routersploit v3.4.3 released: Router Exploitation Framework

routersploit

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

It consists of various modules that aid penetration testing operations:

  • exploits – modules that take advantage of identified vulnerabilities
  • creds – modules designed to test credentials against network services
  • scanners – modules that check if a target is vulnerable to any exploit
  • payloads – modules that are responsible for generating payloads for various architectures and injection points
  • generic – modules that perform generic attacks

Changelog v3.4.0

  • Fixing setup.py resources
  • Switching to pycroptodome
  • Fixing communication API
  • Adding exploits/routers/asus/asuswrt_lan_rce.py module
  • Fixing exploits/routers/asus/infosvr_backdoor_rce.py module
  • Adding credentials used by Mirai botnet
  • Fixing 3com Officeconnect RCE module
  • Fixing exploits/routers/billion/billion_5200w_rce.py module
  • Fixing exploits/routers/cisco/catalyst_2960_rocem.py module
  • Fixing exploits/routers/cisco/firepower_management60_rce.py module
  • Fixing exploits/routers/dlink/dir_815_850l_rce.py module
  • Fixing exploits/routers/multi/tcp_32764_rce.py module
  • Fixing exploits/routers/ubiquiti/airos_6_x.py module
  • Adding OptEncoder option
  • Fixing use command issue
  • Adding tests tests/exploits/cameras/cisco/test_video_surv_path_traversal.py
  • Adding tests for modules default values
  • Adding tests tests/exploits/routers/asus/test_infosvr_backdoor_rce.py
  • Adding tests tests/exploits/routers/billion/test_billion_5200w_rce.py
  • Adding tests tests/exploits/routers/cisco/test_firepower_management60_rce.py
  • Adding tests tests/exploits/routers/cisco/test_secure_acs_bypass.py
  • Adding tests tests/exploits/routers/dlink/test_dcs_930l_auth_rce.py
  • Adding tests tests/exploits/routers/technicolor/test_tg784_authbypass.py
  • Adding tests tests/exploits/routers/dlink/test_dsl_2730b_2780b_526b_dns_change.py
  • Fixing exploits/routers/ipfire/ipfire_proxy_rce.py module
  • Fixing exploits/routers/ipfire/ipfire_shellshock.py module
  • Adding exploits/routers/linksys/eseries_themoon_rce.py module

Installation

Requirements

  • gnureadline (OSX only)
  • requests
  • paramiko
  • beautifulsoup4
  • pysnmp
Installation on Kali
git clone https://github.com/reverse-shell/routersploit
cd routersploit
./rsf.py

Installation on Ubuntu 16.04

sudo apt-get install python-dev python-pip libncurses5-dev git
git clone https://github.com/reverse-shell/routersploit
cd routersploit
pip install -r requirements.txt
./rsf.py

Installation on OSX
git clone https://github.com/reverse-shell/routersploit
cd routersploit
sudo easy_install pip
sudo pip install -r requirements.txt
./rsf.py

Running on Docker

git clone https://github.com/reverse-shell/routersploit
cd routersploit
docker build -t routersploit:latest -f Dockerfile .
./run_docker.sh

Update
cd routersploit
git pull

 

Usage

root@kalidev:~/git/routersploit# ./rsf.py
______ _ _____ _ _ _
| ___ \ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __\ `--. _ __ | | ___ _| |_
| // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
| |\ \ (_) | |_| | || __/ | /\__/ / |_) | | (_) | | |_
\_| \_\___/ \__,_|\__\___|_| \____/| .__/|_|\___/|_|\__|
| |
Router Exploitation Framework |_|

Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
Codename : Wildest Dreams
Version : 1.0.0

rsf >

 

Copyright 2016, The RouterSploit Framework (RSF) by Reverse Shell Security