Thursday, March 28, 2024

RouterSploit – Exploitation Framework for Embedded devices

The RouterSploit Framework is an open-source exploitation framework devoted to embedded devices. It includes various modules that aid penetration testing operations:

  • exploits – modules that take advantage of identified vulnerabilities
  • creds – modules designed to test credentials against network services
  • scanners – modules that check if a target is vulnerable to any exploit

Requirements

  • gnureadline (OSX only)
  • requests
  • paramiko
  • beautifulsoup4
  • pysnmp

Installation

root@kali:~# apt-get install routersploit

Usage Exploits

The routersploit is a similar tool to Metasploit, very easy to create more modules. Anyone can extend the tool easily with the help of exploit databases.

To get the code skeleton.

Also Read    p0f – Passive Traffic Analysis OS Fingerprinting and Forensics Penetration Testing Tool.

It is a critical vulnerability that allows an attacker to take remote control of a router connected to the Internet and it can be fixed only by hardware vendors.

root@kali:~# routersploitrsf > use exploits/multi/misfortune_cookiersf (Misfortune Cookie) > show options

Scanner

Scanner Quickly checks the target is vulnerable to any exploit, here we are to use autopwn scanners for all vulnerabilities.

rsf use scanner/autopwnrsf (Autopwn) > show optionsrsf (Autopwn) > set target IPrsf (Autopwn) > run
Exploitation Framework for Embedded devices - RouterSploit
Exploitation Framework for Embedded devices - RouterSploit

CREDS

RouterSploit has various creds modules that can brute force various services, including HTTP, SSH, and Telnet.

Services supported:

  • ftp
  • ssh
  • telnet
  • http basic auth
  • http digest auth
  • http form auth
  • snmp

As like every brute force tool you should prepare a wordlist, every service has two modules for reference (ftp_bruteforce,ftp_default)

ftp_default as the name indicates will check for default credentials and the process will be completed in minutes.

ftp_bruteforce does a dictionary account over single or multiple user accounts with credentials provided in the list.

You can find the video Tutorial on the GitHub page.

  • Author: Reverse Shell Security
  • License: BSD-3-clause

Also, Read

Website

Latest articles

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles