routersploit

RouterSploit is a Python framework designed for testing the security of embedded devices such as home routers, network switches, and similar hardware. It works similarly to general-purpose penetration testing frameworks but focuses specifically on the kinds of vulnerabilities and attack patterns found in consumer and enterprise networking equipment.

The framework is built from modules, each designed for a specific task. Exploit modules target known vulnerabilities in specific router models and firmware versions. Credential modules test whether a device is using default or weak passwords on services like SSH, Telnet, or web admin panels. Scanner modules check a target device to see which of the available exploits might apply to it. Payload modules generate code that can be sent to a compromised device for various processor architectures. Generic modules cover broader attack categories that are not specific to any one device.

The tool runs as an interactive command-line shell. You load a module, point it at a target IP address, and run it. The project is also used as a foundation for other tools: the README notes that many people forked RouterSploit not for its security content but simply to reuse its interactive shell structure, which is now published separately as a library called Riposte.

Installation is straightforward on Linux and macOS. You clone the repository and install a few Python dependencies with pip. There is also a Docker option for those who prefer a contained environment. Optional Bluetooth Low Energy support can be added with an extra library for testing wirelessly connected embedded devices.

The framework is under active development, with new modules added frequently. It is licensed under the BSD license.