Pentest - routersploit

本文介绍了一个针对路由器设备的安全测试框架routersploit的使用过程,包括安装配置、启动及利用AutoPwn模块对目标设备进行自动化漏洞扫描的具体操作。通过实际案例展示了多种常见路由器型号的漏洞测试结果。
摘要由CSDN通过智能技术生成
$ git clone https://github.com/reverse-shell/routersploit
$ sudo pip install -r requirements.txt
$ python2 rsf.py 
 ______            _            _____       _       _ _
 | ___ \          | |          /  ___|     | |     (_) |
 | |_/ /___  _   _| |_ ___ _ __\ `--. _ __ | | ___  _| |_
 |    // _ \| | | | __/ _ \ '__|`--. \ '_ \| |/ _ \| | __|
 | |\ \ (_) | |_| | ||  __/ |  /\__/ / |_) | | (_) | | |_
 \_| \_\___/ \__,_|\__\___|_|  \____/| .__/|_|\___/|_|\__|
                                     | |
     Router Exploitation Framework   |_|

 Dev Team : Marcin Bury (lucyoa) & Mariusz Kupidura (fwkz)
 Codename : Bad Blood
 Version  : 2.2.0

 Total module count: 83

rsf > use scanners/autopwn
rsf (AutoPwn) > show options

Target options:

   Name       Current settings     Description                            
   ----       ----------------     -----------                            
   target                          Target IP address e.g. 192.168.1.1     
   port       80                   Target port                            


Module options:

   Name        Current settings     Description           
   ----        ----------------     -----------           
   threads     8                    Number of threads     


rsf (AutoPwn) > set target 192.168.1.1
[+] {'target': '192.168.1.1'}
rsf (AutoPwn) > run
[*] Running module...
[*] exploits/shuttle/915wm_dns_change could not be verified
[-] exploits/2wire/4011g_5012nv_path_traversal is not vulnerable
[-] exploits/2wire/gateway_auth_bypass is not vulnerable
[-] exploits/huawei/hg530_hg520b_password_disclosure is not vulnerable
[-] exploits/huawei/hg866_password_change is not vulnerable
[-] exploits/huawei/e5331_mifi_info_disclosure is not vulnerable
[-] exploits/thomson/twg850_password_disclosure is not vulnerable
[-] exploits/comtrend/ct_5361t_password_disclosure is not vulnerable
[-] exploits/technicolor/tc7200_password_disclosure is not vulnerable
[-] exploits/3com/imc_path_traversal is not vulnerable
[-] exploits/3com/ap8760_password_disclosure is not vulnerable
[-] exploits/linksys/1500_2500_rce is not vulnerable
[-] exploits/linksys/wap54gv3_rce is not vulnerable
[-] exploits/3com/officeconnect_rce is not vulnerable
[-] exploits/3com/3cradsl72_info_disclosure is not vulnerable
[-] exploits/asus/rt_n16_password_disclosure is not vulnerable
[-] exploits/3com/imc_info_disclosure is not vulnerable
[-] exploits/tplink/wdr740nd_wdr740n_path_traversal is not vulnerable
[-] exploits/3com/officeconnect_info_disclosure is not vulnerable
[-] exploits/multi/misfortune_cookie is not vulnerable
[-] exploits/tplink/wdr740nd_wdr740n_backdoor is not vulnerable
[-] exploits/ipfire/ipfire_proxy_rce is not vulnerable
[-] exploits/multi/heartbleed is not vulnerable
[-] exploits/ipfire/ipfire_shellshock is not vulnerable
[-] exploits/multi/shellshock is not vulnerable
[-] exploits/netsys/multi_rce is not vulnerable
[-] exploits/belkin/g_plus_info_disclosure is not vulnerable
[-] exploits/belkin/g_n150_password_disclosure is not vulnerable
[-] exploits/belkin/n750_rce is not vulnerable
[-] exploits/netgear/prosafe_rce is not vulnerable
[-] exploits/belkin/n150_path_traversal is not vulnerable
[-] exploits/netgear/n300_auth_bypass is not vulnerable
[-] exploits/cisco/ucs_manager_rce is not vulnerable
[-] exploits/netgear/multi_rce is not vulnerable
[-] exploits/cisco/dpc2420_info_disclosure is not vulnerable
[-] exploits/cisco/unified_multi_path_traversal is not vulnerable
[-] exploits/cisco/video_surv_path_traversal is not vulnerable
[-] exploits/ubiquiti/airos_6_x is not vulnerable
[-] exploits/huawei/hg630a_default_creds is not vulnerable
[-] exploits/huawei/hg520_info_dislosure is not vulnerable
[-] exploits/asus/infosvr_backdoor_rce is not vulnerable
[-] exploits/zte/f460_f660_backdoor is not vulnerable
[-] exploits/cisco/ucm_info_disclosure is not vulnerable
[-] exploits/netcore/udp_53413_rce is not vulnerable
[-] exploits/dlink/dsl_2750b_info_disclosure is not vulnerable
[-] exploits/dlink/dir_645_password_disclosure is not vulnerable
[*] exploits/dlink/dsl_2640b_dns_change could not be verified
[-] exploits/dlink/dir_300_320_600_615_info_disclosure is not vulnerable
[-] exploits/dlink/dir_300_600_rce is not vulnerable
[-] exploits/dlink/multi_hnap_rce is not vulnerable
[*] exploits/dlink/dsl_2730b_2780b_526b_dns_change could not be verified
[-] exploits/dlink/dir_300_645_815_upnp_rce is not vulnerable
[-] exploits/dlink/dir_300_320_615_auth_bypass is not vulnerable
[-] exploits/dlink/dns_320l_327l_rce is not vulnerable
[-] exploits/dlink/dcs_930l_auth_rce is not vulnerable
[*] exploits/dlink/dsl_2740r_dns_change could not be verified
[-] exploits/dlink/dwr_932_info_disclosure is not vulnerable
[-] exploits/dlink/dvg_n5402sp_path_traversal is not vulnerable
[-] exploits/dlink/dir_645_815_rce is not vulnerable
[-] exploits/multi/tcp_32764_rce is not vulnerable
[-] exploits/multi/tcp_32764_info_disclosure is not vulnerable
[-] exploits/asmax/ar_804_gu_rce is not vulnerable
[-] exploits/asmax/ar_1004g_password_disclosure is not vulnerable
[-] exploits/multi/ssh_auth_keys is not vulnerable
[-] exploits/zte/f660_config_disclosure is not vulnerable
[-] exploits/zte/f6xx_default_root is not vulnerable
[-] exploits/zte/f609_config_disclosure is not vulnerable
[-] exploits/fortinet/fortigate_os_backdoor is not vulnerable
[-] exploits/juniper/screenos_backdoor is not vulnerable
[*] Elapsed time:  146.118309975 seconds

[-] Device is not vulnerable to any exploits!


Reference

https://github.com/reverse-shell/routersploit

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值