{"id":29778838,"url":"https://github.com/mepley1/micro-mikro-client","last_synced_at":"2025-07-27T13:03:52.942Z","repository":{"id":305431835,"uuid":"1022762591","full_name":"mepley1/micro-mikro-client","owner":"mepley1","description":"A tiny scriptable CLI client for MikroTik RouterOS REST API, for manipulating IPv4/IPv6 firewall address lists. Can be used standalone or as an automated action for your IDS/firewall/honeypot.","archived":false,"fork":false,"pushed_at":"2025-07-27T02:49:21.000Z","size":48,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-27T05:22:07.741Z","etag":null,"topics":["cli","mikrotik","rest-client","routeros","zig"],"latest_commit_sha":null,"homepage":"","language":"Zig","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mepley1.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-19T19:12:52.000Z","updated_at":"2025-07-27T02:49:14.000Z","dependencies_parsed_at":"2025-07-20T04:49:24.752Z","dependency_job_id":"54cac420-d297-4986-8f90-272b432aae57","html_url":"https://github.com/mepley1/micro-mikro-client","commit_stats":null,"previous_names":["mepley1/micro-mikro-client"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mepley1/micro-mikro-client","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mepley1%2Fmicro-mikro-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mepley1%2Fmicro-mikro-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mepley1%2Fmicro-mikro-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mepley1%2Fmicro-mikro-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mepley1","download_url":"https://codeload.github.com/mepley1/micro-mikro-client/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mepley1%2Fmicro-mikro-client/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":267361489,"owners_count":24074938,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-07-27T02:00:11.917Z","response_time":82,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cli","mikrotik","rest-client","routeros","zig"],"created_at":"2025-07-27T13:01:23.053Z","updated_at":"2025-07-27T13:03:52.923Z","avatar_url":"https://github.com/mepley1.png","language":"Zig","funding_links":[],"categories":[],"sub_categories":[],"readme":"# micro-mikro-client\n\nA tiny scriptable CLI client for MikroTik RouterOS REST API, for manipulating IPv4/IPv6 firewall address lists. Can be used standalone or as an automated action for your IDS/firewall/honeypot. Written in Zig.\n\nAppends an IP address to a RouterOS `/ip` or `/ipv6` `/firewall/address-list` for use in firewall filters or etc.\n\nUses around 2KB memory depending on how you build it, (~2K in `ReleaseFast`, slightly less in Small - plus some extra in case of errors), so can be used on smaller devices/systems.\n\n# Usage\n\n```\nOptions:\n\n -a, --address (REQUIRED) IP address to append to address-list.\n -r, --router (REQUIRED*) Firewall/router hostname or IP. May also be set\n via environment variable $MICROMIKRO_ROUTER\n -l, --address-list Name of address-list (default: 'zigwang')\n -c, --comment Comment (printable ascii \u003c= 127). (default: \"\")\n -t, --timeout Timeout - i.e. 4h or 00:04:00 (default: 4h)\n -e, --auth (REQUIRED*) Base64-encoded http basic auth string (i.e.\n result of `echo -n \"user:pass\" | base64`). May also be set\n via environment variable $MICROMIKRO_AUTH\n -u, --user Username of service account on firewall. If this arg is\n specified, a dialog (kdialog or stdin) will be spawned to\n prompt for password. Can only be used in an interactive\n shell - not scriptable. Recommended to pass `--auth` instead.\n -p, --port Port, in case of REST API on non-standard port. Optional.\n -x, --proxy HTTP(S) proxy. This option takes precedence over any proxies\n found in $HTTP_PROXY/$HTTPS_PROXY env vars (i.e. --proxy -\u003e\n environment -\u003e none). Optional.\n -P, --ignore-system-proxy Ignore $HTTP_PROXY/$HTTPS_PROXY environment variables. Might\n be useful for testing or odd networks.\n -I, --insecure Use plaintext http (no tls) (not recommended). Only for\n testing; be mindful that without TLS, you'll be sending\n RouterOS credentials, with write access to your firewall, in\n plaintext across the network. Do not use this option if the\n RouterOS host is not link-local. *See RouterOS wiki for help\n with certificates.\n -6, --ipv6 Target IPv6 firewall (i.e. call\n `/ipv6/firewall/address-list` endpoint as opposed to\n `/ip/firewall/address-list`). Use this option if `--address`\n is a v6 addr, thought that's not exactly what the option\n means; the v4 firewall does not accept a v6 addr. I have\n chosen to not detect/choose automatically, in favor of explicitness.\n --dry-run Dry run. Don't send request to RouterOS host; instead, print\n some info to stderr about what *would* have been sent.\n --ignore-config Ignore config - don't read options from config file OR\n environment vars. Mostly for development; CLI args will\n always override config anyways.\n --no-newline Don't append trailing newline to output. May be useful in scripts.\n --help print help information\n --version print version information\n```\n\n## Required args:\n\n- `-a, --address` | The IP you want to add to the address-list. RouterOS will also accept a DNS name, which it will resolve on its own using whatever DNS is configured for its own queries.\n- `-r, --router` | DNS name or IP addr of RouterOS host. (Can also set in static config)\n- `--auth` or `--user` | Either of these two auth options may be used, OR auth can be set in config (see below). `--auth` expects the base64-encoded (or not) `user:pass` substring of a http basic auth header ([rfc7617](https://datatracker.ietf.org/doc/html/rfc7617)). Easy way to get this value: `echo -n \"username:password\" | base64`. If `--user` is passed instead, you'll be prompted interactively for a password via either kdialog (if available and in a graphical environment) or a stdin reader. (thus `--user` shouldn't be used in scripts).\n- Recommended to also include `-l, --address-list`, `-t, --timeout`, and `-c, --comment`. If not included, some defaults will be used, which may or may not suit your preferences. (TODO: Allow these to be configured in conf file)\n\nThe RouterOS host address (`-r`/`--router`) and auth creds (`--auth`) can also be configured in `$XDG_CONFIG_HOME/micro-mikro-client/.env.json`, or via environment variables (`MICROMIKRO_AUTH` and `MICROMIKRO_ROUTER`).\n\nProgram also respects `$HTTP_PROXY` + `$HTTPS_PROXY` variables and will use them if found.\n\nThe RouterOS host's TLS cert must be trusted by the host running the program, otherwise you will need to use `-I/--insecure` (no TLS). Supports TLS v1.2 via stdlib's `std.http.Client`.\n`mkcert` is useful for testing certs. If for some reason you haven't configured TLS on your RouterOS host, then you *really* need to do so anyways if you're enabling the APIs and/or web interface.\n\n## Examples\n\nIf you have configured your auth string and RouterOS hostname in static config, you only need to pass `-a/--address`:\n```sh\nmicro-mikro-client -a 10.20.30.40\n```\n\nAppend an address to an __IPv4__ `address-list` named `badips`, timeout 4 hours, RouterOS host at `192.168.88.1`:\n\n```sh\nmicro-mikro-client \\\n -a 10.20.30.40 \\\n -r 192.168.88.1 \\\n -t 4h \\\n --address-list \"badips\" \\\n --comment \"testing\" \\\n --auth \"dXNlcjpwd2Q=\"\n```\n\nSimilar to above, but append to an __IPv6__ `address-list`:\n\n```sh\nmicro-mikro-client \\\n -6 \\\n -a 2001:db8::abcd:1234 \\\n -r 192.168.88.1 \\\n -t 4h \\\n --address-list \"badips\" \\\n --auth \"dXNlcjpwd2Q=\"\n```\n\nAdd own public IP addr to an address list:\n\n```sh\nmicro-mikro-client -a $(curl https://ip.mepley.net) --address-list \"self-public\" -t 4h --comment \"Automated\" \n```\n\nPass auth str, encoded via bash expansion:\n```sh\nmicro-mikro-client -6 -a 2001:db8::bad:add:2 -r 2001:db8::1 -l \"example-list\" --auth $(echo -n \"user:pass\" | base64)\n```\n\n## Config\n\nSome options can be configured statically in `$XDG_CONFIG_HOME/micro-mikro-client/.env.json`, which is read at runtime; see `.env.json.default` for example config.\n\nCommand line options override static config.\n\n# Build\n\n- `zig build -Doptimize=ReleaseFast`\n\nOr, for specific target triples:\n\n- `zig build -Doptimize=ReleaseSmall -Dcpu=znver5 -Dtarget=x86_64-linux-gnu`\n- For Extreme Networks ap3825i (Freescale p1020) running OpenWRT (haven't tested on it yet, but it builds): `zig build -Dtarget=powerpc-linux-musl -Doptimize=ReleaseSmall` (see [since 2015 OpenWRT is based on musl libc](https://ziggit.dev/t/zig-programming-language-as-first-class-citizen/6736/9))\n\n## Dependencies\n\n[zli](https://github.com/dweiller/zli) (note: there are currently several different libs named ZLI to be found, for similar purposes).\n\n# Notes\n\n- RouterOS will accept an IPv4 address to add to an IPv6 address-list, but not vice versa. If the API responds with \"xxx is not a valid DNS name\", check your `--address` value.\n- To b64-encode your creds, you can use `echo -n \"user:pass\" | base64` in a bash shell.\n- Lots of `@branchHint(.likely)`/`@branchHint(.unlikely)` are used throughout the code, particularly around validation flows- because you're passing valid parameter values, *right?* ;)\n- http.client works fine with RouterOS's TLS v1.2, but seemingly only by domain name and not IP. Not sure whether issue is with RouterOS or http.Client, or on my part.\n\n# To do\n\nTODO: this\n\n# Contributing\n\nAny pull requests are welcome, but maybe open an issue before putting your time into it. Expect spontaneous breaking changes.\n\nSearch the code for comments beginning with `TODO` or see `TODO.md` to find some low-hanging fruit.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmepley1%2Fmicro-mikro-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmepley1%2Fmicro-mikro-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmepley1%2Fmicro-mikro-client/lists"}