RouterSploit – Exploitation Framework for Embedded Devices

0
0

RouterSploit Framework is another open-source tool that allow penetration tester to exploit different vulnerable devices. The exploitation framework dedicated to embedded devices. at the moment the tool have several module that can target different vendors such as 3com ,asmax ,asus ,RCE, belkin, cisco, dlink , fortinet , linksys ,netgear and more.

Some of the modules that pen-tester may run are:

  • exploits – modules that take advantage of identified vulnerabilities
  • creds – modules designed to test credentials against network services
  • scanners – modules that check if a target is vulnerable to any exploit
  • payloads – modules that are responsible for generating payloads for various architectures and injection points
  • generic – modules that perform generic attacks
RouterSploit - Exploitation Framework for Embedded Devices

RouterSploit – Exploitation Framework for Embedded Devices

The cred module will run the attack against known services exposed by the network device for example FTP , SSH, TelNET and it will use the default account credentials known by the vendor or just a simple passwords such as  admin:admin,admin:1234,admin:user etc beside a large word-list which allow the attacker to have access to the network device.

The second interesting module that we can find is scanner that include the possibility to scan for cameras vulnerabilities and weaknesses , scan routers or just generic scan that target HTTP,HTTPS, FTP, SSH, TelNET , FTPS and more.

You can read more and install this tool over here: https://github.com/threat9/

Share