BAMF (Backdoor Access Machine Farmer)

BAMF (Backdoor Access Machine Farmer)

Backdoor Access Machine Farmer

Backdoor Access Machine Farmer

BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover vulnerable routers, then utilize detected backdoors/vulnerabilities to remotely access the router administration panel and modify the DNS server settings.

Changing the primary DNS server of a router hijacks the domain name resolution process, enabling an attacker to target every device on the network simultaneously to spread malware with drive-by downloads and harvest credentials via malicious redirects to fraudulent phishing sites.

Currently, the only vulnerability detected and exploited is CVE-2013-6026, commonly also

known as Joel’s Backdoor, is also a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link, one of the world’s largest manufacturers of routers for home and business.

This project is still under development and will soon have a more modular design, also making it easier for other developers to add detection & exploitation features for other vulnerabilities.
Installation

Download or clone the repository (git clone https://github.com/malwaredllc/bamf)
Install the required Python packages (pip install -r bamf/requirements.txt)
Create a free Shodan account at https://account.shodan.io/register
Configure BAMF to use your Shodan API key (python bamf.py [–shodan API])
Usage

1 Use the search command to search the internet for potential
2 Use the scan command to scan the target routers for backdoors
3 Use the map command to map the networks of devices connected to vulnerable routers
4 Use the pharm command to change the DNS settings of vulnerable routers
5 Use the targets command to view potential targets discovered this session
6 Use the backdoors command to view routers with a confirmed backdoor
7 Use the devices command to view all devices connected to vulnerable routers

You can also buy instant:

GET ANYTHING FROM G2A FOR FREE

Cashapp Money Transfer Click here

Paypal Money Transfer Click here

Western Union  Money Transfer Click here

Venmo Money Transfer Click here

Bank Money Transfer Click here to Contact Us

 

Leave a Reply