Avoid hardcoded relative paths (threat9#578)

* Introduce a RESOURCE_DIR to avoid relative hardcoded paths - Introduce a RESOURCES_DIR similar to other *_DIR - Add a resources_directory parameter to lookup_vendor() to avoid possible hardcoded directory and - if not provided - pick up the default RESOURCES_DIR. * Avoid possible hardcoded relative paths and use RESOURCE_DIR instead (Otherwise ssh_keys are tried to picked up in in ${PWD} (and mostly likely failing)) * Avoid hardcoded relative paths and use MODULES_DIR instead Commit id 9380c04 (probably accidentally) removed EXPLOITS_DIR use leading to loading routersploit/modules/exploits relative to the current directory instead of the installed ones in MODULES_DIR. * Avoid hardcoded relative paths and use utils.index_modules() instead * Avoid hardcoded relative paths and use utils.index_modules() instead * G/C no longer used import/functions * G/C no longer used module import * Reintroduce encode and fix a copypasto * Add missing `.' Spotted by @lucyoa, thanks! * Fix a regression on the semantic/name of payloads payloads should be listed/selected as `<architecture>/<payload>', not `payloads.<architecture>.<payload>'. Thanks to @lucyoa!
devkw · Apr 11, 2019 · c7ad64f · c7ad64f
1 parent dcbfe68
commit c7ad64f
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 30 deletions.
diff --git a/routersploit/core/exploit/payloads.py b/routersploit/core/exploit/payloads.py
@@ -1,4 +1,3 @@
-import os
 import importlib
 from collections import namedtuple
 from struct import pack
@@ -22,6 +21,7 @@
 )
 
 from routersploit.core.exploit.utils import (
+    index_modules,
     random_text,
 )
 
@@ -122,25 +122,19 @@ def run(self):
         raise NotImplementedError()
 
     def get_encoders(self):
-        path = "routersploit/modules/encoders/{}".format(self.architecture)
-
         encoders = []
 
-        try:
-            files = os.listdir(path)
-        except FileNotFoundError:
-            return []
-
-        for f in files:
-            if not f.startswith("__") and f.endswith(".py"):
-                encoder = f.replace(".py", "")
-                module_path = "{}/{}".format(path, encoder).replace("/", ".")
-                module = getattr(importlib.import_module(module_path), "Encoder")
-                encoders.append((
-                    "{}/{}".format(self.architecture, encoder),
-                    module._Encoder__info__["name"],
-                    module._Encoder__info__["description"],
-                ))
+        # get all encoders for given architecture
+        all_encoders = [e for e in index_modules() if "encoders.{}".format(self.architecture) in e]
+
+        for e in all_encoders:
+            encoder = e.replace("encoders.{}.".format(self.architecture), "").replace(".", "/")
+            module = getattr(importlib.import_module('routersploit.modules.' + e), "Encoder")
+            encoders.append((
+                "{}/{}".format(self.architecture, encoder),
+                module._Encoder__info__["name"],
+                module._Encoder__info__["description"],
+            ))
 
         return encoders
 

diff --git a/routersploit/core/exploit/shell.py b/routersploit/core/exploit/shell.py
@@ -4,8 +4,6 @@
 from http.server import BaseHTTPRequestHandler, HTTPServer
 import threading
 import time
-from os import listdir
-from os.path import isfile, join
 import importlib
 
 from routersploit.core.exploit.printer import (
@@ -18,6 +16,7 @@
 )
 
 from routersploit.core.exploit.utils import (
+    index_modules,
     random_text,
 )
 
@@ -28,14 +27,11 @@ def shell(exploit, architecture="", method="", payloads=None, **params):
     options = []
 
     if architecture and method:
-        path = "routersploit/modules/payloads/{}/".format(architecture)
-
         # get all payloads for given architecture
-        all_payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"]
+        all_payloads = [p.lstrip('payloads.').replace('.', '/') for p in index_modules() if "payloads.{}".format(architecture) in p]
 
-        payload_path = path.replace("/", ".")
         for p in all_payloads:
-            module = getattr(importlib.import_module("{}{}".format(payload_path, p)), 'Payload')
+            module = getattr(importlib.import_module('routersploit.modules.payloads.' + p.replace('/', '.')), 'Payload')
 
             # if method/arch is cmd then filter out payloads
             if method == "cmd":

diff --git a/routersploit/core/exploit/utils.py b/routersploit/core/exploit/utils.py
@@ -6,12 +6,14 @@
 from functools import wraps
 
 import routersploit.modules as rsf_modules
+import routersploit.resources as resources
 import routersploit.resources.wordlists as wordlists
 
 from routersploit.core.exploit.printer import print_error, print_info
 from routersploit.core.exploit.exceptions import RoutersploitException
 
 MODULES_DIR = rsf_modules.__path__[0]
+RESOURCES_DIR = resources.__path__[0]
 WORDLISTS_DIR = wordlists.__path__[0]
 
 
@@ -211,16 +213,17 @@ def _wrapper(self, *args, **kwargs):
     return _outer_wrapper
 
 
-def lookup_vendor(addr: str) -> str:
+def lookup_vendor(addr: str, resources_directory: str = RESOURCES_DIR) -> str:
     """ Lookups vendor (manufacturer) based on MAC address
 
     :param str addr: MAC address to lookup
+    :param str resources_directory: path to resources directory
     :return str: vendor name from oui.dat database
     """
 
     addr = addr.upper().replace(":", "")
 
-    path = "./routersploit/resources/vendors/oui.dat"
+    path = os.path.join(resources_directory, "vendors/oui.dat")
     with open(path, "r") as f:
         for line in f.readlines():
             line = line.strip()

diff --git a/routersploit/modules/exploits/generic/ssh_auth_keys.py b/routersploit/modules/exploits/generic/ssh_auth_keys.py
@@ -51,7 +51,7 @@ def __init__(self):
         self.valid = None
         self.private_keys = []
 
-        ssh_keys_path = "./routersploit/resources/ssh_keys"
+        ssh_keys_path = os.path.join(utils.RESOURCES_DIR, "ssh_keys")
         ssh_keys = [".".join(filename.split(".")[:-1]) for filename in os.listdir(ssh_keys_path) if filename.endswith(".json")]
 
         for ssh_key in ssh_keys:

diff --git a/routersploit/modules/scanners/autopwn.py b/routersploit/modules/scanners/autopwn.py
@@ -34,8 +34,8 @@ def __init__(self):
         self.vulnerabilities = []
         self.creds = []
         self.not_verified = []
-        self._exploits_directories = [path.join("routersploit/modules/exploits/", module) for module in self.modules]
-        self._creds_directories = [path.join("routersploit/modules/creds/", module) for module in self.modules]
+        self._exploits_directories = [path.join(utils.MODULES_DIR, "exploits", module) for module in self.modules]
+        self._creds_directories = [path.join(utils.MODULES_DIR, "creds", module) for module in self.modules]
 
     def run(self):
         self.vulnerabilities = []