routersploit v3.4.3 released: Router Exploitation Framework

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

It consists of various modules that aid penetration testing operations:

• exploits – modules that take advantage of identified vulnerabilities
• creds – modules designed to test credentials against network services
• scanners – modules that check if a target is vulnerable to any exploit
• payloads – modules that are responsible for generating payloads for various architectures and injection points
• generic – modules that perform generic attacks

Changelog v3.4.0

• Fixing setup.py resources
• Switching to pycroptodome
• Fixing communication API
• Adding exploits/routers/asus/asuswrt_lan_rce.py module
• Fixing exploits/routers/asus/infosvr_backdoor_rce.py module
• Adding credentials used by Mirai botnet
• Fixing 3com Officeconnect RCE module
• Fixing exploits/routers/billion/billion_5200w_rce.py module
• Fixing exploits/routers/cisco/catalyst_2960_rocem.py module
• Fixing exploits/routers/cisco/firepower_management60_rce.py module
• Fixing exploits/routers/dlink/dir_815_850l_rce.py module
• Fixing exploits/routers/multi/tcp_32764_rce.py module
• Fixing exploits/routers/ubiquiti/airos_6_x.py module
• Adding OptEncoder option
• Fixing use command issue
• Adding tests tests/exploits/cameras/cisco/test_video_surv_path_traversal.py
• Adding tests for modules default values
• Adding tests tests/exploits/routers/asus/test_infosvr_backdoor_rce.py
• Adding tests tests/exploits/routers/billion/test_billion_5200w_rce.py
• Adding tests tests/exploits/routers/cisco/test_firepower_management60_rce.py
• Adding tests tests/exploits/routers/cisco/test_secure_acs_bypass.py
• Adding tests tests/exploits/routers/dlink/test_dcs_930l_auth_rce.py
• Adding tests tests/exploits/routers/technicolor/test_tg784_authbypass.py
• Adding tests tests/exploits/routers/dlink/test_dsl_2730b_2780b_526b_dns_change.py
• Fixing exploits/routers/ipfire/ipfire_proxy_rce.py module
• Fixing exploits/routers/ipfire/ipfire_shellshock.py module
• Adding exploits/routers/linksys/eseries_themoon_rce.py module

Installation

Requirements

• gnureadline (OSX only)
• requests
• paramiko
• beautifulsoup4
• pysnmp

Installation on Kali
git clone https://github.com/reverse-shell/routersploit
cd routersploit
./rsf.py

Installation on Ubuntu 16.04

sudo apt-get install python-dev python-pip libncurses5-dev git
git clone https://github.com/reverse-shell/routersploit
cd routersploit
pip install -r requirements.txt
./rsf.py

Installation on OSX
git clone https://github.com/reverse-shell/routersploit
cd routersploit
sudo easy_install pip
sudo pip install -r requirements.txt
./rsf.py

Running on Docker

git clone https://github.com/reverse-shell/routersploit
cd routersploit
docker build -t routersploit:latest -f Dockerfile .
./run_docker.sh

Update
cd routersploit
git pull

Usage

root@kalidev:~/git/routersploit# ./rsf.py
 ______            _            _____       _       _ _
 | ___ \          | |          /  ___|     | |     (_) |
 | |_/ /___  _   _| |_ ___ _ __\ `--. _ __ | | ___  _| |_
 |    // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
 | |\ \ (_) | |_| | ||  __/ |  /\__/ / |_) | | (_) | | |_
 \_| \_\___/ \__,_|\__\___|_|  \____/| .__/|_|\___/|_|\__|
                                     | |
     Router Exploitation Framework   |_|

 Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
 Codename : Wildest Dreams
 Version  : 1.0.0

rsf >

Copyright 2016, The RouterSploit Framework (RSF) by Reverse Shell Security