RouterSploit

RouterSploit is dedicated to penetration testing of embedded devices, particularly routers. It consists of modules for exploits that target identified vulnerabilities, creds modules for testing credentials against services like HTTP, SSH, and Telnet, scanners to check vulnerability status, payloads for various architectures, and generic attacks. The framework allows users to verify if a target is vulnerable before attempting exploitation.

Use cases include assessing router security by running specific exploits like Misfortune Cookie, using the autopwn scanner to automatically check multiple exploits, or brute-forcing credentials when stealth is not required. It supports both targeted attacks on known vulnerabilities and broad scanning across numerous router models and vendors such as Belkin, Asus, Netgear, D-Link, and others.

The tool operates in an interactive console (rsf) where modules are loaded, options configured, and attacks executed. It provides feedback on vulnerability status and successful credential discovery.

RouterSploit uses a modular framework with exploits that check target vulnerability before exploitation, scanners like autopwn that run multiple exploit checks sequentially, and creds modules that perform brute-force attacks on services using specified usernames, passwords, threads, and paths. Modules interact via protocols like HTTP (with options for port, target URI), and report results such as vulnerability status or found credentials. It leverages Python dependencies for networking, cryptography, and SSH/Telnet support.