routersploit v3.4.0 released: Router Exploitation Framework

by do son · Published · Updated

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

It consists of various modules that aid penetration testing operations:

  • exploits – modules that take advantage of identified vulnerabilities
  • creds – modules designed to test credentials against network services
  • scanners – modules that check if a target is vulnerable to any exploit
  • payloads – modules that are responsible for generating payloads for various architectures and injection points
  • generic – modules that perform generic attacks

Changelog v3.4.0

  • Fixing setup.py resources
  • Switching to pycroptodome
  • Fixing communication API
  • Adding exploits/routers/asus/asuswrt_lan_rce.py module
  • Fixing exploits/routers/asus/infosvr_backdoor_rce.py module
  • Adding credentials used by Mirai botnet
  • Fixing 3com Officeconnect RCE module
  • Fixing exploits/routers/billion/billion_5200w_rce.py module
  • Fixing exploits/routers/cisco/catalyst_2960_rocem.py module
  • Fixing exploits/routers/cisco/firepower_management60_rce.py module
  • Fixing exploits/routers/dlink/dir_815_850l_rce.py module
  • Fixing exploits/routers/multi/tcp_32764_rce.py module
  • Fixing exploits/routers/ubiquiti/airos_6_x.py module
  • Adding OptEncoder option
  • Fixing use command issue
  • Adding tests tests/exploits/cameras/cisco/test_video_surv_path_traversal.py
  • Adding tests for modules default values
  • Adding tests tests/exploits/routers/asus/test_infosvr_backdoor_rce.py
  • Adding tests tests/exploits/routers/billion/test_billion_5200w_rce.py
  • Adding tests tests/exploits/routers/cisco/test_firepower_management60_rce.py
  • Adding tests tests/exploits/routers/cisco/test_secure_acs_bypass.py
  • Adding tests tests/exploits/routers/dlink/test_dcs_930l_auth_rce.py
  • Adding tests tests/exploits/routers/technicolor/test_tg784_authbypass.py
  • Adding tests tests/exploits/routers/dlink/test_dsl_2730b_2780b_526b_dns_change.py
  • Fixing exploits/routers/ipfire/ipfire_proxy_rce.py module
  • Fixing exploits/routers/ipfire/ipfire_shellshock.py module
  • Adding exploits/routers/linksys/eseries_themoon_rce.py module

Installation

Requirements

  • gnureadline (OSX only)
  • requests
  • paramiko
  • beautifulsoup4
  • pysnmp
Installation on Kali

git clone https://github.com/reverse-shell/routersploit

cd routersploit

./rsf.py



Installation on Ubuntu 16.04



sudo apt-get install python-dev python-pip libncurses5-dev git

git clone https://github.com/reverse-shell/routersploit

cd routersploit

pip install -r requirements.txt

./rsf.py



Installation on OSX

git clone https://github.com/reverse-shell/routersploit

cd routersploit

sudo easy_install pip

sudo pip install -r requirements.txt

./rsf.py



Running on Docker



git clone https://github.com/reverse-shell/routersploit

cd routersploit

docker build -t routersploit:latest -f Dockerfile .

./run_docker.sh



Update

cd routersploit

git pull

 

Usage

root@kalidev:~/git/routersploit# ./rsf.py

 ______            _            _____       _       _ _

 | ___ \          | |          /  ___|     | |     (_) |

 | |_/ /___  _   _| |_ ___ _ __\ `--. _ __ | | ___  _| |_

 |    // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|

 | |\ \ (_) | |_| | ||  __/ |  /\__/ / |_) | | (_) | | |_

 \_| \_\___/ \__,_|\__\___|_|  \____/| .__/|_|\___/|_|\__|

                                     | |

     Router Exploitation Framework   |_|



 Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)

 Codename : Wildest Dreams

 Version  : 1.0.0



rsf >

 

 

 

asciicast

Copyright 2016, The RouterSploit Framework (RSF) by Reverse Shell Security

Tags: routersploit