logo

BAMF (Backdoor Access Machine Farmer)

license version

DISCLAIMER: This project should be used for authorized testing and educational purposes only.

BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover vulnerable routers, then utilize detected backdoors/vulnerabilities to remotely access the router administration panel and modify the DNS server settings.

Changing the primary DNS server of a router hijacks the domain name resolution process, enabling an attacker to target every device on the network simultaneously to spread malware with drive-by downloads and harvest credentials via malicious redirects to fraudulent phishing sites.

Currently the only vulnerability detected and exploited is CVE-2013-6026, commonly known as Joel's Backdoor, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link, one of the world's largest manufacturers of routers for home and business.

This project is still under development and will soon have a more modular design, making it easier for other developers to add detection & exploitation features for other vulnerabilities.


Installation

1) Download or clone the repository (git clone https://github.com/malwaredllc/bamf) 2) Install the required Python packages (pip install -r bamf/requirements.txt) 3) Create a free Shodan account at https://account.shodan.io/register 4) Configure BAMF to use your Shodan API key (python bamf.py [--shodan API])


Usage


To Do

Contributors welcome!Feel free to issue pull-requests with any new features or improvements you have come up with!

1) Look into using an online vulnerability database API to enable cross-referencing responses from the Shodan IoT search engine with signatures of backdoors/vulnerabilities 2) Change to modular design to make it easier for other developers to add detection & exploitation features for other vulnerabilities 3) Integrate BAMF into the BYOB framework as a distribution mechanism to maximize spreading potential


Contact

Website: https://malwared.com

Email: security@malwared.com

Twitter: twitter