CLI for exploring IoT and network devices.
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
MKX - Exploration of IoT and network devices
MKX is a tool for auditing IoT and network devices, searching for vulnerabilities and information about the target device. Originally developed to obtain information from MikroTik devices, new functionalities have been added that can be useful for analyzing a wide variety of devices and protocols.
To find vulnerabilities in MikroTik devices on the network, MKX can scan target devices using protocols such as MNDP and SNMP, seeking information about the hardware and RouterOS of the devices. The information obtained here can be of great value to anyone analyzing network security. For example, you can find out the firmware version of the device, and then search for any CVEs for this specific version. But below you will see that MKX already implements attacks from some known CVEs.
[!WARNING] This vulnerability analysis script is provided "as is" and is intended solely for educational, research, and testing purposes in controlled environments with proper authorization. Before running this script, please ensure that you have the necessary permission to perform security testing on the target devices. The responsibility for using this script lies entirely with the user. The author is not responsible for any damages, losses, or legal consequences arising from improper or unauthorized use of this code.
⚡ Features
Obtaining Information
- Discovery of MikroTik devices on the local network through the MikroTik Neighbor Discovery (MNDP) protocol that runs on
UDPport5678. - Obtaining information from a specific MikroTik device or all devices in an IP range using the SNMP protocol.
- Obtain information from devices running the Simple Service Discovery Protocol (SSDP) and Universal Plug and Play (UPnP) protocols.
Attacks
- PoC of CVE-2018-14847 that allows obtaining user credentials in vulnerable versions of RouterOS.
- DDoS attack by sending packets to all ports randomly or to a specific port.
- Attack that crashes the web interface of RouterOS versions 6 > 6.49.10 - CVE-2023-30800.
✨ Running
You can install MKX with your preferred Python package manager, here we will use pipx:
pipx install mkx
If you don't want to install the tool on your machine, you can run a docker container with MKX already pre-installed:
docker run -it --name mkx ghcr.io/henriquesebastiao/mkx:latest
[!NOTE] When using the docker version, if you want to run features that listen to devices on your local network, run the container with the
--network hostoption.
📃 Getting help
Now you can run MKX and start learning how to use it. Get a list of possible commands with:
mkx --help
# Or even an explanation of a specific command or subcommand.
mkx [COMMAND] --help
MKX is developed using the Typer library, so you'll have a CLI that, as the Typer developers say, "You'll love using!" ✨.
Main commands
When you run mkx --help you will see the main available commands separated into groups, the two main ones being:
Exploit- Commands to execute specific attacks.OSINT - Obtaining Information- Commands for obtaining information about devices and services on the network.
$ mkx --help
Usage: mkx [OPTIONS] COMMAND [ARGS]...
Tool for auditing MikroTik routers, searching for vulnerabilities and information about the
target device.
╭─ Options ──────────────────────────────────────────────────────────────────────────────────╮
│ --version -v Returns the version of mkx. │
│ --install-completion Install completion for the current shell. │
│ --show-completion Show completion for the current shell, to copy it or │
│ customize the installation. │
│ --help Show this message and exit. │
╰────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ About ────────────────────────────────────────────────────────────────────────────────────╮
│ doc Open the project repository on GitHub. │
╰────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Exploits ─────────────────────────────────────────────────────────────────────────────────╮
│ exploit Search for credentials of a RouterOS v6.42 vulnerable (CVE-2018-14847). │
│ ddos Perform targeted DDoS attacks on devices. │
│ kill-web-server Attack that crashes the web interface of RouterOS versions 6 > 6.49.10 │
│ (CVE-2023-30800). │
╰────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ OSINT - Obtaining Information ────────────────────────────────────────────────────────────╮
│ mikrotik Search for devices on the network via MikroTik Neighbor Discovery │
│ (MNDP). │
│ snmp Get information via SNMP from devices with default community (public). │
│ upnp Explore devices on the network with the Universal Plug and Play (UPnP) │
│ port open. │
╰────────────────────────────────────────────────────────────────────────────────────────────╯
The mkx commands can contain subcommands; you can also use the --help flag to run them and get information on how to execute them.
Here are some examples of subcommand help messages:
Command to discover information about devices on the network via SNMP
$ mkx snmp --help
Usage: mkx snmp [OPTIONS] TARGET [COMMUNITY] [PORT] COMMAND [ARGS]...
Get information via SNMP from devices with default community (public).
With this command it is possible to obtain various information from MikroTik devices that
have a vulnerable SNMP service.
As a target, you can pass an IP address, a network, or a grepable Nmap output file
containing the IP addresses to search.
You can scan port 161 on a network with Nmap and save the discovered hosts to a file with
the command:
sudo nmap -sU -p 161 --open -oG nmap-out.txt 192.168.88.1/24
Using Nmap to find hosts with vulnerable ports and then passing the file with the IPs to MKX
is more efficient than searching for information on all IPs on the network with mkx.
This way we will not try to search for information on addresses that do not have the SNMP
port open.
Examples:
mkx snmp 172.16.0.1
mkx snmp 172.16.0.1/24 -j
mkx snmp 172.16.0.1/24 -s
mkx snmp /home/user/nmap-out.txt
╭─ Arguments ────────────────────────────────────────────────────────────────────────────────╮
│ * target TEXT Target IP address or network, or the path to an nmap │
│ output file in grepable format, containing the target IP │
│ addresses. │
│ [required] │
│ community [COMMUNITY] Information submission community. [default: public] │
│ port [PORT] SNMP UDP port. [default: 161] │
╰────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Options ──────────────────────────────────────────────────────────────────────────────────╮
│ --json -j Saves the data obtained when searching for information on a network in │
│ a JSON file. │
│ --silent -s It does not perform verbose printing when searching for information on │
│ a network, but saves a JSON file with results at the end.. │
│ --help Show this message and exit. │
╰────────────────────────────────────────────────────────────────────────────────────────────╯
Command to perform a DDoS attack via TCP against a specific host.
$ mkx ddos tcp --help
Usage: mkx ddos tcp [OPTIONS] TARGET [PORT]
Sends arbitrary packets via TCP to the device causing CPU overload.
You can send packets to an IP address or domain, on a specific port, or on all ports from 1
to 65534 randomly.
Examples:
mkx ddos tcp 192.168.88.1
mkx ddos tcp 192.168.88.1 -rv
mkx ddos tcp 192.168.88.1 8080
mkx ddos tcp server.local
╭─ Arguments ────────────────────────────────────────────────────────────────────────────────╮
│ * target TEXT Target IP address or domain. [required] │
│ port [PORT] TCP port to be attacked. [default: 80] │
╰────────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Options ──────────────────────────────────────────────────────────────────────────────────╮
│ --random -r Attacks random ports between 1 and 65534. │
│ --verbose -v Enable verbosity. │
│ --help Show this message and exit. │
╰────────────────────────────────────────────────────────────────────────────────────────────╯
📜 License
MKX is open source software licensed under the GPL-3.0 license.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file mkx-0.2.1.tar.gz.
File metadata
- Download URL: mkx-0.2.1.tar.gz
- Upload date:
- Size: 32.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3d831c088e03c40950c0756f33e0bef2e124f4e24cce56fb6b63247813229577
|
|
| MD5 |
c2b2ee8e70387daa00c118333df73776
|
|
| BLAKE2b-256 |
40a6f70438112c8e342507be2dabf0a4a9236b309a4b6cb6497d42c1793e2214
|
Provenance
The following attestation bundles were made for mkx-0.2.1.tar.gz:
Publisher:
build.yml on henriquesebastiao/mkx
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mkx-0.2.1.tar.gz -
Subject digest:
3d831c088e03c40950c0756f33e0bef2e124f4e24cce56fb6b63247813229577 - Sigstore transparency entry: 832969742
- Sigstore integration time:
-
Permalink:
henriquesebastiao/mkx@750743add875a0bacea1740e4cd569498329ce91 -
Branch / Tag:
refs/tags/0.2.1 - Owner: https://github.com/henriquesebastiao
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
build.yml@750743add875a0bacea1740e4cd569498329ce91 -
Trigger Event:
push
-
Statement type:
File details
Details for the file mkx-0.2.1-py3-none-any.whl.
File metadata
- Download URL: mkx-0.2.1-py3-none-any.whl
- Upload date:
- Size: 35.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6111ba8ec68b4570245a35b82dc8e4e000c267fe1b41050d49c901e058091dec
|
|
| MD5 |
b7f4c9f0df37a2e9663fa0d7280bced6
|
|
| BLAKE2b-256 |
fd12b8e06abf654849fcc50f95ee131ee0f1edb65b0068a81b4225399a97c576
|
Provenance
The following attestation bundles were made for mkx-0.2.1-py3-none-any.whl:
Publisher:
build.yml on henriquesebastiao/mkx
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
mkx-0.2.1-py3-none-any.whl -
Subject digest:
6111ba8ec68b4570245a35b82dc8e4e000c267fe1b41050d49c901e058091dec - Sigstore transparency entry: 832969743
- Sigstore integration time:
-
Permalink:
henriquesebastiao/mkx@750743add875a0bacea1740e4cd569498329ce91 -
Branch / Tag:
refs/tags/0.2.1 - Owner: https://github.com/henriquesebastiao
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
build.yml@750743add875a0bacea1740e4cd569498329ce91 -
Trigger Event:
push
-
Statement type:
