Pair publishes python framework for rapid router wrecking
Stand alone meta Metasploit.
Polish hacker Marcin Bury and developer Mariusz Kupidura have published a capable Python-based router exploitation framework to help hackers better own bit-moving boxen.
Bury says the "RouterSploit" tool is similar to the popular Metasploit framework, and sports exploit modules to help hackers own certain routers. The hacker hopes to grow that list in time as the security community attacks against their own router makes and models.
"I don't say Ruby is bad or good, we just think that it will be easier to make RouterSploit a community driven project with Python language," Bury says.
"For now, our main goal is to increase identification and exploitation capabilities of the framework."
It also includes features to test account credentials and scanners to search for vulnerable router services.
Supported login services include ftp; ssh; telnet; http, and snmp, with brute force and default account capabilities.
RouterSploit looks fun: https://t.co/luzScNrKce— HD Moore (@hdmoore) April 25, 2016
Identified exploits are detailed in reports that include a description of attacks and targeted systems.
Bury says the framework is under "heavy development" with new modules shipped almost daily.
The tool debuted as it was revealed that Bangladesh's central bank was popped thanks in part to its use of $10 second-hand networking kit.
Consumer-grade router security is a known hive of scum and villainy. The gadgets are routinely hacked and enslaved into powering distributed denial of service attack botnet booter services, regularly spew their exposures over Shodan, and are a popular entry point for penetration testers and criminals. ®