AMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover vulnerable routers, then utilize detected backdoors/vulnerabilities to remotely access the router administration panel and modify the DNS server settings.
Changing the primary DNS server of a router hijacks the domain name resolution process, enabling an attacker to target every device on the network simultaneously to spread malware with drive-by downloads and harvest credentials via malicious redirects to fraudulent phishing sites.
Currently the only vulnerability detected and exploited is CVE-2013-6026, commonly known as Joel's Backdoor, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link, one of the world's largest manufacturers of routers for home and business.
This project is still under development and will soon have a more modular design, making it easier for other developers to add detection & exploitation features for other vulnerabilities.
Installation
Download or clone the repository (git clone https://github.com/malwaredllc/bamf)
Install the required Python packages (pip install -r bamf/requirements.txt)
Create a free Shodan account at https://account.shodan.io/register
Configure BAMF to use your Shodan API key (python bamf.py [--shodan API])
Usage
Use the search command to search the internet for potential
Use the scan command to scan the target routers for backdoors
Use the map command to map the networks of devices connected to vulnerable routers
Use the pharm command to change the DNS settings of vulnerable routers
Use the targets command to view potential targets discovered this session
Use the backdoors command to view routers with a confirmed backdoor
Use the devices command to view all devices connected to vulnerable routers
Changing the primary DNS server of a router hijacks the domain name resolution process, enabling an attacker to target every device on the network simultaneously to spread malware with drive-by downloads and harvest credentials via malicious redirects to fraudulent phishing sites.
Currently the only vulnerability detected and exploited is CVE-2013-6026, commonly known as Joel's Backdoor, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link, one of the world's largest manufacturers of routers for home and business.
This project is still under development and will soon have a more modular design, making it easier for other developers to add detection & exploitation features for other vulnerabilities.
Installation
Download or clone the repository (git clone https://github.com/malwaredllc/bamf)
Install the required Python packages (pip install -r bamf/requirements.txt)
Create a free Shodan account at https://account.shodan.io/register
Configure BAMF to use your Shodan API key (python bamf.py [--shodan API])
Usage
Use the search command to search the internet for potential
Use the scan command to scan the target routers for backdoors
Use the map command to map the networks of devices connected to vulnerable routers
Use the pharm command to change the DNS settings of vulnerable routers
Use the targets command to view potential targets discovered this session
Use the backdoors command to view routers with a confirmed backdoor
Use the devices command to view all devices connected to vulnerable routers