Upload source code to nest

CONTRIBUTING.md

+# Contribution Guidelines
+
+There are many ways to contribute to RouterSploit project, and the routersploit team is grateful for all contributions. This overview summarizes the most important steps to get you started as a contributor.
+
+* Report bugs to the routersploit issue tracker.
+* Make suggestions for changes, updates, or new features to the routersploit issue tracker.
+* Contribute bug fixes, example code, documentation, or tutorials to routersploit.
+* Contribute new features to routersploit.
+
+## Bug reports
+
+When submitting bug reports, please consider providing the following information:
+
+* Reproduction steps: step by step description to reproduce the problem.
+* Expected: Describe the behavior you expect.
+* Actual: Describe the behavior you see.
+
+## Testing
+It is hard to test modules in all possible scenarios. If you would like to help:
+
+1. Check what device you have - identify vendor and version.
+2. Check if routersploit contains exploits for the device you posses.
+3. If exploit does not work but it should, check "show info" for more information. References should provide you with links to proof of concept exploits.
+
+Example:
+```
+References:
+-  https://www.exploit-db.com/exploits/24975/
+```
+
+4. Try to use proof of concept exploit and check if it works properly. If it does, feel free to create new issue bug with explanation that the routersploit's module does not work properly.
+
+## Development
+* [Creating exploit module](https://github.com/reverse-shell/routersploit/wiki/Creating-Exploit)
+* [Creating creds module](https://github.com/reverse-shell/routersploit/wiki/Creating-Creds)
+* [Creating scanner module](https://github.com/reverse-shell/routersploit/wiki/Creating-Scanner)

Dockerfile

+FROM python:3.6
+
+COPY requirements.txt /tmp/requirements.txt
+RUN python -m pip install -r /tmp/requirements.txt
+
+WORKDIR /routersploit
+COPY . .
+
+CMD ["python", "rsf.py"]

LICENSE

+Copyright 2018, The RouterSploit Framework (RSF) by Threat9 
+All rights reserved. 
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+    * Neither the name of RouterSploit Framework nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+The above licensing was taken from the BSD licensing and is applied to RouterSploit Framework as well.
+
+Note that the RouterSploit Framework is provided as is, and is a royalty free open-source application.
+
+Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit.

MANIFEST.in

+recursive-include routersploit/resources/ssh_keys *.json *.key
+recursive-include routersploit/resources/vendors *.dat
+recursive-include routersploit/resources/wordlists *.txt

Makefile

+.PHONY: build run test lint lint-modules clean prune help
+
+DIRECTORY=.
+EXCLUDED=.git,rsf.py
+RSF_IMAGE=routersploit
+FLAKE8_IGNORED_RULES=E501,F405,F403
+
+build:
+	docker build -t $(RSF_IMAGE) .
+
+run:
+	docker run -it --rm $(RSF_IMAGE)
+
+lint:
+	python3 -m flake8 --exclude=$(EXCLUDED) --ignore=$(FLAKE8_IGNORED_RULES) $(DIRECTORY)
+
+tests: clean
+	python3 -m pytest -n16 tests/core/ tests/test_exploit_scenarios.py tests/test_module_info.py
+	python3 -m pytest -n16 tests/exploits/ tests/creds/ tests/encoders/ tests/generic/ tests/payloads/
+
+clean:
+	find . -name '*.pyc' -exec rm -f {} +
+	find . -name '*.pyo' -exec rm -f {} +
+	find . -name '*~' -exec rm -f  {} +
+
+prune:
+	docker images -q -f dangling=true | xargs docker rmi
+	docker ps -q -f status=exited | xargs docker rm
+
+help:
+	@echo "    run"
+	@echo "        Run Routersploit in docker container"
+	@echo "    lint"
+	@echo "        Check style with flake8."
+	@echo "    test"
+	@echo "        Run test suite"
+	@echo "    clean"
+	@echo "        Remove python artifacts."
+	@echo "    prune"
+	@echo "        Remove dangling docker images and exited containers."

README.md

+# RouterSploit - Exploitation Framework for Embedded Devices
+
+[![Python 3.6](https://img.shields.io/badge/Python-3.6-yellow.svg)](http://www.python.org/download/)
+[![Build Status](https://travis-ci.org/threat9/routersploit.svg?branch=master)](https://travis-ci.org/threat9/routersploit)
+
+The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.
+
+[![asciicast](https://asciinema.org/a/180370.png)](https://asciinema.org/a/180370)
+
+It consists of various modules that aids penetration testing operations:
+
+* exploits - modules that take advantage of identified vulnerabilities
+* creds - modules designed to test credentials against network services
+* scanners - modules that check if a target is vulnerable to any exploit
+* payloads - modules that are responsible for generating payloads for various architectures and injection points
+* generic - modules that perform generic attacks 
+
+# Installation
+
+## Requirements
+
+Required:
+* future
+* requests
+* paramiko
+* pysnmp
+* pycrypto
+
+Optional:
+* bluepy - bluetooth low energy 
+
+## Installation on Kali Linux
+
+```
+apt-get install python3-pip
+git clone https://www.github.com/threat9/routersploit
+cd routersploit
+python3 -m pip install -r requirements.txt
+python3 rsf.py
+```
+
+Bluetooth Low Energy support:
+```
+apt-get install libglib2.0-dev
+python3 -m pip install bluepy
+python3 rsf.py
+```
+
+## Installation on Ubuntu 18.04 & 17.10
+
+```
+sudo add-apt-repository universe
+sudo apt-get install git python3-pip
+git clone https://www.github.com/threat9/routersploit
+cd routersploit
+python3 -m pip install -r requirements.txt
+python3 rsf.py
+```
+
+Bluetooth Low Energy support:
+```
+apt-get install libglib2.0-dev
+python3 -m pip install bluepy
+python3 rsf.py
+```
+
+
+## Installation on OSX
+
+```
+git clone https://www.github.com/threat9/routersploit
+cd routersploit
+sudo python3 -m pip install -r requirements.txt
+python3 rsf.py
+```
+
+## Running on Docker
+
+```
+git clone https://www.github.com/threat9/routersploit
+cd routersploit
+docker build -t routersploit .
+docker run -it --rm routersploit
+```
+
+# Update
+
+Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.
+
+```
+cd routersploit
+git pull
+```
+
+# License
+
+The RouterSploit Framework is under a BSD license.
+Please see [LICENSE](LICENSE) for more details.

debian/changelog

+routersploit (3.4.0-0kali1) kali-dev; urgency=medium
+
+  * Import new upstream release
+
+ -- Sophie Brun <sophie@freexian.com>  Thu, 18 Oct 2018 09:12:34 +0200
+
+routersploit (3.3.0-0kali1) kali-dev; urgency=medium
+
+  * Import new upstream release
+
+ -- Sophie Brun <sophie@freexian.com>  Tue, 10 Jul 2018 12:12:21 +0200
+
+routersploit (3.2.0-0kali1) kali-dev; urgency=medium
+
+  * New upstream version 3.2.0
+  * Use pybuild to build the package
+  * Add a patch to improve setup.py
+  * Add a symlink to keep routersploit as command
+  * Remove useless debian/docs (we have a debian/routersploit.docs)
+
+ -- Sophie Brun <sophie@freexian.com>  Tue, 26 Jun 2018 10:49:16 +0200
+
+routersploit (3.1.0-0kali1) kali-dev; urgency=medium
+
+  * Import new upstream release
+
+ -- Sophie Brun <sophie@freexian.com>  Tue, 12 Jun 2018 14:05:05 +0200
+
+routersploit (3.0.0-0kali1) kali-dev; urgency=medium
+
+  * Import new usptream release
+
+ -- Sophie Brun <sophie@freexian.com>  Tue, 29 May 2018 11:02:00 +0200
+
+routersploit (2.2.1-0kali1) kali-dev; urgency=medium
+
+  * Import new upstream release
+
+ -- Sophie Brun <sophie@freexian.com>  Fri, 16 Jun 2017 11:47:36 +0200
+
+routersploit (2.0.0+git20160426-0kali2) kali-dev; urgency=medium
+
+  * Update debian/watch
+
+ -- Sophie Brun <sophie@freexian.com>  Wed, 27 Apr 2016 11:13:40 +0200
+
+routersploit (2.0.0+git20160426-0kali1) kali-dev; urgency=medium
+
+  * Initial release (Closes: 0003255)
+
+ -- Sophie Brun <sophie@freexian.com>  Tue, 26 Apr 2016 10:36:39 +0200

debian/compat

+11

debian/control

+Source: routersploit
+Section: misc
+Priority: optional
+Maintainer: Kali Developers <devel@kali.org>
+Uploaders: Sophie Brun <sophie@freexian.com>
+Build-Depends: debhelper (>=11), dh-python, python3-all, python3-setuptools
+Standards-Version: 4.2.1
+Homepage: https://github.com/reverse-shell/routersploit
+Vcs-Git: git://git.kali.org/packages/routersploit.git
+Vcs-Browser: http://git.kali.org/gitweb/?p=packages/routersploit.git;a=summary
+
+Package: routersploit
+Architecture: all
+Depends: ${misc:Depends},
+         ${python3:Depends}
+Recommends: python3-bluepy
+Description: Exploitation Framework for Embedded Devices
+ This package contains an open-source exploitation framework dedicated to
+ embedded devices. It consists of various modules that aids penetration testing
+ operations:
+  * exploits - modules that take advantage of identified vulnerabilities.
+  * creds - modules designed to test credentials against network services.
+  * scanners - modules that check if target is vulnerable to any exploit.
+  * payloads - modules that are responsible for generating payloads for various
+    architectures and injection points.
+  * generic - modules that perform generic attacks.

debian/copyright

+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: routersploit
+Source: https://github.com/reverse-shell/routersploit
+
+Files: *
+Copyright: 2016-2018, The RouterSploit Framework (RSF) by Threat9
+License: BSD-3-clause
+
+Files: routersploit/libs/lzs/lzs.py
+Copyright: 2011  Filippo Valsorda - FiloSottile
+License: GPL-3+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3"
+
+Files: debian/*
+Copyright: 2016-2018 Sophie Brun <sophie@freexian.com>
+License: BSD-3-clause
+
+License: BSD-3-clause
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are
+ met:
+ .
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+ .
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+ .
+ 3. Neither the name of the copyright holder nor the names of its contributors
+ may be used to endorse or promote products derived from this software without
+ specific prior written permission.
+ .
+ THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS
+ BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.

debian/routersploit.docs

+docs/*

debian/routersploit.links

+usr/bin/rsf.py usr/bin/routersploit

debian/rules

+#!/usr/bin/make -f
+
+%:
+	dh $@  --with python3 --buildsystem=pybuild
+
+override_dh_auto_test:
+	# don't run the tests: a requirement is missing: threat9-test-bed
+	#python3 -m pytest

debian/source/format

+3.0 (quilt)

debian/watch

+version=4
+opts=filenamemangle=s/.*\/v(\d[\d.]*)\.tar\.gz/routersploit-$1\.tar\.gz/ \
+https://github.com/reverse-shell/routersploit/tags .*/v?(\d[\d.]*)\.tar\.gz debian uupdate

docs/modules/creds/cameras/acti/ftp_default_creds.md

+## Description
+
+Module performs dictionary attack with default credentials against Acti Camera FTP service.
+If valid credentials are found, they are displayed to the user.
+
+## Verification Steps
+
+  1. Start `./rsf.py`
+  2. Do: `use creds/cameras/acti/ftp_default_creds`
+  3. Do: `set target [TargetIP]`
+  4. Do: `run`
+  5. If valid credentials are found, they are displayed to the user.
+
+## Scenarios
+
+```
+rsf > use creds/cameras/acti/ftp_default_creds
+rsf (Acti Camera Default FTP Creds) > set target 192.168.1.1
+[+] target => 192.168.1.1
+rsf (Acti Camera Default FTP Creds) > run
+[*] Running module...
+[*] Target exposes FTP service
+[*] Starting attack against FTP service
+[*] thread-0 thread is starting...
+[-] Authentication Failed - Username: 'admin' Password: '12345'
+[-] Authentication Failed - Username: 'admin' Password: '123456'
+[-] Authentication Failed - Username: 'Admin' Password: '12345'
+[-] Authentication Failed - Username: 'Admin' Password: '123456'
+[+] Authenticated Succeed - Username: 'admin' Password: 'admin'
+[*] thread-0 thread is terminated.
+[*] Elapsed time: 0.06290411949157715 seconds
+[+] Credentials found!
+
+   Target          Port     Service     Username     Password
+   ------          ----     -------     --------     --------
+   192.168.1.1     21       ftp         admin        admin 
+
+```

docs/modules/creds/cameras/acti/ssh_default_creds.md

+## Description
+
+Module performs dictionary attack with default credentials against Acti Camera SSH service.
+If valid credentials are found, they are displayed to the user.
+
+## Verification Steps
+
+  1. Start `./rsf.py`
+  2. Do: `use creds/cameras/acti/ssh_default_creds`
+  3. Do: `set target [TargetIP]`
+  4. Do: `run`
+  5. If valid credentials are found, they are displayed to the user.
+
+## Scenarios
+
+```
+rsf > use creds/cameras/acti/ssh_default_creds
+rsf (Acti Camera Default SSH Creds) > set target 192.168.1.1
+[+] target => 192.168.1.1
+rsf (Acti Camera Default SSH Creds) > run
+[*] Running module...
+[*] Target exposes SSH service
+[*] Starting default credentials attack against SSH service
+[*] thread-0 thread is starting...
+[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
+[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
+[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
+[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
+[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
+[*] thread-0 thread is terminated.
+[*] Elapsed time: 2.3932292461395264 seconds
+[+] Credentials found!
+
+   Target          Port     Service     Username     Password
+   ------          ----     -------     --------     --------
+   192.168.1.1     22       ssh         admin        admin 
+
+```

docs/modules/creds/cameras/acti/telnet_default_creds.md

+## Description
+
+Module performs dictionary attack with default credentials against Acti Camera Telnet service.
+If valid credentials are found, they are displayed to the user.
+
+## Verification Steps
+
+  1. Start `./rsf.py`
+  2. Do: `use creds/cameras/acti/telnet_default_creds`
+  3. Do: `set target [TargetIP]`
+  4. Do: `run`
+  5. If valid credentials are found, they are displayed to the user.
+
+## Scenarios
+
+```
+rsf > use creds/cameras/acti/telnet_default_creds
+rsf (Acti Camera Default Telnet Creds) > set target 192.168.1.1
+[+] target => 192.168.1.1
+rsf (Acti Camera Default Telnet Creds) > run
+[*] Running module...
+[*] Target exposes Telnet service
+[*] Starting default credentials attack against Telnet service
+[*] thread-0 thread is starting...
+[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'
+[-] Telnet Authentication Failed - Username: '1234' Password: '1234'
+[-] Telnet Authentication Failed - Username: 'root' Password: '12345'
+[-] Telnet Authentication Failed - Username: 'root' Password: 'root'
+[+] Telnet Authentication Successful - Username: 'user' Password: 'user'
+[*] thread-0 thread is terminated.
+[*] Elapsed time: 5.389287948608398 seconds
+[+] Credentials found!
+
+   Target          Port     Service     Username     Password
+   ------          ----     -------     --------     --------
+   192.168.1.1     23       telnet      user         user
+
+```

docs/modules/creds/cameras/american_dynamics/ftp_default_creds.md

+## Description
+
+Module performs dictionary attack with default credentials against American Dynamics Camera FTP service.
+If valid credentials are found, they are displayed to the user.
+
+## Verification Steps
+
+  1. Start `./rsf.py`
+  2. Do: `use creds/cameras/american_dynamics/ssh_default_creds`
+  3. Do: `set target [TargetIP]`
+  4. Do: `run`
+  5. If valid credentials are found, they are displayed to the user.
+
+## Scenarios
+
+```
+rsf > use creds/cameras/american_dynamics/ftp_default_creds
+rsf (American Dynamics Camera Default FTP Creds) > set target 192.168.1.1
+[+] target => 192.168.1.1
+rsf (American Dynamics Camera Default FTP Creds) > run
+[*] Running module...
+[*] Target exposes FTP service
+[*] Starting attack against FTP service
+[*] thread-0 thread is starting...
+[-] Authentication Failed - Username: 'admin' Password: '12345'
+[-] Authentication Failed - Username: 'admin' Password: '123456'
+[-] Authentication Failed - Username: 'Admin' Password: '12345'
+[-] Authentication Failed - Username: 'Admin' Password: '123456'
+[+] Authenticated Succeed - Username: 'admin' Password: 'admin'
+[*] thread-0 thread is terminated.
+[*] Elapsed time: 0.06290411949157715 seconds
+[+] Credentials found!
+
+   Target          Port     Service     Username     Password
+   ------          ----     -------     --------     --------
+   192.168.1.1     21       ftp         admin        admin 
+
+```

docs/modules/creds/cameras/american_dynamics/ssh_default_creds.md

+## Description
+
+Module performs dictionary attack with default credentials against American Dynamics Camera SSH service.
+If valid credentials are found, they are displayed to the user.
+
+## Verification Steps
+
+  1. Start `./rsf.py`
+  2. Do: `use creds/cameras/american_dynamics/ssh_default_creds`
+  3. Do: `set target [TargetIP]`
+  4. Do: `run`
+  5. If valid credentials are found, they are displayed to the user.
+
+## Scenarios
+
+```
+rsf > use creds/cameras/american_dynamics/ssh_default_creds
+rsf (American Dynamics Camera Default SSH Creds) > set target 192.168.1.1
+[+] target => 192.168.1.1
+rsf (American Dynamics Camera Default SSH Creds) > run
+[*] Running module...
+[*] Target exposes SSH service
+[*] Starting default credentials attack against SSH service
+[*] thread-0 thread is starting...
+[-] SSH Authentication Failed - Username: 'admin' Password: '12345'
+[-] SSH Authentication Failed - Username: 'admin' Password: '123456'
+[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'
+[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'
+[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'
+[*] thread-0 thread is terminated.
+[*] Elapsed time: 2.3932292461395264 seconds
+[+] Credentials found!
+
+   Target          Port     Service     Username     Password
+   ------          ----     -------     --------     --------
+   192.168.1.1     22       ssh         admin        admin 
+
+```