Avoid hardcoded relative paths (#578)

* Introduce a RESOURCE_DIR to avoid relative hardcoded paths - Introduce a RESOURCES_DIR similar to other *_DIR - Add a resources_directory parameter to lookup_vendor() to avoid possible hardcoded directory and - if not provided - pick up the default RESOURCES_DIR. * Avoid possible hardcoded relative paths and use RESOURCE_DIR instead (Otherwise ssh_keys are tried to picked up in in ${PWD} (and mostly likely failing)) * Avoid hardcoded relative paths and use MODULES_DIR instead Commit id 9380c047 (probably accidentally) removed EXPLOITS_DIR use leading to loading routersploit/modules/exploits relative to the current directory instead of the installed ones in MODULES_DIR. * Avoid hardcoded relative paths and use utils.index_modules() instead * Avoid hardcoded relative paths and use utils.index_modules() instead * G/C no longer used import/functions * G/C no longer used module import * Reintroduce encode and fix a copypasto * Add missing `.' Spotted by @lucyoa, thanks! * Fix a regression on the semantic/name of payloads payloads should be listed/selected as `<architecture>/<payload>', not `payloads.<architecture>.<payload>'. Thanks to @lucyoa!

Avoid hardcoded relative paths (#578)
* Introduce a RESOURCE_DIR to avoid relative hardcoded paths - Introduce a RESOURCES_DIR similar to other *_DIR - Add a resources_directory parameter to lookup_vendor() to avoid possible hardcoded directory and - if not provided - pick up the default RESOURCES_DIR. * Avoid possible hardcoded relative paths and use RESOURCE_DIR instead (Otherwise ssh_keys are tried to picked up in in ${PWD} (and mostly likely failing)) * Avoid hardcoded relative paths and use MODULES_DIR instead Commit id 9380c047 (probably accidentally) removed EXPLOITS_DIR use leading to loading routersploit/modules/exploits relative to the current directory instead of the installed ones in MODULES_DIR. * Avoid hardcoded relative paths and use utils.index_modules() instead * Avoid hardcoded relative paths and use utils.index_modules() instead * G/C no longer used import/functions * G/C no longer used module import * Reintroduce encode and fix a copypasto * Add missing `.' Spotted by @lucyoa, thanks! * Fix a regression on the semantic/name of payloads payloads should be listed/selected as `<architecture>/<payload>', not `payloads.<architecture>.<payload>'. Thanks to @lucyoa!
c7ad64f1 · Leonardo Taccari · Marcin Bury · dcbfe68c · c7ad64f1 · c7ad64f1
Commit c7ad64f1 authored Apr 11, 2019 by Leonardo Taccari Committed by Marcin Bury Apr 11, 2019
5 changed files
--- a/routersploit/core/exploit/payloads.py
+++ b/routersploit/core/exploit/payloads.py
-import os
 import importlib
 from collections import namedtuple
 from struct import pack
@@ -22,6 +21,7 @@ from routersploit.core.exploit.printer import (
 )
 from routersploit.core.exploit.utils import (
+    index_modules,
    random_text,
 )
@@ -122,25 +122,19 @@ class BasePayload(BaseExploit):
        raise NotImplementedError()
    def get_encoders(self):
-        path = "routersploit/modules/encoders/{}".format(self.architecture)
        encoders = []
-        try:
+        # get all encoders for given architecture
-            files = os.listdir(path)
+        all_encoders = [e for e in index_modules() if "encoders.{}".format(self.architecture) in e]
-        except FileNotFoundError:
-            return []
+        for e in all_encoders:
+            encoder = e.replace("encoders.{}.".format(self.architecture), "").replace(".", "/")
-        for f in files:
+            module = getattr(importlib.import_module('routersploit.modules.' + e), "Encoder")
-            if not f.startswith("__") and f.endswith(".py"):
+            encoders.append((
-                encoder = f.replace(".py", "")
+                "{}/{}".format(self.architecture, encoder),
-                module_path = "{}/{}".format(path, encoder).replace("/", ".")
+                module._Encoder__info__["name"],
-                module = getattr(importlib.import_module(module_path), "Encoder")
+                module._Encoder__info__["description"],
-                encoders.append((
+            ))
-                    "{}/{}".format(self.architecture, encoder),
-                    module._Encoder__info__["name"],
-                    module._Encoder__info__["description"],
-                ))
        return encoders

--- a/routersploit/core/exploit/shell.py
+++ b/routersploit/core/exploit/shell.py
@@ -4,8 +4,6 @@ import binascii
 from http.server import BaseHTTPRequestHandler, HTTPServer
 import threading
 import time
-from os import listdir
-from os.path import isfile, join
 import importlib
 from routersploit.core.exploit.printer import (
@@ -18,6 +16,7 @@ from routersploit.core.exploit.printer import (
 )
 from routersploit.core.exploit.utils import (
+    index_modules,
    random_text,
 )
@@ -28,14 +27,11 @@ def shell(exploit, architecture="", method="", payloads=None, **params):
    options = []
    if architecture and method:
-        path = "routersploit/modules/payloads/{}/".format(architecture)
        # get all payloads for given architecture
-        all_payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"]
+        all_payloads = [p.lstrip('payloads.').replace('.', '/') for p in index_modules() if "payloads.{}".format(architecture) in p]
-        payload_path = path.replace("/", ".")
        for p in all_payloads:
-            module = getattr(importlib.import_module("{}{}".format(payload_path, p)), 'Payload')
+            module = getattr(importlib.import_module('routersploit.modules.payloads.' + p.replace('/', '.')), 'Payload')
            # if method/arch is cmd then filter out payloads
            if method == "cmd":

--- a/routersploit/core/exploit/utils.py
+++ b/routersploit/core/exploit/utils.py
@@ -6,12 +6,14 @@ import random
 from functools import wraps
 import routersploit.modules as rsf_modules
+import routersploit.resources as resources
 import routersploit.resources.wordlists as wordlists
 from routersploit.core.exploit.printer import print_error, print_info
 from routersploit.core.exploit.exceptions import RoutersploitException
 MODULES_DIR = rsf_modules.__path__[0]
+RESOURCES_DIR = resources.__path__[0]
 WORDLISTS_DIR = wordlists.__path__[0]
@@ -211,16 +213,17 @@ def stop_after(space_number):
    return _outer_wrapper
-def lookup_vendor(addr: str) -> str:
+def lookup_vendor(addr: str, resources_directory: str = RESOURCES_DIR) -> str:
    """ Lookups vendor (manufacturer) based on MAC address
    :param str addr: MAC address to lookup
+    :param str resources_directory: path to resources directory
    :return str: vendor name from oui.dat database
    """
    addr = addr.upper().replace(":", "")
-    path = "./routersploit/resources/vendors/oui.dat"
+    path = os.path.join(resources_directory, "vendors/oui.dat")
    with open(path, "r") as f:
        for line in f.readlines():
            line = line.strip()

--- a/routersploit/modules/exploits/generic/ssh_auth_keys.py
+++ b/routersploit/modules/exploits/generic/ssh_auth_keys.py
@@ -51,7 +51,7 @@ class Exploit(SSHClient):
        self.valid = None
        self.private_keys = []
-        ssh_keys_path = "./routersploit/resources/ssh_keys"
+        ssh_keys_path = os.path.join(utils.RESOURCES_DIR, "ssh_keys")
        ssh_keys = [".".join(filename.split(".")[:-1]) for filename in os.listdir(ssh_keys_path) if filename.endswith(".json")]
        for ssh_key in ssh_keys:

--- a/routersploit/modules/scanners/autopwn.py
+++ b/routersploit/modules/scanners/autopwn.py
@@ -34,8 +34,8 @@ class Exploit(Exploit):
        self.vulnerabilities = []
        self.creds = []
        self.not_verified = []
-        self._exploits_directories = [path.join("routersploit/modules/exploits/", module) for module in self.modules]
+        self._exploits_directories = [path.join(utils.MODULES_DIR, "exploits", module) for module in self.modules]
-        self._creds_directories = [path.join("routersploit/modules/creds/", module) for module in self.modules]
+        self._creds_directories = [path.join(utils.MODULES_DIR, "creds", module) for module in self.modules]
    def run(self):
        self.vulnerabilities = []