BAMF

DISCLAIMER: This project should be used for authorized testing and educational purposes only.

BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover routers vulnerable to CVE-2013-6026, commonly known as Joel's Backdoor, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link, one of the world's largest manufacturers of routers for home and business.

Installation

Download or clone the repository (git clone https://github.com/malwaredllc/bamf)
Install the required Python packages (pip install -r bamf/requirements.txt)
Create a free Shodan account at https://account.shodan.io/register
Configure BAMF to use your Shodan API key (python bamf.py [--shodan API])

Usage

Use the search command to search the internet for potential
Use the scan command to scan the target routers for backdoors
Use the map command to map the networks of devices connected to vulnerable routers
Use the targets command to view potential targets discovered this session
Use the backdoors command to view routers with a confirmed backdoor
Use the devices command to view all devices connected to vulnerable routers

Contact

Email: [email protected]

Twitter:

Missing module (shodan and mechanize)

Linux Kernel 4.11.3-041103-generic
Mint version 18.1.
Pip version 18.1.

After cloning bamf and installing the requirements from the txt file, the output from pip read:

Collecting shodan==1.9.0 (from -r requirements.txt (line 2))
  Downloading https://files.pythonhosted.org/packages/8a/bc/e3066547decf70a60798003bf822b71d0d23c502d77a4a6b1426b590fd0b/shodan-1.9.0.tar.gz (43kB)
    100% |████████████████████████████████| 51kB 14.5MB/s

Even though everything is up to date and the requirements were installed, I get this error:

$ python bamf.py --shodan [my shodan API key]
Traceback (most recent call last):
  File "bamf.py", line 27, in <module>
    import shodan
ImportError: No module named shodan

Then I manually installed it:

$ sudo pip install shodan
The directory '/home/ghost/.cache/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/home/ghost/.cache/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting shodan
  Downloading https://files.pythonhosted.org/packages/24/36/87e5e4cab32ffeba1c7304f7dadc00b93491bc3b3de0b599ccacfa3b3671/shodan-1.10.4.tar.gz (44kB)
    100% |████████████████████████████████| 51kB 2.9MB/s 
Collecting click (from shodan)
  Downloading https://files.pythonhosted.org/packages/fa/37/45185cb5abbc30d7257104c434fe0b07e5a195a6847506c074527aa599ec/Click-7.0-py2.py3-none-any.whl (81kB)
    100% |████████████████████████████████| 81kB 2.0MB/s 
Collecting click-plugins (from shodan)
  Downloading https://files.pythonhosted.org/packages/95/dd/fef84cf1678418f241ef542c0288bdf215bdd3e35f1fe03dc5223a2e80ba/click_plugins-1.0.4-py2.py3-none-any.whl
Collecting colorama (from shodan)
  Downloading https://files.pythonhosted.org/packages/0a/93/6e8289231675d561d476d656c2ee3a868c1cca207e16c118d4503b25e2bf/colorama-0.4.0-py2.py3-none-any.whl
Requirement already satisfied: requests>=2.2.1 in /usr/local/lib/python2.7/dist-packages (from shodan) (2.18.1)
Collecting XlsxWriter (from shodan)
  Downloading https://files.pythonhosted.org/packages/cf/37/830a21a2f6fa3e4cbda743c34fc94bee2ac07cb3ccf1630069fa8bc3190b/XlsxWriter-1.1.1-py2.py3-none-any.whl (142kB)
    100% |████████████████████████████████| 143kB 4.0MB/s 
Requirement already satisfied: certifi>=2017.4.17 in /usr/local/lib/python2.7/dist-packages (from requests>=2.2.1->shodan) (2017.4.17)
Requirement already satisfied: chardet<3.1.0,>=3.0.2 in /usr/local/lib/python2.7/dist-packages (from requests>=2.2.1->shodan) (3.0.4)
Requirement already satisfied: urllib3<1.22,>=1.21.1 in /usr/local/lib/python2.7/dist-packages (from requests>=2.2.1->shodan) (1.21.1)
Requirement already satisfied: idna<2.6,>=2.5 in /usr/local/lib/python2.7/dist-packages (from requests>=2.2.1->shodan) (2.5)
Installing collected packages: click, click-plugins, colorama, XlsxWriter, shodan
  Running setup.py install for shodan ... done
Successfully installed XlsxWriter-1.1.1 click-7.0 click-plugins-1.0.4 colorama-0.4.0 shodan-1.10.4

But now I get this error:

$ python bamf.py --shodan [my shodan API key]
Traceback (most recent call last):
  File "bamf.py", line 29, in <module>
    import mechanize
ImportError: No module named mechanize

Thoughts?

malwaredllc / bamf Goto Github PK

bamf's Introduction

BAMF

Installation

Usage

Contact

bamf's People

Contributors

Stargazers

Watchers

Forkers

bamf's Issues

It's not compatible with Python3 (at least, with pip3)

Missing module (shodan and mechanize)

update python requirement

needs python2 but ubuntu does not have pip for python2 anymore

Scan stuck

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent