Pentest Tools

Published on February 3rd, 2016 📆 | 3690 Views ⚑


RouterhunterBR 2.0 – Automated Tool for Testing in Vulnerable Routers

german tts

The RouterhunterBR is an automated security tool que finds vulnerabilities and performs tests on routers and vulnerable devices on the Internet. The RouterhunterBR was designed to run over the Internet looking for defined ips tracks or random in order to automatically exploit the vulnerability DNSChanger on home routers.
The DNSChanger is a trojan able to direct user requests to illegal sites. In practice, this malware has the ability to change the DNS settings of our machine redirecting the user to sites with malicious purposes. Imagine for example that your system is infected with this malware, what might happen is that the user to access a particular site ( may be forwarded to an unsolicited website and potentially illegal.

 [adsense size='1']

The script explores four vulnerabilities in routers


import sys, os, argparse, itertools, requests, random, time, threading, base64, socket
from datetime import datetime
[adsense size='2']


  -range, --range  Set range of IP
  -bruteforce, --bruteforce                        Performs brute force with users and passwords standards, and soon    after defines the malicious DNS.
  -startip 192.168.*.*, --startip 192.168.*.*      Start - IP range customized with wildcard / 201.*.*.*
  -endip 192.168.*.*, --endip 192.168.*.*          End - IP range customized with wildcard / 201.*.*.*
  -dns1, --dns1                    Define malicious dns1
  -dns2, --dns2                    Define malicious dns2
  --threads 10                                     Set threads numbers
  -rip, --randomip                                 Randomizing ips routers
  -lmtip 10, --limitip 10                          Define limite random ip


Random ips

python --dns1 --dns2 --randomip --limitip 10 --threads 10                      
python --dns1 --dns2 -rip -lmtip 10 --threads 10

Scanner in range ip:

python --dns1 --dns2 --range --threads 10

IP range customized with wildcard / Ex: --startip 201.*.*.* - --endip 201.*.*.*

python --dns1 --dns2 --startip 192.168.*.* --endip 192.168.*.* --threads 10

Brute force with users and passwords on routers that requires authentication, forcing alteration of dns - DSLink 260E.

python --dns1 --dns2 --range --bruteforce --threads 10


[adsense size='3']
Download RouterhunterBR 2.0

Leave a Reply

Your email address will not be published.