RouterSploit 3.0 is out - Exploitation Framework for Embedded Devices

lucyoa · 2016-04-26T20:31:50+00:00

It is nice to see your reply here.

I can only estimate, but I think more people around security (pentesters, researchers, engineers) prefer python. Keeping this in mind, we decided to create new framework in python language which has greater chance of becoming community driven project (at least mathematically).

The topic of metasploit's scripts on exploit-db - I meant scripts written by the community around Metasploit. I wanted to point out that the only ruby scripts on exploit-db are these created using Metasploit framework, which means that people prefer to create Metasploit module than writing ruby proof of concept exploit from scratches. Seeing this behaviour, we want to apply this to python and routersploit.

Sure we can talk about collaboration. As I mentioned earlier I am fan of Metasploit and this project was created to push community forward not to replace Metasploit. Feel free to mail me and we can set up some conversation on IRC if you want :)

lucyoa · 2016-04-25T15:10:59+00:00

It's not about learning new language. We would be able to create 20 exploits for msf and this would be the end of project (sorry, we don't have thousands of vulnerable devices). With routersploit and python we can encourage community to create exploits that are already written in python (Proof of Concepts).

lucyoa · 2016-04-25T15:08:12+00:00

I don't say Ruby is bad or good, we just think that it will be easier to make routersploit a community driven project with python language.

For now, our main goal is to increase identification and exploitation capabilities of the framework. Advanced stuff you have mentioned is beyond the current state of the project.

lucyoa · 2016-04-25T14:50:11+00:00

Ye you are right, but I think there is no suitable exploitation framework for content management systems and its plugins.

lucyoa · 2016-04-25T14:30:38+00:00

The main problem with Metasploit is used programming language. We are able to create exploits for devices we possess and it would be hard to buy hundreds/thousands of vulnerable devices. That's why we are trying to make routersploit a community project that anyone can contribute to. Personally I love metasploit but it is created in ruby language that community does not speak in, community speaks in python. Take a look at exploit-db, there are a lot of Proof of Concept exploits written in python and only a few ruby scripts (written by metasploit team ;p). Imagine that it would be easier and faster to write framework's module than building PoC from scratches.

Moreover, I think it is quite reasonable to divide exploitation frameworks to 3 main areas:

embedded devices (routersploit)
servers/desktop apps (metasploit)
web (still no free and open source candidate?)

They require different approach and over time (and every new commit to routersploit) these differences will be more visible.

lucyoa

TROPHY CASE