-1.webp?w=696&resize=696,0&ssl=1 "RouterSploit – Exploitation Framework for Embedded devices")
The RouterSploit Framework is an open-source exploitation framework devoted to embedded devices. It includes various modules that aid penetration testing operations:
- exploits – modules that take advantage of identified vulnerabilities
- creds – modules designed to test credentials against network services
- scanners – modules that check if a target is vulnerable to any exploit
Requirements
- gnureadline (OSX only)
- requests
- paramiko
- beautifulsoup4
- pysnmp
Installation
root@kali:~# apt-get install routersploitUsage Exploits
The routersploit is a similar tool to Metasploit, very easy to create more modules. Anyone can extend the tool easily with the help of exploit databases.
To get the code skeleton.
Also Read p0f – Passive Traffic Analysis OS Fingerprinting and Forensics Penetration Testing Tool.
Checking for Misfortune Cookie vulnerability:
It is a critical vulnerability that allows an attacker to take remote control of a router connected to the Internet and it can be fixed only by hardware vendors.
root@kali:~# routersploitrsf > use exploits/multi/misfortune_cookiersf (Misfortune Cookie) > show options
Scanner
Scanner Quickly checks the target is vulnerable to any exploit, here we are to use autopwn scanners for all vulnerabilities.
rsf use scanner/autopwnrsf (Autopwn) > show optionsrsf (Autopwn) > set target IPrsf (Autopwn) > run
CREDS
RouterSploit has various creds modules that can brute force various services, including HTTP, SSH, and Telnet.
Services supported:
- ftp
- ssh
- telnet
- http basic auth
- http digest auth
- http form auth
- snmp
As like every brute force tool you should prepare a wordlist, every service has two modules for reference (ftp_bruteforce,ftp_default)
ftp_default as the name indicates will check for default credentials and the process will be completed in minutes.
ftp_bruteforce does a dictionary account over single or multiple user accounts with credentials provided in the list.
You can find the video Tutorial on the GitHub page.
- Author: Reverse Shell Security
- License: BSD-3-clause
Also, Read
-1.webp?w=1200&resize=1200,0&ssl=1&description=Exploitation Framework for Embedded devices - RouterSploit Vulnerability analysis penetration testing Scanning for vulnerabilities){kind=link}