tenable/routeros

This repository has been archived on 13/Aug/2024
Stars
866
Rank 52,675 (Top 2 %)
Language
C++
License
BSD 3-Clause "New...
Created about 6 years ago
Updated almost 2 years ago

tenable/routeros

tenable

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

RouterOS Security Research Tooling and Proof of Concepts

RouterOS Security Research

This repository contains various tools and exploits developed while performing security research on MikroTik's RouterOS. The various projects are broken up into the following subdirectories:

8291_honeypot: A honeypot that listens for Winbox messages.
8291_scanner: A scanner that attempts to talk Winbox to a provided list of IP addesses.
brute_force: A couple of tools for guessing the admin password on the winbox and www interfaces.
cleaner_wrasse: A tool to enable the devel backdoor on the majority of RouterOS releases.
common: Winbox and JSProxy implementations used across multiple projects.
modify_npk: A tool that overwrites an NPK's squashfs section with a new squashfs.
msg_re: Tools for discovering Winbox message routing and handlers.
pcap_parsers: Various tools that parse Winbox or JSProxy pcap files.
poc: Proof of concept exploits.
slides: Slides from talks given on this repositories material.
tests: A set of unit tests that test the Winbox/JSProxy implementations

For much more detail drill down into the individual directories.

Compilation Requirements

Almost everything here is written in C++ (there are only two exceptions). In order to compile everything you'll need:

cmake
Boost 1.66 or higher

For a couple of projects you'll also need:

libpcap-dev
libgeoip-dev
libgtest-dev
Geolite2++
libmaxminddb

Each project should contain specific instructions but, in general, the following should be sufficient.

mkdir build
cd ./build/
cmake ..
make

Submitting an Issue

When submitting an issue, please ensure that you have included sufficient information to reproduce the issue. Test files, pcaps, and step by step guides are always welcome. Also, please keep in mind that we only support the following OS:

Ubuntu 19.04+

Submitting a Pull Request

When submitting a pull request, please try to provide proof that you tested your work. Indicate how I can test it and perhaps most importantly, please try to not to stray from my coding style... as terrible as it is.

License

This repository is released under the 3-clause BSD license. See the LICENSE file for details.

Other Projects

There are other researchers doing neat RouterOS work. Here are a few I know of:

terrascan

Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.

poc

Proof of Concepts

nessrest

A python library for using the new Nessus REST API.

awesome-llm-cybersecurity-tools

A curated list of large language model tools for cybersecurity research.

pyTenable

Python Library for interfacing into Tenable's platform APIs

ghidra_tools

A collection of Ghidra scripts, including the GPT-3 powered code analyser and annotator, G-3PO.

cnappgoat

CNAPPgoat is an open source project designed to modularly provision vulnerable-by-design components in cloud environments.

access-undenied-aws

Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps. Open-sourced by Ermetic.

pi_sniffer

The pocket-sized wireless sniffer

router_badusb

BadUSB in Routers

upnp_info

A simple script for discovery and analysis of UPnP servers

esp32_image_parser

A toolkit for helping you reverse engineer ESP32 firmware.

DiscordClient

EscalateGPT

An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.

KaiMonkey

KaiMonkey provides vulnerable infrastructure as code (IaC) to help explore and understand common cloud security threats exposed via IaC.

Burp-extension-for-GPT

an extension for Burp Suite to allow researchers to utilize GPT for analys is of HTTP requests and responses

Posh-Nessus

PowerShell Module for automating Tenable Nessus Vulnerability Scanner.

Tenable.io-SDK-for-Python

Tenable.io SDK offers a scalable and safe way to integrate with the Tenable.io platform.

audit_scripts

Scripts to help work with configuration audit files

integration-jira-cloud

yara-rules

Repository of yara rules

terrascan-action

Terrascan GitHub action. Scan infrastructure as code including Terraform, Kubernetes, Helm, and Kustomize file for security best practices.

nasl

A parser for NASL.

flask-logging-demo

Demo files for 'The Boring Stuff - Flask Logging' blog post

mIDA

audit_files

Nessus Audit files

Security-Hub

For use in our Tenable.IO to AWS Security Hub integration

terrascan-rego-editor

Visual Studio Code extension for writing Terrascan Rego policies

hidden-services-revealer

nasldoc

A documentation generator for NASL.

cnappgoat-scenarios

This repository provides a comprehensive collection of Pulumi scenarios utilized by cnappgoat

accurics-action

The Accurics GitHub Action scans Infrastructure as Code files checked into the respository to help ensure that cloud resources are secure and compliant from creation.

pedant

A static analysis framework for NASL.

sublimetext-nasl

Kastle

A purely functional, effectful, resource-safe, kafka library for Scala

csup

Tenable.io Container Security Uploading and Reporting Commandline Tool

microfrontend-demo-app

SinCity

integration-asc

vim-nasl

Vim extensions for programming in NASL

runterrascan.io

cloud-security-training

golden-ami-pipeline-with-tenable-sample

The golden AMI pipeline enables creation, distribution, verification, launch-compliance, and decommissioning of the golden AMI out of the box. This version of the pipeline integrates with Tenable.io for vulnerability assessments.

container-security-action

Tenable's Container security action which helps scan docker images.

cloud-security-actions

notepadpp-nasl

integration-cef

was-action

Github action to trigger WAS

entra-id-federation-abuse-research-required-roles

cloud-snapshot-automation

Templates for creating Cloud Snapshots

splunk-app-pvs

This app provides Splunk dashboards and reporting for Tenable PVS

integrations-ibm-cloudpak-for-security

Tenable.ad-EventsLogs-Subscriber

Tenable.ad IOA module event logs listener

emacs-nasl

UncoverDCShadow

integration-cscc

Tenable.io to Google Cloud Security Command Center Bridge

tenablecs_demo

WSUSpendu

asm-python-examples

Bit Discovery REST API scripts

labs

asm-asset-importer

Scripts to integrate BitDiscovery data with Tenable

accurics-vscode

nasl-layer

Spacemacs layer for NASL

atom-grammar-nessuskb

Grammar file for Nessus KB files.

accurics-orb

The Accurics CircleCI Orb scans IaC (Infrastructure as Code) to help identify vulnerabilities prior to cloud deployment.

helm-charts