/bamf

BAMF (Backdoor Access Machine Farmer)

Primary LanguagePythonGNU General Public License v3.0GPL-3.0

logo

BAMF (Backdoor Access Machine Farmer)

license version

DISCLAIMER: This project should be used for authorized testing and educational purposes only.

BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover vulnerable routers, then utilize detected backdoors/vulnerabilities to remotely access the router administration panel and modify the DNS server settings.

Changing the primary DNS server of a router hijacks the domain name resolution process, enabling an attacker to target every device on the network simultaneously to spread malware with drive-by downloads and harvest credentials via malicious redirects to fraudulent phishing sites.

Currently the only vulnerability detected and exploited is CVE-2013-6026, commonly known as Joel's Backdoor, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link, one of the world's largest manufacturers of routers for home and business.

This project is still under development and will soon have a more modular design, making it easier for other developers to add detection & exploitation features for other vulnerabilities.

Installation

  1. Download or clone the repository (git clone https://github.com/malwaredllc/bamf)
  2. Install the required Python packages (pip install -r bamf/requirements.txt)
  3. Create a free Shodan account at https://account.shodan.io/register
  4. Configure BAMF to use your Shodan API key (python bamf.py [--shodan API])

Usage

  • Use the search command to search the internet for potential
  • Use the scan command to scan the target routers for backdoors
  • Use the map command to map the networks of devices connected to vulnerable routers
  • Use the pharm command to change the DNS settings of vulnerable routers
  • Use the targets command to view potential targets discovered this session
  • Use the backdoors command to view routers with a confirmed backdoor
  • Use the devices command to view all devices connected to vulnerable routers

To Do

Contributors welcome!Feel free to issue pull-requests with any new features or improvements you have come up with!

  1. Look into using an online vulnerability database API to enable cross-referencing responses from the Shodan IoT search engine with signatures of backdoors/vulnerabilities
  2. Change to modular design to make it easier for other developers to add detection & exploitation features for other vulnerabilities
  3. Integrate BAMF into the BYOB framework as a distribution mechanism to maximize spreading potential

Contact

Website: https://malwared.com

Email: security@malwared.com

Twitter: twitter