sssnake/Autarch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Autarch/core/rsf_modules.py

543 lines
26 KiB
Python
Raw Permalink Normal View History

Initial public release — AUTARCH v1.0.0 Full security platform with web dashboard, 16 Flask blueprints, 26 modules, autonomous AI agent, WebUSB hardware support, and Archon Android companion app. Includes Hash Toolkit, debug console, anti-stalkerware shield, Metasploit/RouterSploit integration, WireGuard VPN, OSINT reconnaissance, and multi-backend LLM support. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-01 03:57:32 -08:00
"""
AUTARCH RouterSploit Curated Module Library
Offline-browsable metadata for key RSF modules.
Mirrors core/msf_modules.py patterns for RSF-specific modules.
"""
from .banner import Colors
# ─── Module Library ─────────────────────────────────────────────────────────
RSF_MODULES = {
# ════════════════════════════════════════════════════════════════════════
# EXPLOITS - ROUTERS
# ════════════════════════════════════════════════════════════════════════
# ── D-Link Routers ──────────────────────────────────────────────────────
'exploits/routers/dlink/dir_300_600_rce': {
'name': 'D-Link DIR-300 & DIR-600 RCE',
'description': 'Exploits D-Link DIR-300, DIR-600 Remote Code Execution '
'vulnerability allowing command execution with root privileges.',
'authors': ('Michael Messner', 'Marcin Bury'),
'devices': ('D-Link DIR 300', 'D-Link DIR 600'),
'references': ('http://www.s3cur1ty.de/m1adv2013-003',),
'tags': ('dlink', 'rce', 'router', 'http'),
'notes': 'Targets the web interface. Requires HTTP access to the router.',
},
'exploits/routers/dlink/dir_645_815_rce': {
'name': 'D-Link DIR-645 & DIR-815 RCE',
'description': 'Exploits D-Link DIR-645 and DIR-815 Remote Code Execution '
'vulnerability via the web interface.',
'authors': ('Michael Messner', 'Marcin Bury'),
'devices': ('DIR-815 v1.03b02', 'DIR-645 v1.02', 'DIR-645 v1.03',
'DIR-600 below v2.16b01', 'DIR-300 revB v2.13b01',
'DIR-412 Ver 1.14WWB02', 'DIR-110 Ver 1.01'),
'references': ('http://www.s3cur1ty.de/m1adv2013-017',),
'tags': ('dlink', 'rce', 'router', 'http'),
'notes': 'Affects multiple DIR-series firmware versions.',
},
'exploits/routers/dlink/multi_hnap_rce': {
'name': 'D-Link Multi HNAP RCE',
'description': 'Exploits HNAP remote code execution in multiple D-Link devices '
'allowing command execution on the device.',
'authors': ('Samuel Huntley', 'Craig Heffner', 'Marcin Bury'),
'devices': ('D-Link DIR-645', 'D-Link DIR-880L', 'D-Link DIR-865L',
'D-Link DIR-860L revA/B', 'D-Link DIR-815 revB',
'D-Link DIR-300 revB', 'D-Link DIR-600 revB',
'D-Link DAP-1650 revB'),
'references': ('https://www.exploit-db.com/exploits/37171/',
'http://www.devttys0.com/2015/04/hacking-the-d-link-dir-890l/'),
'tags': ('dlink', 'rce', 'hnap', 'router', 'http'),
'notes': 'HNAP (Home Network Administration Protocol) vulnerability '
'affecting a wide range of D-Link devices.',
},
# ── Cisco Routers ───────────────────────────────────────────────────────
'exploits/routers/cisco/rv320_command_injection': {
'name': 'Cisco RV320 Command Injection',
'description': 'Exploits Cisco RV320 Remote Command Injection in the '
'web-based certificate generator feature (CVE-2019-1652).',
'authors': ('RedTeam Pentesting GmbH', 'GH0st3rs'),
'devices': ('Cisco RV320 1.4.2.15 to 1.4.2.22', 'Cisco RV325'),
'references': ('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1652',),
'tags': ('cisco', 'rce', 'command_injection', 'router', 'cve-2019-1652'),
'notes': 'Requires HTTPS access (port 443). Targets certificate generator.',
},
'exploits/routers/cisco/ios_http_authorization_bypass': {
'name': 'Cisco IOS HTTP Authorization Bypass',
'description': 'HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to '
'bypass authentication and execute commands by specifying a '
'high access level in the URL (CVE-2001-0537).',
'authors': ('renos stoikos',),
'devices': ('Cisco IOS 11.3 to 12.2',),
'references': ('http://www.cvedetails.com/cve/cve-2001-0537',),
'tags': ('cisco', 'auth_bypass', 'ios', 'router', 'http', 'cve-2001-0537'),
'notes': 'Classic IOS vulnerability. Only affects very old IOS versions.',
},
# ── Netgear Routers ─────────────────────────────────────────────────────
'exploits/routers/netgear/dgn2200_ping_cgi_rce': {
'name': 'Netgear DGN2200 RCE',
'description': 'Exploits Netgear DGN2200 RCE via ping.cgi script '
'(CVE-2017-6077).',
'authors': ('SivertPL', 'Josh Abraham'),
'devices': ('Netgear DGN2200v1-v4',),
'references': ('https://www.exploit-db.com/exploits/41394/',
'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6077'),
'tags': ('netgear', 'rce', 'router', 'http', 'cve-2017-6077'),
'notes': 'Requires valid credentials (default: admin/password).',
},
'exploits/routers/netgear/multi_rce': {
'name': 'Netgear Multi RCE',
'description': 'Exploits remote command execution in multiple Netgear devices. '
'If vulnerable, opens a command loop with OS-level access.',
'authors': ('Andrei Costin', 'Marcin Bury'),
'devices': ('Netgear WG102', 'Netgear WG103', 'Netgear WN604',
'Netgear WNDAP350', 'Netgear WNDAP360', 'Netgear WNAP320',
'Netgear WNDAP660', 'Netgear WNDAP620'),
'references': ('http://firmware.re/vulns/acsa-2015-001.php',),
'tags': ('netgear', 'rce', 'router', 'http', 'multi'),
'notes': 'Targets multiple Netgear enterprise wireless APs.',
},
# ── Mikrotik Routers ────────────────────────────────────────────────────
'exploits/routers/mikrotik/winbox_auth_bypass_creds_disclosure': {
'name': 'Mikrotik WinBox Auth Bypass - Credentials Disclosure',
'description': 'Bypasses authentication through WinBox service in Mikrotik '
'devices v6.29 to v6.42 and retrieves admin credentials.',
'authors': ('Alireza Mosajjal', 'Mostafa Yalpaniyan', 'Marcin Bury'),
'devices': ('Mikrotik RouterOS 6.29 to 6.42',),
'references': ('https://n0p.me/winbox-bug-dissection/',
'https://github.com/BasuCert/WinboxPoC'),
'tags': ('mikrotik', 'auth_bypass', 'creds', 'winbox', 'router', 'tcp'),
'notes': 'Targets WinBox service (port 8291). Very high impact.',
},
# ── TP-Link Routers ─────────────────────────────────────────────────────
'exploits/routers/tplink/archer_c2_c20i_rce': {
'name': 'TP-Link Archer C2 & C20i RCE',
'description': 'Exploits TP-Link Archer C2 and C20i RCE allowing root-level '
'command execution.',
'authors': ('Michal Sajdak', 'Marcin Bury'),
'devices': ('TP-Link Archer C2', 'TP-Link Archer C20i'),
'references': (),
'tags': ('tplink', 'rce', 'router', 'http'),
'notes': 'Targets the Archer web interface.',
},
# ── Asus Routers ────────────────────────────────────────────────────────
'exploits/routers/asus/asuswrt_lan_rce': {
'name': 'AsusWRT LAN RCE',
'description': 'Exploits multiple vulnerabilities in AsusWRT firmware to achieve '
'RCE: HTTP auth bypass + VPN config upload + infosvr command '
'execution (CVE-2018-5999, CVE-2018-6000).',
'authors': ('Pedro Ribeiro', 'Marcin Bury'),
'devices': ('AsusWRT < v3.0.0.4.384.10007',),
'references': ('https://nvd.nist.gov/vuln/detail/CVE-2018-5999',
'https://nvd.nist.gov/vuln/detail/CVE-2018-6000'),
'tags': ('asus', 'rce', 'auth_bypass', 'router', 'http', 'udp',
'cve-2018-5999', 'cve-2018-6000'),
'notes': 'Chains HTTP auth bypass with UDP infosvr for full RCE.',
},
# ════════════════════════════════════════════════════════════════════════
# EXPLOITS - CAMERAS
# ════════════════════════════════════════════════════════════════════════
'exploits/cameras/dlink/dcs_930l_932l_auth_bypass': {
'name': 'D-Link DCS Cameras Auth Bypass',
'description': 'D-Link DCS web cameras allow unauthenticated attackers to '
'obtain device configuration by accessing unprotected URLs.',
'authors': ('Roberto Paleari', 'Dino Causevic'),
'devices': ('D-Link DCS-930L fw 1.04', 'D-Link DCS-932L fw 1.02'),
'references': ('https://www.exploit-db.com/exploits/24442/',),
'tags': ('dlink', 'camera', 'auth_bypass', 'http'),
'notes': 'Uses port 8080 by default.',
},
'exploits/cameras/cisco/video_surv_path_traversal': {
'name': 'Cisco Video Surveillance Path Traversal',
'description': 'Path traversal in Cisco Video Surveillance Operations '
'Manager 6.3.2 allowing file reads from the filesystem.',
'authors': ('b.saleh', 'Marcin Bury'),
'devices': ('Cisco Video Surveillance Operations Manager 6.3.2',),
'references': ('https://www.exploit-db.com/exploits/38389/',),
'tags': ('cisco', 'camera', 'path_traversal', 'http'),
'notes': 'Read /etc/passwd or other files via path traversal.',
},
'exploits/cameras/brickcom/corp_network_cameras_conf_disclosure': {
'name': 'Brickcom Network Camera Config Disclosure',
'description': 'Exploits Brickcom Corporation Network Camera configuration '
'disclosure vulnerability to read device config and credentials.',
'authors': ('Orwelllabs', 'Marcin Bury'),
'devices': ('Brickcom FB-100Ae', 'Brickcom WCB-100Ap',
'Brickcom OB-200Np-LR', 'Brickcom VD-E200Nf'),
'references': ('https://www.exploit-db.com/exploits/39696/',),
'tags': ('brickcom', 'camera', 'config_disclosure', 'http'),
'notes': 'Extracts admin credentials from configuration.',
},
# ════════════════════════════════════════════════════════════════════════
# EXPLOITS - GENERIC
# ════════════════════════════════════════════════════════════════════════
'exploits/generic/heartbleed': {
'name': 'OpenSSL Heartbleed',
'description': 'Exploits OpenSSL Heartbleed vulnerability (CVE-2014-0160). '
'Fake heartbeat length leaks memory data from the server.',
'authors': ('Neel Mehta', 'Jared Stafford', 'Marcin Bury'),
'devices': ('Multi',),
'references': ('http://www.cvedetails.com/cve/2014-0160',
'http://heartbleed.com/'),
'tags': ('heartbleed', 'openssl', 'ssl', 'tls', 'memory_leak', 'generic',
'cve-2014-0160'),
'notes': 'Tests for Heartbleed on any SSL/TLS service. '
'Default port 443.',
},
'exploits/generic/shellshock': {
'name': 'Shellshock',
'description': 'Exploits Shellshock vulnerability (CVE-2014-6271) allowing '
'OS command execution via crafted HTTP headers.',
'authors': ('Marcin Bury',),
'devices': ('Multi',),
'references': ('https://access.redhat.com/articles/1200223',),
'tags': ('shellshock', 'bash', 'rce', 'http', 'generic', 'cve-2014-6271'),
'notes': 'Injects via HTTP headers (default: User-Agent). '
'Configure path and method as needed.',
},
'exploits/generic/ssh_auth_keys': {
'name': 'SSH Authorized Keys',
'description': 'Tests for known default SSH keys that ship with various '
'embedded devices and appliances.',
'authors': ('Marcin Bury',),
'devices': ('Multi',),
'references': (),
'tags': ('ssh', 'keys', 'default_creds', 'generic'),
'notes': 'Checks for factory SSH keys common on IoT/embedded devices.',
},
# ════════════════════════════════════════════════════════════════════════
# CREDENTIALS - GENERIC
# ════════════════════════════════════════════════════════════════════════
'creds/generic/ftp_bruteforce': {
'name': 'FTP Bruteforce',
'description': 'Performs bruteforce attack against FTP service. '
'Displays valid credentials when found.',
'authors': ('Marcin Bury',),
'devices': ('Multiple devices',),
'references': (),
'tags': ('ftp', 'bruteforce', 'creds', 'generic'),
'notes': 'Supports file:// targets for batch mode. '
'Default port 21. Threaded (default 8 threads).',
},
'creds/generic/ssh_bruteforce': {
'name': 'SSH Bruteforce',
'description': 'Performs bruteforce attack against SSH service. '
'Displays valid credentials when found.',
'authors': ('Marcin Bury',),
'devices': ('Multiple devices',),
'references': (),
'tags': ('ssh', 'bruteforce', 'creds', 'generic'),
'notes': 'Default port 22. Threaded. Supports batch targets via file://.',
},
'creds/generic/telnet_bruteforce': {
'name': 'Telnet Bruteforce',
'description': 'Performs bruteforce attack against Telnet service. '
'Displays valid credentials when found.',
'authors': ('Marcin Bury',),
'devices': ('Multiple devices',),
'references': (),
'tags': ('telnet', 'bruteforce', 'creds', 'generic'),
'notes': 'Default port 23. Common on IoT devices with telnet enabled.',
},
'creds/generic/snmp_bruteforce': {
'name': 'SNMP Bruteforce',
'description': 'Performs bruteforce attack against SNMP service. '
'Discovers valid community strings.',
'authors': ('Marcin Bury',),
'devices': ('Multiple devices',),
'references': (),
'tags': ('snmp', 'bruteforce', 'creds', 'generic', 'community'),
'notes': 'Tests SNMP community strings. Default port 161. '
'Supports SNMPv1 and SNMPv2c.',
},
'creds/generic/http_basic_digest_bruteforce': {
'name': 'HTTP Basic/Digest Bruteforce',
'description': 'Performs bruteforce against HTTP Basic/Digest authentication. '
'Displays valid credentials when found.',
'authors': ('Marcin Bury', 'Alexander Yakovlev'),
'devices': ('Multiple devices',),
'references': (),
'tags': ('http', 'bruteforce', 'creds', 'generic', 'basic_auth', 'digest'),
'notes': 'Targets HTTP authentication. Configure path to the protected URL.',
},
# ════════════════════════════════════════════════════════════════════════
# SCANNERS
# ════════════════════════════════════════════════════════════════════════
'scanners/autopwn': {
'name': 'AutoPwn',
'description': 'Comprehensive scanner that tests ALL exploit and credential '
'modules against a target. The ultimate "scan everything" tool.',
'authors': ('Marcin Bury',),
'devices': ('Multi',),
'references': (),
'tags': ('scanner', 'autopwn', 'comprehensive', 'all'),
'notes': 'Runs all exploits and creds against the target. '
'Can be filtered by vendor. Checks HTTP, FTP, SSH, Telnet, SNMP. '
'Very thorough but slow. Use specific scanners for faster results.',
},
'scanners/routers/router_scan': {
'name': 'Router Scanner',
'description': 'Scans for router vulnerabilities and weaknesses. '
'Tests generic and router-specific exploit modules.',
'authors': ('Marcin Bury',),
'devices': ('Router',),
'references': (),
'tags': ('scanner', 'router', 'comprehensive'),
'notes': 'Faster than AutoPwn -- only tests router-relevant modules.',
},
'scanners/cameras/camera_scan': {
'name': 'Camera Scanner',
'description': 'Scans for IP camera vulnerabilities and weaknesses. '
'Tests generic and camera-specific exploit modules.',
'authors': ('Marcin Bury',),
'devices': ('Cameras',),
'references': (),
'tags': ('scanner', 'camera', 'ip_camera', 'comprehensive'),
'notes': 'Tests all camera-related exploits against the target.',
},
# ════════════════════════════════════════════════════════════════════════
# EXPLOITS - MISC
# ════════════════════════════════════════════════════════════════════════
'exploits/misc/asus/b1m_projector_rce': {
'name': 'Asus B1M Projector RCE',
'description': 'Exploits Asus B1M Projector RCE allowing root-level '
'command execution.',
'authors': ('Hacker House', 'Marcin Bury'),
'devices': ('Asus B1M Projector',),
'references': ('https://www.myhackerhouse.com/asus-b1m-projector-remote-root-0day/',),
'tags': ('asus', 'projector', 'rce', 'misc', 'iot'),
'notes': 'Targets network-connected projectors.',
},
# ════════════════════════════════════════════════════════════════════════
# EXPLOITS - MORE ROUTERS
# ════════════════════════════════════════════════════════════════════════
'exploits/routers/linksys/smart_wifi_password_disclosure': {
'name': 'Linksys Smart WiFi Password Disclosure',
'description': 'Exploits information disclosure in Linksys Smart WiFi '
'routers to extract passwords.',
'authors': ('Marcin Bury',),
'devices': ('Linksys Smart WiFi routers',),
'references': (),
'tags': ('linksys', 'password', 'disclosure', 'router', 'http'),
'notes': 'Targets Linksys Smart WiFi web interface.',
},
'exploits/routers/zyxel/d1000_rce': {
'name': 'Zyxel D1000 RCE',
'description': 'Exploits remote code execution in Zyxel D1000 modem/routers.',
'authors': ('Marcin Bury',),
'devices': ('Zyxel D1000',),
'references': (),
'tags': ('zyxel', 'rce', 'router', 'modem'),
'notes': 'Targets Zyxel DSL modem/router combo devices.',
},
'exploits/routers/huawei/hg520_info_disclosure': {
'name': 'Huawei HG520 Info Disclosure',
'description': 'Information disclosure in Huawei HG520 home gateway '
'allowing extraction of device configuration.',
'authors': ('Marcin Bury',),
'devices': ('Huawei HG520',),
'references': (),
'tags': ('huawei', 'info_disclosure', 'router', 'http'),
'notes': 'Targets Huawei home gateway web interface.',
},
}
# ─── Module Type Mapping ────────────────────────────────────────────────────
MODULE_TYPES = {
'exploits': {
'name': 'Exploits',
'description': 'Vulnerability exploits for routers, cameras, and devices',
'color': Colors.RED,
},
'creds': {
'name': 'Credentials',
'description': 'Default credential and brute-force modules',
'color': Colors.YELLOW,
},
'scanners': {
'name': 'Scanners',
'description': 'Automated vulnerability scanners (AutoPwn, etc.)',
'color': Colors.CYAN,
},
'payloads': {
'name': 'Payloads',
'description': 'Shellcode and payload generators',
'color': Colors.MAGENTA,
},
'encoders': {
'name': 'Encoders',
'description': 'Payload encoding and obfuscation',
'color': Colors.GREEN,
},
}
# ─── API Functions ──────────────────────────────────────────────────────────
def get_module_info(module_path: str) -> dict:
"""Get curated module info by path.
Args:
module_path: Module path like 'exploits/routers/dlink/dir_300_600_rce'
Returns:
Module info dict or None
"""
return RSF_MODULES.get(module_path)
def get_module_description(module_path: str) -> str:
"""Get just the description for a module.
Args:
module_path: Module path
Returns:
Description string or empty string
"""
info = RSF_MODULES.get(module_path)
if info:
return info.get('description', '')
return ''
def search_modules(query: str) -> list:
"""Search curated modules by keyword.
Searches name, description, tags, devices, and path.
Args:
query: Search string (case-insensitive)
Returns:
List of matching module info dicts (with 'path' key added)
"""
results = []
query_lower = query.lower()
for path, info in RSF_MODULES.items():
# Search in path
if query_lower in path.lower():
results.append({**info, 'path': path})
continue
# Search in name
if query_lower in info.get('name', '').lower():
results.append({**info, 'path': path})
continue
# Search in description
if query_lower in info.get('description', '').lower():
results.append({**info, 'path': path})
continue
# Search in tags
if any(query_lower in tag.lower() for tag in info.get('tags', ())):
results.append({**info, 'path': path})
continue
# Search in devices
if any(query_lower in dev.lower() for dev in info.get('devices', ())):
results.append({**info, 'path': path})
continue
return results
def get_modules_by_type(module_type: str) -> list:
"""Get curated modules filtered by type.
Args:
module_type: One of 'exploits', 'creds', 'scanners', etc.
Returns:
List of matching module info dicts (with 'path' key added)
"""
results = []
for path, info in RSF_MODULES.items():
if path.startswith(module_type + '/'):
results.append({**info, 'path': path})
return results
def format_module_help(module_path: str) -> str:
"""Format detailed help text for a module.
Args:
module_path: Module path
Returns:
Formatted help string
"""
info = RSF_MODULES.get(module_path)
if not info:
return f" {Colors.YELLOW}No curated info for '{module_path}'{Colors.RESET}"
lines = []
lines.append(f" {Colors.BOLD}{Colors.WHITE}{info.get('name', module_path)}{Colors.RESET}")
lines.append(f" {Colors.DIM}Path: {module_path}{Colors.RESET}")
lines.append(f"")
lines.append(f" {info.get('description', '')}")
if info.get('authors'):
authors = ', '.join(info['authors'])
lines.append(f"")
lines.append(f" {Colors.CYAN}Authors:{Colors.RESET} {authors}")
if info.get('devices'):
lines.append(f" {Colors.CYAN}Devices:{Colors.RESET}")
for dev in info['devices']:
lines.append(f" - {dev}")
if info.get('references'):
lines.append(f" {Colors.CYAN}References:{Colors.RESET}")
for ref in info['references']:
lines.append(f" {Colors.DIM}{ref}{Colors.RESET}")
if info.get('notes'):
lines.append(f"")
lines.append(f" {Colors.YELLOW}Note:{Colors.RESET} {info['notes']}")
return '\n'.join(lines)
def get_all_modules() -> dict:
"""Get all curated modules.
Returns:
The full RSF_MODULES dict
"""
return RSF_MODULES
def get_type_info(module_type: str) -> dict:
"""Get info about a module type.
Args:
module_type: One of 'exploits', 'creds', 'scanners', etc.
Returns:
Type info dict or None
"""
return MODULE_TYPES.get(module_type)
Reference in New Issue Copy Permalink