Description
RouterSploit is an open-source exploitation framework dedicated to embedded devices. It provides modules for exploiting routers, IoT devices, and other embedded systems with known vulnerabilities, default credentials, and misconfiguration.
Installation
BASH
git clone https://github.com/threat9/routersploit
cd routersploit
pip install -r requirements.txt
python3 rsf.pyBasic Usage
BASH
# Launch
python3 rsf.py
# Auto-scan router
rsf > use scanners/autopwn
rsf > set target 192.168.1.1
rsf > run
# Check default credentials
rsf > use creds/routers/router_default_creds
rsf > set target 192.168.1.1
rsf > runAdvanced Usage
BASH
# Exploit specific vulnerability
rsf > use exploits/routers/dlink/dir_825_path_traversal
rsf > set target 192.168.1.1
rsf > check # Test if vulnerable
rsf > run # Exploit
# Camera exploits
rsf > use exploits/cameras/
# Tab for available camera exploits
# Generic modules
rsf > use generic/upnp_list # UPnP enumeration
# Credential categories
rsf > use creds/routers/ # Router default creds
rsf > use creds/cameras/ # Camera default creds
rsf > use creds/http_basic_default # HTTP basic auth
rsf > use creds/ftp_default # FTP default creds
rsf > use creds/ssh_default # SSH default creds
rsf > use creds/telnet_default # Telnet default credsCommon Workflows
BASH
# IoT device audit
rsf > use scanners/autopwn
rsf > set target 192.168.1.0/24
rsf > run
# Reviews all devices for known vulns and default creds