Skip to content

R
routersploit
Unverified Commit 58a2eda8 by Marcin Bury Committed by GitHub
Options

Adding multiple tests (#545) 

* Adding multiple tests

* Fixing code style
parent a03e81db
Showing with 649 additions and 54 deletions
Makefile
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
DIRECTORY=. DIRECTORY=.
EXCLUDED=.git,rsf.py EXCLUDED=.git,rsf.py
RSF_IMAGE=routersploit RSF_IMAGE=routersploit
FLAKE8_IGNORED_RULES=E501,F405,F403 FLAKE8_IGNORED_RULES=E501,F405,F403,W504
build: build:
docker build -t $(RSF_IMAGE) . docker build -t $(RSF_IMAGE) .
......
routersploit/core/exploit/exceptions.py
class RoutersploitException(Exception): class RoutersploitException(Exception):
def __init__(self, msg: str=""): def __init__(self, msg: str = ""):
super(RoutersploitException, self).__init__(msg) super(RoutersploitException, self).__init__(msg)
......
routersploit/core/exploit/utils.py
...@@ -15,7 +15,7 @@ MODULES_DIR = rsf_modules.__path__[0] ...@@ -15,7 +15,7 @@ MODULES_DIR = rsf_modules.__path__[0]
WORDLISTS_DIR = wordlists.__path__[0] WORDLISTS_DIR = wordlists.__path__[0]
def random_text(length: int, alph: str=string.ascii_letters + string.digits) -> str: def random_text(length: int, alph: str = string.ascii_letters + string.digits) -> str:
""" Generates random string text """ Generates random string text
:param int length: length of text to generate :param int length: length of text to generate
...@@ -79,7 +79,7 @@ def convert_port(port: int) -> bytes: ...@@ -79,7 +79,7 @@ def convert_port(port: int) -> bytes:
return bytes.fromhex(res) return bytes.fromhex(res)
def index_modules(modules_directory: str=MODULES_DIR) -> list: def index_modules(modules_directory: str = MODULES_DIR) -> list:
""" Returns list of all exploits modules """ Returns list of all exploits modules
:param str modules_directory: path to modules directory :param str modules_directory: path to modules directory
...@@ -123,7 +123,7 @@ def import_exploit(path: str): ...@@ -123,7 +123,7 @@ def import_exploit(path: str):
) )
def iter_modules(modules_directory: str=MODULES_DIR) -> list: def iter_modules(modules_directory: str = MODULES_DIR) -> list:
""" Iterates over valid modules """ Iterates over valid modules
:param str modules_directory: path to modules directory :param str modules_directory: path to modules directory
...@@ -285,8 +285,8 @@ class Version(object): ...@@ -285,8 +285,8 @@ class Version(object):
if version1 > version2 then 1 if version1 > version2 then 1
""" """
arr1 = re.sub("\D", ".", str(version1)).split(".") arr1 = re.sub(r"\D", ".", str(version1)).split(".")
arr2 = re.sub("\D", ".", str(version2)).split(".") arr2 = re.sub(r"\D", ".", str(version2)).split(".")
i = 0 i = 0
...@@ -302,7 +302,7 @@ class Version(object): ...@@ -302,7 +302,7 @@ class Version(object):
return 0 return 0
def detect_file_content(content: str, f: str="/etc/passwd") -> bool: def detect_file_content(content: str, f: str = "/etc/passwd") -> bool:
""" Detect specific file content in content """ Detect specific file content in content
:param str content: file content that should be analyzed :param str content: file content that should be analyzed
......
routersploit/core/ftp/ftp_client.py
...@@ -14,7 +14,7 @@ FTP_TIMEOUT = 8.0 ...@@ -14,7 +14,7 @@ FTP_TIMEOUT = 8.0
class FTPCli(object): class FTPCli(object):
""" FTP Client provides methods to handle communication with FTP server """ """ FTP Client provides methods to handle communication with FTP server """
def __init__(self, ftp_target: str, ftp_port: int, ssl: bool=False, verbosity: bool=False) -> None: def __init__(self, ftp_target: str, ftp_port: int, ssl: bool = False, verbosity: bool = False) -> None:
""" FTP client constructor """ FTP client constructor
:param str ftp_target: target FTP server ip address :param str ftp_target: target FTP server ip address
...@@ -35,7 +35,7 @@ class FTPCli(object): ...@@ -35,7 +35,7 @@ class FTPCli(object):
else: else:
self.ftp_client = ftplib.FTP() self.ftp_client = ftplib.FTP()
def connect(self, retries: int=1) -> bool: def connect(self, retries: int = 1) -> bool:
""" Connect to FTP server """ Connect to FTP server
:param int retries: number of retry attempts :param int retries: number of retry attempts
...@@ -65,7 +65,7 @@ class FTPCli(object): ...@@ -65,7 +65,7 @@ class FTPCli(object):
self.ftp_client.login(username, password) self.ftp_client.login(username, password)
print_success(self.peer, "FTP Authentication Successful - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) print_success(self.peer, "FTP Authentication Successful - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
return True return True
except Exception as err: except Exception:
print_error(self.peer, "FTP Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity) print_error(self.peer, "FTP Authentication Failed - Username: '{}' Password: '{}'".format(username, password), verbose=self.verbosity)
self.ftp_client.close() self.ftp_client.close()
...@@ -122,7 +122,7 @@ class FTPClient(Exploit): ...@@ -122,7 +122,7 @@ class FTPClient(Exploit):
ssl = OptBool(False, "SSL enabled: true/false") ssl = OptBool(False, "SSL enabled: true/false")
verbosity = OptBool(True, "Enable verbose output: true/false") verbosity = OptBool(True, "Enable verbose output: true/false")
def ftp_create(self, target: str=None, port: int=None) -> FTPCli: def ftp_create(self, target: str = None, port: int = None) -> FTPCli:
""" Create FTP client """ Create FTP client
:param str target: target FTP server ip address :param str target: target FTP server ip address
......
routersploit/core/http/http_client.py
...@@ -21,7 +21,7 @@ class HTTPClient(Exploit): ...@@ -21,7 +21,7 @@ class HTTPClient(Exploit):
verbosity = OptBool(True, "Verbosity enabled: true/false") verbosity = OptBool(True, "Verbosity enabled: true/false")
ssl = OptBool(False, "SSL enabled: true/false") ssl = OptBool(False, "SSL enabled: true/false")
def http_request(self, method: str, path: str, session: requests=requests, **kwargs) -> requests.Response: def http_request(self, method: str, path: str, session: requests = requests, **kwargs) -> requests.Response:
""" Requests HTTP resource """ Requests HTTP resource
:param str method: method that should be issued e.g. GET, POST :param str method: method that should be issued e.g. GET, POST
...@@ -57,7 +57,7 @@ class HTTPClient(Exploit): ...@@ -57,7 +57,7 @@ class HTTPClient(Exploit):
return None return None
def get_target_url(self, path: str="") -> str: def get_target_url(self, path: str = "") -> str:
""" Get target URL """ Get target URL
:param str path: path to http server resource :param str path: path to http server resource
......
routersploit/core/snmp/snmp_client.py
...@@ -13,7 +13,7 @@ SNMP_TIMEOUT = 15.0 ...@@ -13,7 +13,7 @@ SNMP_TIMEOUT = 15.0
class SNMPCli(object): class SNMPCli(object):
""" SNMP Client provides methods to handle communication with SNMP server """ """ SNMP Client provides methods to handle communication with SNMP server """
def __init__(self, snmp_target: str, snmp_port: int, verbosity: bool=False) -> None: def __init__(self, snmp_target: str, snmp_port: int, verbosity: bool = False) -> None:
""" SNMP client constructor """ SNMP client constructor
:param str snmp_target: target SNMP server ip address :param str snmp_target: target SNMP server ip address
...@@ -28,7 +28,7 @@ class SNMPCli(object): ...@@ -28,7 +28,7 @@ class SNMPCli(object):
self.peer = "{}:{}".format(self.snmp_target, snmp_port) self.peer = "{}:{}".format(self.snmp_target, snmp_port)
def get(self, community_string: str, oid: str, version: int=1, retries: int=0) -> bytes: def get(self, community_string: str, oid: str, version: int = 1, retries: int = 0) -> bytes:
""" Get OID from SNMP server """ Get OID from SNMP server
:param str community_string: SNMP server communit string :param str community_string: SNMP server communit string
...@@ -66,7 +66,7 @@ class SNMPClient(Exploit): ...@@ -66,7 +66,7 @@ class SNMPClient(Exploit):
verbosity = OptBool(True, "Enable verbose output: true/false") verbosity = OptBool(True, "Enable verbose output: true/false")
def snmp_create(self, target: str=None, port: int=None) -> SNMPCli: def snmp_create(self, target: str = None, port: int = None) -> SNMPCli:
""" Create SNMP client """ Create SNMP client
:param str target: target SNMP server ip address :param str target: target SNMP server ip address
......
routersploit/core/ssh/ssh_client.py
...@@ -20,7 +20,7 @@ SSH_TIMEOUT = 8.0 ...@@ -20,7 +20,7 @@ SSH_TIMEOUT = 8.0
class SSHCli(object): class SSHCli(object):
""" SSH Client provides methods to handle communication with SSH server """ """ SSH Client provides methods to handle communication with SSH server """
def __init__(self, ssh_target: str, ssh_port: int, verbosity=False) -> None: def __init__(self, ssh_target: str, ssh_port: int, verbosity: bool = False) -> None:
""" SSH client constructor """ SSH client constructor
:param str ssh_target: SSH target ip address :param str ssh_target: SSH target ip address
...@@ -38,7 +38,7 @@ class SSHCli(object): ...@@ -38,7 +38,7 @@ class SSHCli(object):
self.ssh_client = paramiko.SSHClient() self.ssh_client = paramiko.SSHClient()
self.ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) self.ssh_client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
def login(self, username: str, password: str, retries: int=1) -> bool: def login(self, username: str, password: str, retries: int = 1) -> bool:
""" Login to SSH server """ Login to SSH server
:param str username: SSH account username :param str username: SSH account username
...@@ -64,7 +64,7 @@ class SSHCli(object): ...@@ -64,7 +64,7 @@ class SSHCli(object):
return False return False
def login_pkey(self, username: str, priv_key: str, retries: int=1) -> bool: def login_pkey(self, username: str, priv_key: str, retries: int = 1) -> bool:
""" Login to SSH server with private key """ Login to SSH server with private key
:param str username: SSH account username :param str username: SSH account username
...@@ -289,7 +289,7 @@ class SSHCli(object): ...@@ -289,7 +289,7 @@ class SSHCli(object):
self.ssh_client.close() self.ssh_client.close()
return True return True
except Exception as err: except Exception as err:
print_error(self.peer, "SSH Error while closing connection", verbose=self.verbosity) print_error(self.peer, "SSH Error while closing connection", err, verbose=self.verbosity)
return False return False
...@@ -301,7 +301,7 @@ class SSHClient(Exploit): ...@@ -301,7 +301,7 @@ class SSHClient(Exploit):
verbosity = OptBool(True, "Enable verbose output: true/false") verbosity = OptBool(True, "Enable verbose output: true/false")
def ssh_create(self, target: str=None, port: int=None) -> SSHCli: def ssh_create(self, target: str = None, port: int = None) -> SSHCli:
""" Create SSH client """ Create SSH client
:param str target: target SSH server ip address :param str target: target SSH server ip address
......
routersploit/core/tcp/tcp_client.py
...@@ -15,7 +15,7 @@ TCP_SOCKET_TIMEOUT = 8.0 ...@@ -15,7 +15,7 @@ TCP_SOCKET_TIMEOUT = 8.0
class TCPCli(object): class TCPCli(object):
""" TCP Client provides methods to handle communication with TCP server """ """ TCP Client provides methods to handle communication with TCP server """
def __init__(self, tcp_target: str, tcp_port: int, verbosity: bool=False) -> None: def __init__(self, tcp_target: str, tcp_port: int, verbosity: bool = False) -> None:
""" TCP client constructor """ TCP client constructor
:param str tcp_target: target TCP server ip address :param str tcp_target: target TCP server ip address
...@@ -131,7 +131,7 @@ class TCPClient(Exploit): ...@@ -131,7 +131,7 @@ class TCPClient(Exploit):
verbosity = OptBool(True, "Enable verbose output: true/false") verbosity = OptBool(True, "Enable verbose output: true/false")
def tcp_create(self, target: str=None, port: int=None) -> TCPCli: def tcp_create(self, target: str = None, port: int = None) -> TCPCli:
""" Creates TCP client """ Creates TCP client
:param str target: target TCP server ip address :param str target: target TCP server ip address
......
routersploit/core/telnet/telnet_client.py
...@@ -13,7 +13,7 @@ TELNET_TIMEOUT = 30.0 ...@@ -13,7 +13,7 @@ TELNET_TIMEOUT = 30.0
class TelnetCli(object): class TelnetCli(object):
""" Telnet Client provides methods to handle communication with Telnet server """ """ Telnet Client provides methods to handle communication with Telnet server """
def __init__(self, telnet_target: str, telnet_port: int, verbosity=False) -> None: def __init__(self, telnet_target: str, telnet_port: int, verbosity: bool = False) -> None:
""" Telnet client constructor """ Telnet client constructor
:param str telnet_target: target Telnet server ip address :param str telnet_target: target Telnet server ip address
...@@ -44,7 +44,7 @@ class TelnetCli(object): ...@@ -44,7 +44,7 @@ class TelnetCli(object):
return False return False
def login(self, username: str, password: str, retries: int=1) -> bool: def login(self, username: str, password: str, retries: int = 1) -> bool:
""" Login to Telnet server """ Login to Telnet server
:param str username: Telnet account username :param str username: Telnet account username
...@@ -154,7 +154,7 @@ class TelnetClient(Exploit): ...@@ -154,7 +154,7 @@ class TelnetClient(Exploit):
verbosity = OptBool(True, "Enable verbose output: true/false") verbosity = OptBool(True, "Enable verbose output: true/false")
def telnet_create(self, target: str=None, port: int=None) -> TelnetCli: def telnet_create(self, target: str = None, port: int = None) -> TelnetCli:
""" Create Telnet client """ Create Telnet client
:param str target: target Telnet ip address :param str target: target Telnet ip address
......
routersploit/core/udp/udp_client.py
...@@ -14,7 +14,7 @@ UDP_SOCKET_TIMEOUT = 8.0 ...@@ -14,7 +14,7 @@ UDP_SOCKET_TIMEOUT = 8.0
class UDPCli(object): class UDPCli(object):
""" UDP Client provides methods to handle communication with UDP server """ """ UDP Client provides methods to handle communication with UDP server """
def __init__(self, udp_target: str, udp_port: int, verbosity: bool=False) -> None: def __init__(self, udp_target: str, udp_port: int, verbosity: bool = False) -> None:
""" UDP client constructor """ UDP client constructor
:param str udp_target: target UDP server ip address :param str udp_target: target UDP server ip address
...@@ -91,7 +91,7 @@ class UDPClient(Exploit): ...@@ -91,7 +91,7 @@ class UDPClient(Exploit):
verbosity = OptBool(True, "Enable verbose output: true/false") verbosity = OptBool(True, "Enable verbose output: true/false")
def udp_create(self, target: str=None, port: int=None) -> UDPCli: def udp_create(self, target: str = None, port: int = None) -> UDPCli:
""" Create UDP client """ Create UDP client
:param str target: target UDP server ip address :param str target: target UDP server ip address
......
routersploit/interpreter.py
...@@ -223,11 +223,11 @@ class RoutersploitInterpreter(BaseInterpreter): ...@@ -223,11 +223,11 @@ class RoutersploitInterpreter(BaseInterpreter):
self.__parse_prompt() self.__parse_prompt()
self.banner = """ ______ _ _____ _ _ _ self.banner = """ ______ _ _____ _ _ _
| ___ \ | | / ___| | | (_) | | ___ \\ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __\ `--. _ __ | | ___ _| |_ | |_/ /___ _ _| |_ ___ _ __\\ `--. _ __ | | ___ _| |_
| // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __| | // _ \\| | | | __/ _ \\ '__|`--. \\ '_ \\| |/ _ \\| | __|
| |\ \ (_) | |_| | || __/ | /\__/ / |_) | | (_) | | |_ | |\\ \\ (_) | |_| | || __/ | /\\__/ / |_) | | (_) | | |_
\_| \_\___/ \__,_|\__\___|_| \____/| .__/|_|\___/|_|\__| \\_| \\_\\___/ \\__,_|\\__\\___|_| \\____/| .__/|_|\\___/|_|\\__|
| | | |
Exploitation Framework for |_| by Threat9 Exploitation Framework for |_| by Threat9
Embedded Devices Embedded Devices
......
routersploit/modules/creds/routers/2wire/ftp_default_creds.py 0 → 100644
from routersploit.core.exploit import *
# hack to import from directory/filename starting with a number
FTPDefault = utils.import_exploit("routersploit.modules.creds.generic.ftp_default")
class Exploit(FTPDefault):
__info__ = {
"name": "2Wire Router Default FTP Creds",
"description": "Module performs dictionary attack against 2Wire Router FTP service. "
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
"devices": (
"2Wire Router",
),
}
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(21, "Target FTP port")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/2wire/ssh_default_creds.py 0 → 100644
from routersploit.core.exploit import *
# hack to import from directory/filename starting with a number
SSHDefault = utils.import_exploit("routersploit.modules.creds.generic.ssh_default")
class Exploit(SSHDefault):
__info__ = {
"name": "2Wire Router Default SSH Creds",
"description": "Module performs dictionary attack against 2Wire Router SSH service. "
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
"devices": (
"2Wire Router",
),
}
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(22, "Target SSH port")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/2wire/telnet_default_creds.py 0 → 100644
from routersploit.core.exploit import *
# hack to import from directory/filename starting with a number
TelnetDefault = utils.import_exploit("routersploit.modules.creds.generic.telnet_default")
class Exploit(TelnetDefault):
__info__ = {
"name": "2Wire Router Default Telnet Creds",
"description": "Module performs dictionary attack against Asmax Router Telnet service. "
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
"devices": (
"2Wire Router",
),
}
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(23, "Target SSH port")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/3com/ftp_default_creds.py 0 → 100644
from routersploit.core.exploit import *
# hack to import from directory/filename starting with a number
FTPDefault = utils.import_exploit("routersploit.modules.creds.generic.ftp_default")
class Exploit(FTPDefault):
__info__ = {
"name": "3Com Router Default FTP Creds",
"description": "Module performs dictionary attack against 3Com Router FTP service. "
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
"devices": (
"3Com Router",
),
}
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(21, "Target FTP port")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/3com/ssh_default_creds.py 0 → 100644
from routersploit.core.exploit import *
# hack to import from directory/filename starting with a number
SSHDefault = utils.import_exploit("routersploit.modules.creds.generic.ssh_default")
class Exploit(SSHDefault):
__info__ = {
"name": "3Com Router Default SSH Creds",
"description": "Module performs dictionary attack against 3Com Router SSH service. "
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
"devices": (
"3Com Router",
),
}
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(22, "Target SSH port")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/3com/telnet_default_creds.py 0 → 100644
from routersploit.core.exploit import *
# hack to import from directory/filename starting with a number
TelnetDefault = utils.import_exploit("routersploit.modules.creds.generic.telnet_default")
class Exploit(TelnetDefault):
__info__ = {
"name": "3Com Router Default Telnet Creds",
"description": "Module performs dictionary attack against 3Com Router Telnet service. "
"If valid credentials are found, they are displayed to the user.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
"devices": (
"3Com Router",
),
}
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(23, "Target SSH port")
threads = OptInteger(1, "Number of threads")
defaults = OptWordlist("admin:admin", "User:Pass or file with default credentials (file://)")
routersploit/modules/creds/routers/asmax/ftp_default_creds.py
...@@ -15,7 +15,7 @@ class Exploit(FTPDefault): ...@@ -15,7 +15,7 @@ class Exploit(FTPDefault):
), ),
} }
target = OptIP("", "Target IPv4, IPv6 address or file with ip:port(file://)") target = OptIP("", "Target IPv4, IPv6 address or file with ip:port (file://)")
port = OptPort(21, "Target FTP port") port = OptPort(21, "Target FTP port")
threads = OptInteger(1, "Number of threads") threads = OptInteger(1, "Number of threads")
......
routersploit/modules/exploits/routers/3com/imc_path_traversal.py
...@@ -30,7 +30,7 @@ class Exploit(HTTPClient): ...@@ -30,7 +30,7 @@ class Exploit(HTTPClient):
print_status("Sending paylaod request") print_status("Sending paylaod request")
path = "/imc/report/DownloadReportSource?dirType=webapp&fileDir=reports&fileName=reportParaExample.xml..\..\..\..\..\..\..\..\..\..{}".format(self.filename) path = "/imc/report/DownloadReportSource?dirType=webapp&fileDir=reports&fileName=reportParaExample.xml..\\..\\..\\..\\..\\..\\..\\..\\..\\..{}".format(self.filename)
response = self.http_request( response = self.http_request(
method="GET", method="GET",
path=path, path=path,
...@@ -49,7 +49,7 @@ class Exploit(HTTPClient): ...@@ -49,7 +49,7 @@ class Exploit(HTTPClient):
def check(self): def check(self):
response = self.http_request( response = self.http_request(
method="GET", method="GET",
path="/imc/report/DownloadReportSource?dirType=webapp&fileDir=reports&fileName=reportParaExample.xml..\..\..\..\..\..\..\..\..\..\windows\win.ini", path="/imc/report/DownloadReportSource?dirType=webapp&fileDir=reports&fileName=reportParaExample.xml..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini",
) )
if response is None: if response is None:
......
routersploit/modules/exploits/routers/3com/officeconnect_info_disclosure.py
...@@ -63,7 +63,7 @@ class Exploit(HTTPClient): ...@@ -63,7 +63,7 @@ class Exploit(HTTPClient):
return False # target is not vulnerable return False # target is not vulnerable
if "pppoe_username" in response.text and "pppoe_password" in response.text: if "pppoe_username" in response.text and "pppoe_password" in response.text:
self.valid = resource self.valid = path
return True # target is vulnerable return True # target is vulnerable
return False # target not vulnerable return False # target not vulnerable
routersploit/modules/exploits/routers/asus/rt_n16_password_disclosure.py
...@@ -35,7 +35,7 @@ class Exploit(HTTPClient): ...@@ -35,7 +35,7 @@ class Exploit(HTTPClient):
if response is None: if response is None:
return return
creds = re.findall("if\('1' == '0' \|\| '(.+?)' == 'admin'\)", response.text) creds = re.findall(r"if\('1' == '0' \|\| '(.+?)' == 'admin'\)", response.text)
if len(creds): if len(creds):
c = [("admin", creds[0])] c = [("admin", creds[0])]
...@@ -54,7 +54,7 @@ class Exploit(HTTPClient): ...@@ -54,7 +54,7 @@ class Exploit(HTTPClient):
if response is None: if response is None:
return False # target is not vulnerable return False # target is not vulnerable
creds = re.findall("if\('1' == '0' \|\| '(.+?)' == 'admin'\)", response.text) creds = re.findall(r"if\('1' == '0' \|\| '(.+?)' == 'admin'\)", response.text)
if len(creds): if len(creds):
return True # target is vulnerable return True # target is vulnerable
......
routersploit/modules/exploits/routers/belkin/auth_bypass.py
...@@ -35,7 +35,7 @@ class Exploit(HTTPClient): ...@@ -35,7 +35,7 @@ class Exploit(HTTPClient):
if response is None: if response is None:
return return
val = re.findall('password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces val = re.findall(r'password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces
if len(val): if len(val):
payload = "pws=" + val[0] + "&arc_action=login&action=Submit" payload = "pws=" + val[0] + "&arc_action=login&action=Submit"
...@@ -65,7 +65,7 @@ class Exploit(HTTPClient): ...@@ -65,7 +65,7 @@ class Exploit(HTTPClient):
if response is None: if response is None:
return False # target is not vulnerable return False # target is not vulnerable
val = re.findall('password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces val = re.findall(r'password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces
if len(val): if len(val):
return True # target vulnerable return True # target vulnerable
......
routersploit/modules/exploits/routers/belkin/g_n150_password_disclosure.py
...@@ -33,7 +33,7 @@ class Exploit(HTTPClient): ...@@ -33,7 +33,7 @@ class Exploit(HTTPClient):
if response is None: if response is None:
return return
val = re.findall('password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces val = re.findall(r'password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces
if len(val): if len(val):
print_success("Exploit success") print_success("Exploit success")
...@@ -53,7 +53,7 @@ class Exploit(HTTPClient): ...@@ -53,7 +53,7 @@ class Exploit(HTTPClient):
if response is None: if response is None:
return False # target is not vulnerable return False # target is not vulnerable
val = re.findall('password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces val = re.findall(r'password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces
if len(val): if len(val):
return True # target vulnerable return True # target vulnerable
......
routersploit/modules/exploits/routers/belkin/play_max_prce.py
...@@ -32,7 +32,7 @@ class Exploit(HTTPClient): ...@@ -32,7 +32,7 @@ class Exploit(HTTPClient):
if response is None: if response is None:
return False return False
val = re.findall('password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces val = re.findall(r'password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces
if len(val): if len(val):
payload = "pws=" + val[0] + "&arc_action=login&action=Submit" payload = "pws=" + val[0] + "&arc_action=login&action=Submit"
...@@ -63,7 +63,7 @@ class Exploit(HTTPClient): ...@@ -63,7 +63,7 @@ class Exploit(HTTPClient):
print_error("Exploit failed. No response from target!") print_error("Exploit failed. No response from target!")
return return
srcSSID = re.search("document\.tF\['ssid'\]\.value=\"(.*)\";", response.text) srcSSID = re.search(r"document\.tF\['ssid'\]\.value=\"(.*)\";", response.text)
if srcSSID: if srcSSID:
SSID = srcSSID.group(1) SSID = srcSSID.group(1)
else: else:
...@@ -88,7 +88,7 @@ class Exploit(HTTPClient): ...@@ -88,7 +88,7 @@ class Exploit(HTTPClient):
print_error("Exploit failed. No response from target!") print_error("Exploit failed. No response from target!")
return return
err = re.search('countdown\(55\);', response.text) err = re.search(r'countdown\(55\);', response.text)
if err: if err:
print_success("Exploit success, wait until router reboot.") print_success("Exploit success, wait until router reboot.")
else: else:
...@@ -107,7 +107,7 @@ class Exploit(HTTPClient): ...@@ -107,7 +107,7 @@ class Exploit(HTTPClient):
if response is None: if response is None:
return False # target is not vulnerable return False # target is not vulnerable
val = re.findall('password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces val = re.findall(r'password\s?=\s?"(.+?)"', response.text) # in some fw there are no spaces
if len(val): if len(val):
return True # target is vulnerable return True # target is vulnerable
......
routersploit/modules/exploits/routers/dlink/dir_645_password_disclosure.py
...@@ -37,7 +37,7 @@ class Exploit(HTTPClient): ...@@ -37,7 +37,7 @@ class Exploit(HTTPClient):
# extracting credentials # extracting credentials
regular = "<name>(.+?)</name><usrid>(|.+?)</usrid><password>(|.+?)</password>" regular = "<name>(.+?)</name><usrid>(|.+?)</usrid><password>(|.+?)</password>"
creds = re.findall(regular, re.sub('\s+', '', response.text)) creds = re.findall(regular, re.sub(r'\s+', '', response.text))
# displaying results # displaying results
if len(creds): if len(creds):
...@@ -63,7 +63,7 @@ class Exploit(HTTPClient): ...@@ -63,7 +63,7 @@ class Exploit(HTTPClient):
# extracting credentials # extracting credentials
regular = "<name>(.+?)</name><usrid>(|.+?)</usrid><password>(|.+?)</password>" regular = "<name>(.+?)</name><usrid>(|.+?)</usrid><password>(|.+?)</password>"
creds = re.findall(regular, re.sub('\s+', '', response.text)) creds = re.findall(regular, re.sub(r'\s+', '', response.text))
if len(creds): if len(creds):
return True # target is vulnerable return True # target is vulnerable
......
routersploit/modules/exploits/routers/linksys/smartwifi_password_disclosure.py
...@@ -60,7 +60,7 @@ class Exploit(HTTPClient): ...@@ -60,7 +60,7 @@ class Exploit(HTTPClient):
) )
if response is not None and response.status_code == 200: if response is not None and response.status_code == 200:
res = re.findall("^([a-zA-Z0-9]+:\$[0-9]\$)", response.text) res = re.findall(r"^([a-zA-Z0-9]+:\$[0-9]\$)", response.text)
if len(res): if len(res):
return True return True
......
routersploit/modules/exploits/routers/multi/misfortune_cookie.py
...@@ -120,7 +120,7 @@ class Exploit(HTTPClient): ...@@ -120,7 +120,7 @@ class Exploit(HTTPClient):
def run(self): def run(self):
devices = self._Exploit__info__['devices'] devices = self._Exploit__info__['devices']
if self.device == "" or re.match("^\d+?$", self.device) is None or int(self.device) < 0 or int(self.device) >= len(devices): if self.device == "" or re.match(r"^\d+?$", self.device) is None or int(self.device) < 0 or int(self.device) >= len(devices):
print_error("Invalid device identifier option") print_error("Invalid device identifier option")
return return
number = devices[int(self.device)]['number'] number = devices[int(self.device)]['number']
......
routersploit/modules/exploits/routers/tplink/wdr740nd_wdr740n_backdoor.py
...@@ -50,7 +50,7 @@ class Exploit(HTTPClient): ...@@ -50,7 +50,7 @@ class Exploit(HTTPClient):
return "" return ""
if response.status_code == 200: if response.status_code == 200:
regexp = 'var cmdResult = new Array\(\n"(.*?)",\n0,0 \);' regexp = r'var cmdResult = new Array\(\n"(.*?)",\n0,0 \);'
res = re.findall(regexp, response.text) res = re.findall(regexp, response.text)
if len(res): if len(res):
......
tests/creds/generic/test_http_basic_digest_bruteforce.py 0 → 100644
from routersploit.modules.creds.generic.http_basic_digest_bruteforce import Exploit
def test_check_success(generic_target):
""" Test scenerio - testing against HTTP server """
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 80
assert exploit.threads == 8
assert type(exploit.usernames) is list
assert type(exploit.passwords) is list
assert exploit.path == "/"
assert exploit.stop_on_success is True
assert exploit.verbosity is True
tests/creds/generic/test_http_basic_digest_default.py 0 → 100644
from routersploit.modules.creds.generic.http_basic_digest_default import Exploit
def test_check_success(generic_target):
""" Test scenerio - testing against HTTP server """
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 80
assert exploit.threads == 8
assert type(exploit.defaults) is list
assert exploit.path == "/"
assert exploit.stop_on_success is True
assert exploit.verbosity is True
tests/creds/generic/test_snmp_bruteforce.py 0 → 100644
from routersploit.modules.creds.generic.snmp_bruteforce import Exploit
def test_check_success(generic_target):
""" Test scenerio - testing against SNMP server """
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 161
assert exploit.version == 1
assert exploit.threads == 8
assert type(exploit.defaults) is list
assert exploit.stop_on_success is True
assert exploit.verbosity is True
tests/creds/routers/2wire/test_ftp_default_creds.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.creds.routers.2wire.ftp_default_creds")
def test_check_success(generic_target):
""" Test scenario - testing against FTP server """
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 21
assert exploit.threads == 1
assert exploit.defaults == ["admin:admin"]
assert exploit.stop_on_success is True
assert exploit.verbosity is True
exploit.target = generic_target.host
exploit.port = generic_target.port
assert exploit.check() is False
assert exploit.check_default() is None
assert exploit.run() is None
tests/creds/routers/2wire/test_ssh_default_creds.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.creds.routers.2wire.ssh_default_creds")
def test_check_success(target):
""" Test scenario - testing against SSH server """
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 22
assert exploit.threads == 1
assert exploit.defaults == ["admin:admin"]
assert exploit.stop_on_success is True
assert exploit.verbosity is True
exploit.target = target.host
exploit.port = target.port
assert exploit.check() is False
assert exploit.check_default() is None
assert exploit.run() is None
tests/creds/routers/2wire/test_telnet_default_creds.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.creds.routers.2wire.telnet_default_creds")
def test_check_success(generic_target):
""" Test scenario - testing against Telnet server """
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 23
assert exploit.threads == 1
assert exploit.defaults == ["admin:admin"]
assert exploit.stop_on_success is True
assert exploit.verbosity is True
exploit.target = generic_target.host
exploit.port = generic_target.port
assert exploit.check() is True
assert exploit.check_default() is not None
assert exploit.run() is None
tests/creds/routers/3com/test_3com_ftp_default_creds.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.creds.routers.3com.ftp_default_creds")
def test_check_success(generic_target):
""" Test scenario - testing against FTP server """
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 21
assert exploit.threads == 1
assert exploit.defaults == ["admin:admin"]
assert exploit.stop_on_success is True
assert exploit.verbosity is True
exploit.target = generic_target.host
exploit.port = generic_target.port
assert exploit.check() is False
assert exploit.check_default() is None
assert exploit.run() is None
tests/creds/routers/3com/test_3com_ssh_default_creds.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.creds.routers.3com.ssh_default_creds")
def test_check_success(target):
""" Test scenario - testing against SSH server """
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 22
assert exploit.threads == 1
assert exploit.defaults == ["admin:admin"]
assert exploit.stop_on_success is True
assert exploit.verbosity is True
exploit.target = target.host
exploit.port = target.port
assert exploit.check() is False
assert exploit.check_default() is None
assert exploit.run() is None
tests/creds/routers/3com/test_3com_telnet_default_creds.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.creds.routers.3com.telnet_default_creds")
def test_check_success(generic_target):
""" Test scenario - testing against Telnet server """
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 23
assert exploit.threads == 1
assert exploit.defaults == ["admin:admin"]
assert exploit.stop_on_success is True
assert exploit.verbosity is True
exploit.target = generic_target.host
exploit.port = generic_target.port
assert exploit.check() is True
assert exploit.check_default() is not None
assert exploit.run() is None
tests/exploits/routers/2wire/test_4011g_5012nv_path_traversal.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.exploits.routers.2wire.4011g_5012nv_path_traversal")
def test_check_success(target):
""" Test scenario - successful exploitation """
route_mock = target.get_route_mock("/goform/enhAuthHandler", methods=["POST"])
route_mock.return_value = (
"root:x:0:0:root:/root:/bin/bash"
"daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin"
"bin:x:2:2:bin:/bin:/usr/sbin/nologin"
"sys:x:3:3:sys:/dev:/usr/sbin/nologin"
"sync:x:4:65534:sync:/bin:/bin/sync"
"games:x:5:60:games:/usr/games:/usr/sbin/nologin"
"man:x:6:12:man:/var/cache/man:/usr/sbin/nologin"
"lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin"
"mail:x:8:8:mail:/var/mail:/usr/sbin/nologin"
"news:x:9:9:news:/var/spool/news:/usr/sbin/nologin"
"uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin"
"proxy:x:13:13:proxy:/bin:/usr/sbin/nologin"
"www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin"
"backup:x:34:34:backup:/var/backups:/usr/sbin/nologin"
)
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 80
assert exploit.filename == "/etc/passwd"
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/2wire/test_gateway_auth_bypass.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.exploits.routers.2wire.gateway_auth_bypass")
def test_check_success(target):
""" Test scenario - successful exploitation """
route_mock1 = target.get_route_mock("/", methods=["GET"])
route_mock1.return_value = (
"TEST"
"<form name=\"pagepost\" method=\"post\" action=\"/xslt?PAGE=WRA01_POST&amp;NEXTPAGE=WRA01_POST\" id=\"pagepost\">"
"TEST"
)
route_mock2 = target.get_route_mock("/xslt", methods=["GET"])
route_mock2.return_value = (
"TEST"
)
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 80
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/3com/test_ap8760_password_disclosure.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.exploits.routers.3com.ap8760_password_disclosure")
def test_check_success(target):
""" Test scenario - successful exploitation """
route_mock = target.get_route_mock("/s_brief.htm", methods=["GET"])
route_mock.return_value = (
"TEST"
"<input type=\"text\" name=\"szUsername\" size=16 value=\"admin\">"
"<input type=\"password\" name=\"szPassword\" size=16 maxlength=\"16\" value=\"admin\">"
"TEST"
)
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 80
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/3com/test_imc_info_disclosure.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.exploits.routers.3com.imc_info_disclosure")
def test_check_success(target):
""" Test scenario - successful exploitation """
route_mock = target.get_route_mock("/imc/reportscript/sqlserver/deploypara.properties", methods=["GET"])
route_mock.return_value = (
"TEST"
"report.db.server.name=ABCD"
"TEST"
)
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 8080
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/3com/test_imc_path_traversal.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.exploits.routers.3com.imc_path_traversal")
def test_check_success(target):
""" Test scenario - successful exploitation """
route_mock = target.get_route_mock("/imc/report/DownloadReportSource", methods=["GET"])
route_mock.return_value = (
"TEST"
"[fonts]"
"TEST"
)
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 8080
assert exploit.filename == "\\windows\\win.ini"
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/3com/test_officeconnect_info_disclosure.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.exploits.routers.3com.officeconnect_info_disclosure")
def test_check_success(target):
""" Test scenario - successful exploitation """
route_mock = target.get_route_mock("/SaveCfgFile.cgi", methods=["GET"])
route_mock.return_value = (
"TEST"
"pppoe_username=admin"
"pppoe_password=admin"
"TEST"
)
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 80
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/3com/test_officeconnect_rce.py 0 → 100644
from unittest import mock
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.exploits.routers.3com.officeconnect_rce")
@mock.patch("routersploit.modules.exploits.routers.3com.officeconnect_rce.shell")
def test_check_success(mocked_shell, target):
""" Test scenario - successful exploitation """
route_mock = target.get_route_mock("/utility.cgi", methods=["GET"])
route_mock.return_value = (
"TEST"
)
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 80
exploit.target = target.host
exploit.port = target.port
assert exploit.check() is None
assert exploit.run() is None
assert exploit.execute("uname -a") == ""
tests/exploits/routers/dlink/test_dns_320l_327l_rce.py
...@@ -7,7 +7,7 @@ from routersploit.modules.exploits.routers.dlink.dns_320l_327l_rce import Exploi ...@@ -7,7 +7,7 @@ from routersploit.modules.exploits.routers.dlink.dns_320l_327l_rce import Exploi
def apply_response(*args, **kwargs): def apply_response(*args, **kwargs):
inj = request.args["f_gaccount"] inj = request.args["f_gaccount"]
res = re.findall("\$\(\((.*-1)\)\)", inj) res = re.findall(r"\$\(\((.*-1)\)\)", inj)
data = "TEST" data = "TEST"
if res: if res:
solution = ast.literal_eval(res[0]) solution = ast.literal_eval(res[0])
......
tests/exploits/routers/linksys/test_1500_2500_rce.py 0 → 100644
from unittest import mock
from flask import request
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.exploits.routers.linksys.1500_2500_rce")
def apply_response(*args, **kwargs):
data = "TEST" + request.form["ping_size"] + "TEST"
return data, 200
@mock.patch("routersploit.modules.exploits.routers.linksys.1500_2500_rce.shell")
def test_check_success(mocked_shell, target):
""" Test scenario - successful exploitation """
route_mock = target.get_route_mock("/apply.cgi", methods=["POST"])
route_mock.side_effect = apply_response
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 80
assert exploit.username == "admin"
assert exploit.password == "admin"
exploit.target = target.host
exploit.port = target.port
assert exploit.check()
assert exploit.run() is None
tests/exploits/routers/shuttle/test_915wm_dns_change.py 0 → 100644
from routersploit.core.exploit.utils import import_exploit
# hack to import from directory/filename starting with a number
Exploit = import_exploit("routersploit.modules.exploits.routers.shuttle.915wm_dns_change")
def test_check_success(target):
""" Test scenario - successful exploitation """
route_mock = target.get_route_mock("/dnscfg.cgi", methods=["POST"])
route_mock.retur_value = (
"TEST"
)
exploit = Exploit()
assert exploit.target == ""
assert exploit.port == 80
assert exploit.dns1 == "8.8.8.8"
assert exploit.dns2 == "8.8.4.4"
exploit.target = target.host
exploit.port = target.port
assert exploit.check() is None
assert exploit.run() is None
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment