threat9/routersploit

scanners/routers/router_scan

Open

#639 opened on Jan 13, 2020

View on GitHub
 (4 comments) (0 reactions) (0 assignees)Python (11,672 stars) (2,340 forks)batch import
help wanted

Description

! ANY INCOMPLETE REPORT WILL BE CLOSED RIGHT AWAY !

Steps to Reproduce (for bugs)

1.use scanners/routers/router_scan 2.set target 192.168.1.1 3.run 4.

Your Environment

  • RouterSploit Version used: 3.4.1
  • Operating System and version: Linux 4.13.0-kali1-amd64 x86_64
  • Python Version: ( python3 --version ) Python 3.7.3rc1
  • Python Environment: ( python3 -m pip freeze ) AdvancedHTTPServer==2.1.0 alembic==1.0.0.dev0 altgraph==0.16.1 apipkg==1.5 asn1crypto==0.24.0 atomicwrites==1.3.0 attrs==19.1.0 backcall==0.1.0 basemap==1.2.0 beautifulsoup4==4.8.2 binwalk==2.1.2 bleach==3.1.0 blinker==1.4 bluepy==1.3.0 boltons==18.0.1 Brlapi==0.6.7 certifi==2018.8.24 cffi==1.13.2 chardet==3.0.4 chrome-gnome-shell==0.0.0 Click==7.0 crcelk==1.3 cryptography==2.8 cupshelpers==1.0 cycler==0.10.0 debtags==2.1 decorator==4.3.0 defusedxml==0.6.0 dnspython==1.16.0 entrypoints==0.3 execnet==1.7.1 Faker==3.0.0 fbs==0.8.2 flake8==3.7.9 Flask==1.1.1 future==0.17.1 geoip2==2.9.0 geojson==2.4.1 gnureadline==8.0.0 graphene==1.1.3 graphene-sqlalchemy==1.1.1 graphql-core==1.0.1 graphql-relay==0.4.5 gunicorn==20.0.4 hashID==3.1.4 httplib2==0.11.3 icalendar==4.0.3 idna==2.6 importlib-metadata==1.4.0 ipykernel==5.1.0 ipython==7.5.0 ipython-genutils==0.2.0 ipywidgets==7.4.2 iso8601==0.1.11 itsdangerous==1.1.0 jedi==0.13.3 Jinja2==2.10.3 jsonschema==3.0.1 jupyter==1.0.0 jupyter-client==5.2.4 jupyter-console==6.0.0 jupyter-core==4.4.0 keyring==17.1.1 keyrings.alt==3.1.1 kiwisolver==1.0.1 libvirt-python==5.6.0 louis==3.3.0 macholib==1.11 Mako==1.0.7 MarkupSafe==1.1.0 matplotlib==3.0.2 maxminddb==1.4.1 mccabe==0.6.1 mistune==0.8.4 more-itertools==8.1.0 msgpack==0.5.6 nbconvert==5.5.0 nbformat==4.4.0 notebook==5.7.8 numpy==1.16.2 olefile==0.46 pandocfilters==1.4.2 paramiko==2.0.0 parso==0.4.0 pefile==2019.4.18 pexpect==4.7.0 pickleshare==0.7.5 Pillow==5.4.1 pluggy==0.13.1 pluginbase==1.0.0 ply==3.11 prometheus-client==0.6.0 promise==2.2 prompt-toolkit==2.0.9 psycopg2==2.7.7 ptyprocess==0.6.0 py==1.8.1 pyasn1==0.4.2 pycairo==1.16.2 pycodestyle==2.5.0 pycparser==2.19 pycrypto==2.6.1 pycryptodome==3.9.4 pycryptodomex==3.9.4 pycups==1.9.73 pycurl==7.43.0.2 pyflakes==2.1.1 Pygments==2.4.0 PyGObject==3.30.4 PyInstaller==3.4 PyOpenGL==3.1.0 pyOpenSSL==19.1.0 pyotp==2.2.7 pyparsing==2.2.0 pyproj==1.9.6 PyQt5==5.9.2 pyqtgraph==0.10.0 pyrsistent==0.15.1 pyserial==3.4 pyshp==2.1.0 PySimpleSOAP==1.16.2 pysmbc==1.0.15.6 pysmi==0.3.4 pysnmp==4.4.6 pytest==4.4.0 pytest-forked==1.1.3 pytest-xdist==1.31.0 python-apt==1.8.4 python-dateutil==2.7.3 python-debian==0.1.34 python-debianbts==2.8.2 python-editor==0.4 python-pam==1.8.4 pytz==2019.1 pyxdg==0.25 PyYAML==3.13 pyzmq==18.0.1 qtconsole==4.4.4 reportbug==7.5.2 requests==2.21.0 routersploit==3.4.0 scipy==1.1.0 SecretStorage==2.3.1 Send2Trash==1.5.0 sip==4.19.8 six==1.12.0 smoke-zephyr==1.4.1 soupsieve==1.9.5 SQLAlchemy==1.1.11 termcolor==1.1.0 terminado==0.8.2 termineter==0.2.7 testpath==0.4.2 text-unidecode==1.3 threat9-test-bed==0.6.1.dev2+g1ed61b3 tornado==6.0.2 traitlets==4.3.2 tzlocal==1.5.1 unattended-upgrades==0.1 urllib3==1.24.1 viivakoodi==0.8.0 wcwidth==0.1.7 webencodings==0.5.1 websocket-client==0.53.0 Werkzeug==0.16.0 widgetsnbextension==3.4.2 XlsxWriter==1.1.2 zipp==0.6.0

Current Behavior

rsf > use scanners/routers/router_scan rsf (Router Scanner) > set target 192.168.1.1 [+] target => 192.168.1.1 rsf (Router Scanner) > run [*] Running module scanners/routers/router_scan...

[*] 192.168.1.1 Starting vulnerablity check... Traceback (most recent call last): File "/root/routersploit/routersploit/interpreter.py", line 389, in command_run self.current_module.run() File "/root/routersploit/routersploit/modules/scanners/autopwn.py", line 77, in run for module in utils.iter_modules(directory): File "/root/routersploit/routersploit/core/exploit/utils.py", line 138, in iter_modules yield import_exploit(path) File "/root/routersploit/routersploit/core/exploit/utils.py", line 109, in import_exploit module = importlib.import_module(path) File "/usr/lib/python3.7/importlib/init.py", line 127, in import_module return _bootstrap._gcd_import(name[level:], package, level) File "", line 1006, in _gcd_import File "", line 983, in _find_and_load File "", line 967, in _find_and_load_unlocked File "", line 677, in _load_unlocked File "", line 728, in exec_module File "", line 219, in _call_with_frames_removed File "/root/routersploit/routersploit/modules/exploits/generic/ssh_auth_keys.py", line 4, in from routersploit.core.ssh.ssh_client import SSHClient File "/root/routersploit/routersploit/core/ssh/ssh_client.py", line 2, in import paramiko File "/usr/lib/python3/dist-packages/paramiko/init.py", line 30, in from paramiko.transport import SecurityOptions, Transport File "/usr/lib/python3/dist-packages/paramiko/transport.py", line 65, in from paramiko.sftp_client import SFTPClient File "/usr/lib/python3/dist-packages/paramiko/sftp_client.py", line 41, in from paramiko.sftp_file import SFTPFile File "/usr/lib/python3/dist-packages/paramiko/sftp_file.py", line 66 self._close(async=True) ^ SyntaxError: invalid syntax

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "rsf.py", line 29, in routersploit(sys.argv) File "rsf.py", line 25, in routersploit rsf.start() File "/root/routersploit/routersploit/interpreter.py", line 125, in start command_handler(args, **kwargs) File "/root/routersploit/routersploit/core/exploit/utils.py", line 177, in wrapper return fn(self, *args, **kwargs) File "/root/routersploit/routersploit/interpreter.py", line 394, in command_run print_error(traceback.format_exc(sys.exc_info())) File "/usr/lib/python3.7/traceback.py", line 167, in format_exc return "".join(format_exception(*sys.exc_info(), limit=limit, chain=chain)) File "/usr/lib/python3.7/traceback.py", line 121, in format_exception type(value), value, tb, limit=limit).format(chain=chain)) File "/usr/lib/python3.7/traceback.py", line 508, in init capture_locals=capture_locals) File "/usr/lib/python3.7/traceback.py", line 337, in extract if limit >= 0: TypeError: '>=' not supported between instances of 'tuple' and 'int'

Expected Behavior

Run the scanner

Everything up to date, what should I do ?

Contributor guide

Tech stack
python
Domain
security
Issue type
bug
DifficultyEstimated implementation difficulty for a new contributor, from 1 for very small changes to 5 for expert-level work.
3
Estimated timeA rough time range for an experienced contributor to investigate, implement, test, and prepare a pull request.
1-3 hours
Activity statusHow available the issue appears right now: fresh, active, stale, blocked, or waiting on maintainer input.
stale
ClarityHow clearly the issue explains the expected change, acceptance criteria, and next step.
mostly clear
Prerequisites
Python debuggingdependency management
Newbie friendlinessA 1-100 score estimating how approachable this issue is for first-time contributors.
55
Research direction
The crash is caused by a SyntaxError in paramiko (version 2.0.0) on Python 3.7 due to async=True. The fix may involve upgrading paramiko to a compatible version or patching the import. Additionally, a secondary TypeError in traceback.format exc occurs. Investigate the paramiko version requirement in routersploit and update the dependency or handle the async keyword appropriately. Review the routersploit/core/ssh/ssh client.py file to see if there's a version check.