Switching to pysnmp, adding exit_on_success option, adding requirements.

67f05554 · Marcin Bury · db9250f4 · 67f05554 · 67f05554 · 67f05554
Commit 67f05554 authored Apr 28, 2016 by Marcin Bury
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 12 deletions

README.md README.md +1 -1

requirements.txt requirements.txt +2 -2

snmp_bruteforce.py routersploit/modules/creds/snmp_bruteforce.py +13 -9

No files found.
--- a/README.md
+++ b/README.md
@@ -20,12 +20,12 @@ It consists of various modules that aids penetration testing operations:
 * requests
 * paramiko
 * beautifulsoup4
+* pysnmp

 ## Installation on Kali

 	git clone https://github.com/reverse-shell/routersploit
 	cd routersploit
-	apt-get install python-netsnmp
 	./rsf.py
 	
 ## Installation on Ubuntu

--- a/requirements.txt
+++ b/requirements.txt
 gnureadline
 requests
 paramiko
-beautifulsoup4
\ No newline at end of file
+beautifulsoup4
+pysnmp
--- a/routersploit/modules/creds/snmp_bruteforce.py
+++ b/routersploit/modules/creds/snmp_bruteforce.py
 import threading
-import netsnmp
+from pysnmp.entity.rfc3413.oneliner import cmdgen

 from routersploit import (
    exploits,
@@ -29,7 +29,7 @@ class Exploit(exploits.Exploit):
    threads = exploits.Option(8, 'Number of threads')
    snmp = exploits.Option(wordlists.snmp, 'Community string or file with community strings (file://)')
    verbosity = exploits.Option('yes', 'Display authentication attempts')
-
+    exit_on_success = exploits.Option('yes', 'Exit on first valid community string')
    strings = []

    def run(self):
@@ -59,23 +59,27 @@ class Exploit(exploits.Exploit):
    def target_function(self, running, data):
        module_verbosity = boolify(self.verbosity)
        name = threading.current_thread().name
-        address = "{}:{}".format(self.target, self.port)

        print_status(name, 'thread is starting...', verbose=module_verbosity)

+        cmdGen = cmdgen.CommandGenerator()
        while running.is_set():
            try:
                string = data.next().strip()

-                bindvariable = netsnmp.Varbind(".1.3.6.1.2.1.1.1.0")
-                res = netsnmp.snmpget(bindvariable, Version=1, DestHost=address, Community=string)
+                errorIndication, errorStatus, errorIndex, varBinds = cmdGen.getCmd(
+                    cmdgen.CommunityData(string),
+                    cmdgen.UdpTransportTarget((self.target, int(self.port))),
+                    '1.3.6.1.2.1.1.1.0',
+                )

-                if res[0] is not None:
-                    running.clear()
+                if errorIndication or errorStatus:
+                    print_error("Target: {}:{} {}: Invalid community string - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
+                else:
+                    if boolify(self.exit_on_success):
+                        running.clear()
                    print_success("Target: {}:{} {}: Valid community string found - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)
                    self.strings.append((self.target, self.port, string))
-                else:
-                    print_error("Target: {}:{} {}: Invalid community string - String: '{}'".format(self.target, self.port, name, string), verbose=module_verbosity)

            except StopIteration:
                break