Merge pull request #2 from reverse-shell/master

Update from original

Merge pull request #2 from reverse-shell/master
Update from original
4dc1a1cd · ArtificialImmunity · a05553a1 · 677863ca · 4dc1a1cd · 4dc1a1cd
Commit 4dc1a1cd authored Apr 27, 2016 by ArtificialImmunity
9 changed files
--- a/README.md
+++ b/README.md
@@ -14,9 +14,9 @@ It consists of various modules that aids penetration testing operations:
 # Installation
-	sudo apt-get install python-requests python-paramiko python-netsnmp
 	git clone https://github.com/reverse-shell/routersploit
 	cd routersploit
+	pip install -r requirements.txt
 	./rsf.py
 # Update

--- a/routersploit/interpreter.py
+++ b/routersploit/interpreter.py
@@ -86,7 +86,7 @@ class BaseInterpreter(object):
                command_handler(args)
            except RoutersploitException as err:
                utils.print_error(err)
-            except KeyboardInterrupt:
+            except (KeyboardInterrupt, EOFError):
                print()
                utils.print_status("routersploit stopped")
                break

--- a/routersploit/modules/creds/http_form_bruteforce.py
+++ b/routersploit/modules/creds/http_form_bruteforce.py
@@ -34,8 +34,9 @@ class Exploit(exploits.Exploit):
    threads = exploits.Option(8, 'Number of threads')
    usernames = exploits.Option('admin', 'Username or file with usernames (file://)')
    passwords = exploits.Option(wordlists.passwords, 'Password or file with passwords (file://)')
-    form = exploits.Option('auto', 'Post Data: auto or in form login={{LOGIN}}&password={{PASS}}&submit')
+    form = exploits.Option('auto', 'Post Data: auto or in form login={{USER}}&password={{PASS}}&submit')
    path = exploits.Option('/login.php', 'URL Path')
+    form_path = exploits.Option('same', 'same as path or URL Form Path')
    verbosity = exploits.Option('yes', 'Display authentication attempts')
    credentials = []
@@ -46,9 +47,15 @@ class Exploit(exploits.Exploit):
        self.credentials = []
        self.attack()
+    def get_form_path(self):
+        if self.form_path == 'same':
+            return self.path
+        else:
+            return self.form_path
    @multi
    def attack(self):
-        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
+        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path()))
        try:
            requests.get(url, verify=False)
@@ -61,11 +68,15 @@ class Exploit(exploits.Exploit):
        # authentication type
        if self.form == 'auto':
-            self.data = self.detect_form()
+            form_data = self.detect_form()
-            if self.data is None:
+            if form_data is None:
                print_error("Could not detect form")
                return
+            (form_action, self.data) = form_data
+            if form_action:
+                self.path = form_action
        else:
            self.data = self.form
@@ -116,7 +127,7 @@ class Exploit(exploits.Exploit):
                self.invalid["max"] = l
    def detect_form(self):
-        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
+        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path()))
        r = requests.get(url, verify=False)
        soup = BeautifulSoup(r.text, "lxml")
@@ -125,20 +136,22 @@ class Exploit(exploits.Exploit):
        if form is None:
            return None
+        action = form.attrs.get('action', None)
        if len(form) > 0:
            res = []
            for inp in form.findAll("input"):
                if 'name' in inp.attrs.keys():
-                    if inp.attrs['name'].lower() in ["username", "user", "login"]:
+                    if inp.attrs['name'].lower() in ["username", "user", "login", "username_login"]:
                        res.append(inp.attrs['name'] + "=" + "{{USER}}")
-                    elif inp.attrs['name'].lower() in ["password", "pass"]:
+                    elif inp.attrs['name'].lower() in ["password", "pass", "password_login"]:
                        res.append(inp.attrs['name'] + "=" + "{{PASS}}")
                    else:
                        if 'value' in inp.attrs.keys():
                            res.append(inp.attrs['name'] + "=" + inp.attrs['value'])
                        else:
                            res.append(inp.attrs['name'] + "=")
-        return '&'.join(res)
+        return (action, '&'.join(res))
    def target_function(self, running, data):
        module_verbosity = boolify(self.verbosity)

--- a/routersploit/modules/creds/http_form_default.py
+++ b/routersploit/modules/creds/http_form_default.py
@@ -32,8 +32,9 @@ class Exploit(exploits.Exploit):
    port = exploits.Option(80, 'Target port')
    threads = exploits.Option(8, 'Number of threads')
    defaults = exploits.Option(wordlists.defaults, 'User:Pass or file with default credentials (file://)')
-    form = exploits.Option('auto', 'Post Data: auto or in form login={{LOGIN}}&password={{PASS}}&submit')
+    form = exploits.Option('auto', 'Post Data: auto or in form login={{USER}}&password={{PASS}}&submit')
    path = exploits.Option('/login.php', 'URL Path')
+    form_path = exploits.Option('same', 'same as path or URL Form Path')
    verbosity = exploits.Option('yes', 'Display authentication attempts')
    credentials = []
@@ -44,9 +45,15 @@ class Exploit(exploits.Exploit):
        self.credentials = []
        self.attack()
+    def get_form_path(self):
+        if self.form_path == 'same':
+            return self.path
+        else:
+            return self.form_path
    @multi
    def attack(self):
-        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
+        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path()))
        try:
            requests.get(url, verify=False)
@@ -59,11 +66,15 @@ class Exploit(exploits.Exploit):
        # authentication type
        if self.form == 'auto':
-            self.data = self.detect_form()
+            form_data = self.detect_form()
-            if self.data is None:
+            if form_data is None:
                print_error("Could not detect form")
                return
+            (form_action, self.data) = form_data
+            if form_action:
+                self.path = form_action
        else:
            self.data = self.form
@@ -109,7 +120,7 @@ class Exploit(exploits.Exploit):
                self.invalid["max"] = l
    def detect_form(self):
-        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.path))
+        url = sanitize_url("{}:{}{}".format(self.target, self.port, self.get_form_path()))
        r = requests.get(url, verify=False)
        soup = BeautifulSoup(r.text, "lxml")
@@ -118,20 +129,22 @@ class Exploit(exploits.Exploit):
        if form is None:
            return None
+        action = form.attrs.get('action', None)
        if len(form) > 0:
            res = []
            for inp in form.findAll("input"):
                if 'name' in inp.attrs.keys():
-                    if inp.attrs['name'].lower() in ["username", "user", "login"]:
+                    if inp.attrs['name'].lower() in ["username", "user", "login", "username_login"]:
                        res.append(inp.attrs['name'] + "=" + "{{USER}}")
-                    elif inp.attrs['name'].lower() in ["password", "pass"]:
+                    elif inp.attrs['name'].lower() in ["password", "pass", "password_login"]:
                        res.append(inp.attrs['name'] + "=" + "{{PASS}}")
                    else:
                        if 'value' in inp.attrs.keys():
                            res.append(inp.attrs['name'] + "=" + inp.attrs['value'])
                        else:
                            res.append(inp.attrs['name'] + "=")
-        return '&'.join(res)
+        return (action, '&'.join(res))
    def target_function(self, running, data):
        module_verbosity = boolify(self.verbosity)

--- a/routersploit/modules/scanners/autopwn.py
+++ b/routersploit/modules/scanners/autopwn.py
@@ -17,9 +17,9 @@ class Exploit(exploits.Exploit):
    __info__ = {
        'name': 'AutoPwn',
        'description': 'Scanner module for all vulnerabilities.',
-        'author': [
+        'authors': [
            'Marcin Bury <marcin.bury[at]reverse-shell.com>',  # routersploit module
-         ],
+        ],
    }
    target = exploits.Option('', 'Target IP address e.g. 192.168.1.1')  # target address

--- a/routersploit/modules/scanners/dlink_scan.py
+++ b/routersploit/modules/scanners/dlink_scan.py
@@ -17,7 +17,7 @@ class Exploit(exploits.Exploit):
    __info__ = {
        'name': 'D-Link Scanner',
        'description': 'Scanner module for D-Link devices',
-        'author': [
+        'authors': [
            'Marcin Bury <marcin.bury[at]reverse-shell.com>',  # routersploit module
        ],
    }

--- a/routersploit/utils.py
+++ b/routersploit/utils.py
@@ -314,7 +314,7 @@ def pprint_dict_in_order(dictionary, order=None):
        prettyprint(rest_keys, dictionary[rest_keys])
-def random_text(length, alph=string.letters+string.digits):
+def random_text(length, alph=string.ascii_letters+string.digits):
    """ Random text generator. NOT crypto safe.
    Generates random text with specified length and alphabet.

--- a/routersploit/wordlists/defaults.txt
+++ b/routersploit/wordlists/defaults.txt
@@ -166,6 +166,7 @@ admin:rmnetlm
 admin:root
 admin:secure
 admin:setup
+admin:sky
 admin:smallbusiness
 admin:smcadmin
 admin:superuser

--- a/routersploit/wordlists/passwords.txt
+++ b/routersploit/wordlists/passwords.txt
@@ -146,6 +146,7 @@ RSX
 SECURITY
 SERVICE
 SESAME
+sky
 SKY_FOX
 SMDR
 SSA