@@ -12,7 +12,7 @@ It consists of various modules that aids penetration testing operations:
- exploits - modules that take advantage of identified vulnerabilities
- creds - modules designed to test credentials against network services
- scanners - modules that check if target is vulnerable to any exploit
- scanners - modules that check if a target is vulnerable to any exploit
# Installation
...
...
@@ -55,7 +55,7 @@ It consists of various modules that aids penetration testing operations:
# Update
Update RouterSploit Framework often. Project is under heavy development and new modules are shipped almost everyday.
Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.
cd routersploit
git pull
...
...
@@ -110,7 +110,7 @@ Set options:
### Run module
Exploiting target can be achieved by issuing 'run' or 'exploit' command:
You can exploit the target by issuing the 'run' or 'exploit' command:
rsf (D-LINK DIR-300 & DIR-600 RCE) > run
[+] Target is vulnerable
...
...
@@ -152,9 +152,9 @@ Display information about exploit:
### Pick module
Modules located under creds/ directory allow running dictionary attacks against various network services.
Modules located in the `creds/` directory allow running dictionary attacks against various network services.
Following services are currently supported:
The following services are currently supported:
- ftp
- ssh
...
...
@@ -165,8 +165,8 @@ Following services are currently supported:
Every service has been divided into two modules:
- default (e.g. ssh_default) - this kind of modules use one wordlist with default credentials pairs login:password. Module can be quickly used and in matter of seconds verify if the device uses default credentials.
- bruteforce (e.g. ssh_bruteforce) - this kind of modules perform dictionary attacks against specified account or list of accounts. It takes two parameters login and password. These values can be a single word (e.g. 'admin') or entire list of strings (file:///root/users.txt).
- default (e.g. ssh_default) - this kind of modules use one wordlist with default credentials pairs login:password. The module can be quickly used and in matter of seconds can verify if the device uses default credentials.
- bruteforce (e.g. ssh_bruteforce) - this kind of modules perform dictionary attacks against a specified account or list of accounts. It takes two parameters: login and password. These values can be a single word (e.g. 'admin') or an entire list of strings (file:///root/users.txt).
Console:
...
...
@@ -234,7 +234,7 @@ Set target:
## 3. Scanners
Scanners allow quickly verify if the target is vulnerable to any exploits.
Scanners allow you to quickly verify if the target is vulnerable to any exploits.
### Pick module
...
...
@@ -270,7 +270,7 @@ Set target:
[+] Device is vulnerable!
- exploits/dlink/dwr_932_info_disclosure
It has been verified that target is vulnerable to dwr\_932\_info\_disclosure exploit. Now use proper module and exploit target.
It has been verified that the target is vulnerable to dwr\_932\_info\_disclosure exploit. Now use the proper module and exploit target.
rsf (D-Link Scanner) > use exploits/dlink/dwr_932_info_disclosure
rsf (D-Link DWR-932 Info Disclosure) > set target 192.168.1.1
...
...
@@ -295,6 +295,5 @@ It has been verified that target is vulnerable to dwr\_932\_info\_disclosure exp
# License
License has been taken from BSD licensing and applied to RouterSploit Framework.
Please see LICENSE for more details.
The RouterSploit Framework is under a BSD license.
