Tool for auditing Mikrotik routers, searching for vulnerabilities and information about the target device.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
MKX - Mikrotik Exploit
MKX is a tool for auditing Mikrotik routers, searching for vulnerabilities and information about the target device.
To find vulnerabilities in Mikrotik devices on the network, MKX can scan target devices using protocols such as MNDP and SNMP, seeking information about the hardware and RouterOS of the devices. The information obtained here can be of great value to anyone analyzing network security. For example, you can find out the firmware version of the device, and then search for any CVEs for this specific version. But below you will see that MKX already implements attacks from some known CVEs.
[!WARNING] This vulnerability analysis script is provided "as is" and is intended solely for educational, research, and testing purposes in controlled environments with proper authorization. Before running this script, please ensure that you have the necessary permission to perform security testing on the target devices. The responsibility for using this script lies entirely with the user. The author is not responsible for any damages, losses, or legal consequences arising from improper or unauthorized use of this code.
Features
Obtaining Information
- Discovery of Mikrotik devices on the local network through the MikroTik Neighbor Discovery (MNDP) protocol that runs on UDP port 5678.
- Obtaining information from a specific Mikrotik device or all devices in an IP range using the SNMP protocol.
Attacks
- PoC of CVE-2018-14847 that allows obtaining user credentials in vulnerable versions of RouterOS.
- DDoS attack by sending packets to all ports randomly or to a specific port.
- Attack that crashes the web interface of RouterOS versions 6 > 6.49.10 - CVE-2023-30800.
Running
You can install MKX with your preferred Python package manager, here we will use pipx:
pipx install mkx
If you don't want to install the tool on your machine, you can run a docker container with MKX already pre-installed:
docker run -it --name mkx ghcr.io/henriquesebastiao/mkx:latest
[!NOTE] When using the docker version, if you want to run features that listen to devices on your local network, run the container with the
--network hostoption.
Now you can run MKX and start learning how to use it. Get a list of possible commands with:
mkx --help
# Or even the explanation of a specific command
# mkx [COMMAND] --help
For detailed information on how to use the tool, see the Wiki.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mkx-0.1.1.tar.gz.
File metadata
- Download URL: mkx-0.1.1.tar.gz
- Upload date:
- Size: 24.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
88058e5243691a61672077d7510ec5d54dc79689e34c9d3ce919361e85d4ac9e
|
|
| MD5 |
9f5f7303d1d17d0cb3aeef666d717395
|
|
| BLAKE2b-256 |
30a6c7b1c6d81222b968389f4f1d200d2dafc13cf199a27111a12999ecf914f0
|
Provenance
The following attestation bundles were made for mkx-0.1.1.tar.gz:
Publisher:
build.yml on henriquesebastiao/mkx
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mkx-0.1.1.tar.gz -
Subject digest:
88058e5243691a61672077d7510ec5d54dc79689e34c9d3ce919361e85d4ac9e - Sigstore transparency entry: 737912847
- Sigstore integration time:
-
Permalink:
henriquesebastiao/mkx@cff5b83b4bd8825765316f32a8b04637fc2cf585 -
Branch / Tag:
refs/tags/0.1.1 - Owner: https://github.com/henriquesebastiao
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
build.yml@cff5b83b4bd8825765316f32a8b04637fc2cf585 -
Trigger Event:
push
-
Statement type:
File details
Details for the file mkx-0.1.1-py3-none-any.whl.
File metadata
- Download URL: mkx-0.1.1-py3-none-any.whl
- Upload date:
- Size: 28.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ea23d562e98ac7f9c765a5c198543a967777b41c1848a8d22283eef602e22bf7
|
|
| MD5 |
e1c5e409c33fe75d7e7a33b38ab25f73
|
|
| BLAKE2b-256 |
14c948414d7745de5f654b8841a7329a5849565388b11ada95bda09f1e80b3de
|
Provenance
The following attestation bundles were made for mkx-0.1.1-py3-none-any.whl:
Publisher:
build.yml on henriquesebastiao/mkx
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mkx-0.1.1-py3-none-any.whl -
Subject digest:
ea23d562e98ac7f9c765a5c198543a967777b41c1848a8d22283eef602e22bf7 - Sigstore transparency entry: 737912848
- Sigstore integration time:
-
Permalink:
henriquesebastiao/mkx@cff5b83b4bd8825765316f32a8b04637fc2cf585 -
Branch / Tag:
refs/tags/0.1.1 - Owner: https://github.com/henriquesebastiao
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
build.yml@cff5b83b4bd8825765316f32a8b04637fc2cf585 -
Trigger Event:
push
-
Statement type:
