RouterSploit - Exploitation Framework for Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.

It consists of various modules that aid penetration testing operations:

• exploits - modules that take advantage of identified vulnerabilities
• creds - modules designed to test credentials against network services
• scanners - modules that check if a target is vulnerable to any exploit
• payloads - modules that are responsible for generating payloads for various architectures and injection points
• generic - modules that perform generic attacks

Installation

Requirements

Required:

• future
• requests
• paramiko
• pysnmp
• pycrypto

Optional:

• bluepy - Bluetooth low energy

Installation on Kali Linux

apt-get install python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py

Bluetooth Low Energy support:

apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py

Installation on Ubuntu 20.04

sudo apt-get install git python3-pip
git clone https://github.com/threat9/routersploit
cd routersploit
python3 -m pip install -r requirements.txt
python3 rsf.py

Bluetooth Low Energy support:

sudo apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py

Installation on Ubuntu 18.04 & 17.10

sudo add-apt-repository universe
sudo apt-get install git python3-pip
git clone https://www.github.com/threat9/routersploit
cd routersploit
python3 -m pip install setuptools
python3 -m pip install -r requirements.txt
python3 rsf.py

Bluetooth Low Energy support:

apt-get install libglib2.0-dev
python3 -m pip install bluepy
python3 rsf.py

Installation on OSX

git clone https://www.github.com/threat9/routersploit
cd routersploit
sudo python3 -m pip install -r requirements.txt
python3 rsf.py

Running on Docker

git clone https://www.github.com/threat9/routersploit
cd routersploit
docker build -t routersploit .
docker run -it --rm routersploit

Update

Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.

cd routersploit
git pull

Build your own

To our surprise, people started to fork routersploit not because they were interested in the security of embedded devices but simply because they want to leverage our interactive shell logic and build their tools using similar concept. All these years they must have said: "There must be a better way!" and they were completely right, the better way is called Riposte.

Riposte allows you to easily wrap your application inside a tailored interactive shell. Common chores regarding building REPLs was factored out and being taken care of so you can focus on specific domain logic of your application.

License

The RouterSploit Framework is under a BSD license. Please see LICENSE for more details.

Acknowledgments

• riposte