The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.
sudo apt-get install python-requests python-paramiko python-netsnmp git clone https://github.com/reverse-shell/routersploit ./rsf.py
RouterSploit consists of various modules that aids penetration testing operations:
modules that take advantage of identified vulnerabilities
RouterSploit currently supports limited number of exploits out of the box but they can be extended easily from popular exploit database sites online. Creating Routesploit modules is very easy so that everyone can contribute to this excellent project. Full process is described in RouterSploit Wiki. In the wiki you can find a code skeleton and all the necessary classes for module development. Detailed process of creating RouterSploit modules is described through a very helpful example. Hopefully, over time, and through public contribution, this promising project will grow to become one of the best tools for home router security auditing.
The exploit stage in RouterSploit works pretty similar to Metasploit, with all familiar exploit configuration sections and running steps in the process of your security analysis. Anyone who worked with Metasploit, or even just started it, will find himself at home with RouterSploit. Picking the desired exploit, eased with command completion leads to exploit configuration section after which we run our exploit. RouterSploit also provide info about the exploits and the short description. It is also possible to check if the target is vulnerable to particular exploit, before you start the exploitation process.
Modules designed to test credentials against network services
Modules located under creds/ directory allow running dictionary attacks against various network services.
Following services are currently supported:
- http basic auth
- http form auth
Every service has been divided into two modules:
- default (e.g. ssh_default) – this kind of modules use one wordlist with default credentials pairs login:password. Module can be quickly used and in matter of seconds verify if the device uses default credentials.
- bruteforce (e.g. ssh_bruteforce) – this kind of modules perform dictionary attacks against specified account or list of accounts. It takes two parameters login and password. These values can be a single word (e.g. ‘admin’) or entire list of strings (file:///root/users.txt).
Modules that check if target is vulnerable to any exploit
Scanners allow quickly verify if the target is vulnerable to any exploits.
rsf > use scanners/dlink_scan rsf (D-Link Scanner) > show options
After you set the target, RouterSploit will test your target and verify target vulnerability testingby all available exploits for the specific target group.