diff --git a/README.md b/README.md index 3edb58865..2578c5018 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ It consists of various modules that aids penetration testing operations: - exploits - modules that take advantage of identified vulnerabilities - creds - modules designed to test credentials against network services -- scanners - modules that check if target is vulnerable to any exploit +- scanners - modules that check if a target is vulnerable to any exploit # Installation @@ -29,7 +29,7 @@ It consists of various modules that aids penetration testing operations: git clone https://github.com/reverse-shell/routersploit cd routersploit ./rsf.py - + ## Installation on Ubuntu 16.04 sudo apt-get install python-dev python-pip libncurses5-dev git @@ -55,14 +55,14 @@ It consists of various modules that aids penetration testing operations: # Update -Update RouterSploit Framework often. Project is under heavy development and new modules are shipped almost everyday. +Update RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day. cd routersploit git pull # Usage - root@kalidev:~/git/routersploit# ./rsf.py + root@kalidev:~/git/routersploit# ./rsf.py ______ _ _____ _ _ _ | ___ \ | | / ___| | | (_) | | |_/ /___ _ _| |_ ___ _ __\ `--. _ __ | | ___ _| |_ @@ -76,7 +76,7 @@ Update RouterSploit Framework often. Project is under heavy development and new Codename : Wildest Dreams Version : 1.0.0 - rsf > + rsf > ## 1. Exploits @@ -85,7 +85,7 @@ Update RouterSploit Framework often. Project is under heavy development and new rsf > use exploits/ exploits/2wire/ exploits/asmax/ exploits/asus/ exploits/cisco/ exploits/dlink/ exploits/fortinet/ exploits/juniper/ exploits/linksys/ exploits/multi/ exploits/netgear/ rsf > use exploits/dlink/dir_300_600_rce - rsf (D-LINK DIR-300 & DIR-600 RCE) > + rsf (D-LINK DIR-300 & DIR-600 RCE) > You can use the tab key for completion. @@ -110,7 +110,7 @@ Set options: ### Run module -Exploiting target can be achieved by issuing 'run' or 'exploit' command: +You can exploit the target by issuing the 'run' or 'exploit' command: rsf (D-LINK DIR-300 & DIR-600 RCE) > run [+] Target is vulnerable @@ -152,9 +152,9 @@ Display information about exploit: ### Pick module -Modules located under creds/ directory allow running dictionary attacks against various network services. +Modules located in the `creds/` directory allow running dictionary attacks against various network services. -Following services are currently supported: +The following services are currently supported: - ftp - ssh @@ -165,8 +165,8 @@ Following services are currently supported: Every service has been divided into two modules: -- default (e.g. ssh_default) - this kind of modules use one wordlist with default credentials pairs login:password. Module can be quickly used and in matter of seconds verify if the device uses default credentials. -- bruteforce (e.g. ssh_bruteforce) - this kind of modules perform dictionary attacks against specified account or list of accounts. It takes two parameters login and password. These values can be a single word (e.g. 'admin') or entire list of strings (file:///root/users.txt). +- default (e.g. ssh_default) - this kind of modules use one wordlist with default credentials pairs login:password. The module can be quickly used and in matter of seconds can verify if the device uses default credentials. +- bruteforce (e.g. ssh_bruteforce) - this kind of modules perform dictionary attacks against a specified account or list of accounts. It takes two parameters: login and password. These values can be a single word (e.g. 'admin') or an entire list of strings (file:///root/users.txt). Console: @@ -174,22 +174,22 @@ Console: creds/ftp_bruteforce creds/http_basic_bruteforce creds/http_form_bruteforce creds/snmp_bruteforce creds/ssh_default creds/telnet_default creds/ftp_default creds/http_basic_default creds/http_form_default creds/ssh_bruteforce creds/telnet_bruteforce rsf > use creds/ssh_default - rsf (SSH Default Creds) > + rsf (SSH Default Creds) > ### Options rsf (SSH Default Creds) > show options - + Target options: - + Name Current settings Description ---- ---------------- ----------- target Target IP address port 22 Target port - - + + Module options: - + Name Current settings Description ---- ---------------- ----------- threads 8 Numbers of threads @@ -220,21 +220,21 @@ Set target: [-] worker-7 Authentication failed. Username: 'ADVMAIL' Password: 'HP' [-] worker-3 Authentication failed. Username: '266344' Password: '266344' [-] worker-2 Authentication failed. Username: '1502' Password: '1502' - + (..) Elapsed time: 38.9181981087 seconds [+] Credentials found! - + Login Password ----- -------- admin 1234 - rsf (SSH Default Creds) > - + rsf (SSH Default Creds) > + ## 3. Scanners -Scanners allow quickly verify if the target is vulnerable to any exploits. +Scanners allow you to quickly verify if the target is vulnerable to any exploits. ### Pick module @@ -245,7 +245,7 @@ Scanners allow quickly verify if the target is vulnerable to any exploits. ### Options Target options: - + Name Current settings Description ---- ---------------- ----------- target Target address e.g. http://192.168.1.1 @@ -266,11 +266,11 @@ Set target: [-] exploits/dlink/dir_645_password_disclosure is not vulnerable [-] exploits/dlink/dir_300_600_615_info_disclosure is not vulnerable [-] exploits/dlink/dir_300_600_rce is not vulnerable - + [+] Device is vulnerable! - exploits/dlink/dwr_932_info_disclosure -It has been verified that target is vulnerable to dwr\_932\_info\_disclosure exploit. Now use proper module and exploit target. +It has been verified that the target is vulnerable to dwr\_932\_info\_disclosure exploit. Now use the proper module and exploit target. rsf (D-Link Scanner) > use exploits/dlink/dwr_932_info_disclosure rsf (D-Link DWR-932 Info Disclosure) > set target 192.168.1.1 @@ -279,7 +279,7 @@ It has been verified that target is vulnerable to dwr\_932\_info\_disclosure exp [*] Running module... [*] Decoding JSON value [+] Exploit success - + Parameter Value --------- ----- get_wps_enable 0 @@ -292,9 +292,8 @@ It has been verified that target is vulnerable to dwr\_932\_info\_disclosure exp get_mac_filter_switch 0 wifi_AP1_passphrase MyPaSsPhRaSe get_wps_mode 0 - -# License -License has been taken from BSD licensing and applied to RouterSploit Framework. -Please see LICENSE for more details. +# License +The RouterSploit Framework is under a BSD license. +Please see [LICENSE](LICENSE) for more details.