interrupted attacks, ETA
- Multi-format export — JSON, CSV, XML, TXT, SARIF
- Proxy/SOCKS5 — Route through Tor or any SOCKS5 proxy
Available Languages
| Language | Home page |
|---|---|
| English (default) | Home |
| Português (pt-BR) | Home-pt-BR |
Author: Andre Henrique · @mrhenrike · LinkedIn · X/Twitter