DISCLAIMER: This project should be used for authorized testing and educational purposes only.

BAMF is an open-source tool designed to leverage Shodan (a search engine for the Internet of Things) to discover vulnerable routers, then utilize detected backdoors/vulnerabilities to remotely access the router administration panel and modify the DNS server settings.

Changing the primary DNS server of a router hijacks the domain name resolution process, enabling an attacker to target every device on the network simultaneously to spread malware with drive-by downloads and harvest credentials via malicious redirects to fraudulent phishing sites.

Currently the only vulnerability detected and exploited is CVE-2013-6026, commonly known as Joel's Backdoor, a severe vulnerability allowing unauthenticated access to the administration panel of many routers made by D-Link, one of the world's largest manufacturers of routers for home and business.

This project is still under development and will soon have a more modular design, making it easier for other developers to add detection & exploitation features for other vulnerabilities.

1. Download or clone the repository (git clone https://github.com/malwaredllc/bamf)
2. Install the required Python packages (pip install -r bamf/requirements.txt)
3. Create a free Shodan account at https://account.shodan.io/register
4. Configure BAMF to use your Shodan API key (python bamf.py [--shodan API])

• Use the search command to search the internet for potential
• Use the scan command to scan the target routers for backdoors
• Use the map command to map the networks of devices connected to vulnerable routers
• Use the pharm command to change the DNS settings of vulnerable routers
• Use the targets command to view potential targets discovered this session
• Use the backdoors command to view routers with a confirmed backdoor
• Use the devices command to view all devices connected to vulnerable routers

Contributors welcome!Feel free to issue pull-requests with any new features or improvements you have come up with!

1. Look into using an online vulnerability database API to enable cross-referencing responses from the Shodan IoT search engine with signatures of backdoors/vulnerabilities
2. Change to modular design to make it easier for other developers to add detection & exploitation features for other vulnerabilities
3. Integrate BAMF into the BYOB framework as a distribution mechanism to maximize spreading potential

Website: https://malwared.com

Email: [email protected]

Twitter: