Tool to scan for RouterOS (Mikrotik) forensic artifacts and vulnerabilities
Forensics tool for Mikrotik devices. Search for suspicious properties and weak security points that need to be fixed on the router.
This tool’s functionalities include the following:
- Get the version of the device and map it to CVEs
- Check for scheduled tasks
- Look for traffic redirection rules
- Look for DNS cache poisoning
- Look for default ports change
- Look for non-default users
- Look for suspicious files
- Look for proxy, socks and FW rules
Executing and arguments
The arguments:
| args | Description | Must / Optional |
|---|---|---|
-i |
The tested Mikrotik IP address | Must |
-p |
The tested Mikrotik SSH port | Must |
-u |
User name with admin Permissions | Must |
-ps |
The password of the given user name (empty password by defoult) | Optional |
-J |
Print the results as json format
|