REXT - Router Exploitation Toolkit

REXT is a toolkit for easy creation and usage of various python scripts that work with embedded devices.

Requirements:

• requests
• paramiko
• beautifulsoup4

Installation:

Git clone REXT repository (this is the recommended way if you wish for REXT update command to work)

$ git clone https://github.com/j91321/rext.git

or download REXT

$ wget https://github.com/j91321/rext/archive/master.zip
$ unzip master.zip

Install requests dependency:
Using pip:

$ pip install requests
$ pip install paramiko
$ pip install beautifulsoup4

or on Ubuntu:

$ sudo apt-get install python3-requests

$ sudo apt-get install python3-paramiko

$ sudo apt-get install python3-bs4

Running REXT

Start REXT console:

$ python3 rext.py

Usage:

After starting REXT you are introduced to REXT console interface.

REXT:Router EXploitation Toolkit
Author:Ján Trenčanský
Email:jan.trencansky(at)gmail.com
Twitter:@j91321
Version:0.0
License:GNU GPL v3
================================
>

You can type help get list about available commands or help to get information and example usage on specific command.

>help

Documented commands (type help <topic>):
========================================
exit  help  load  show  unload  update

>help update
Help: update REXT functionality
Usage: update <argument>
Available arguments:
 no argument
  update REXT using git
 oui
  update MAC vendor database
 force
  do git reset --hard and update

>

Command show will print list of directories or modules in current depth.

decryptors/zyxel/>show
rom-0_decrypt
decryptors/zyxel/>

You can press tab to autocomplete your command or tab tab to show available options. E.g. command load tab-tab will print all available modules disregarding your current path. 

misc/>load 
decryptors/draytek/vigor_config_old
decryptors/draytek/vigor_fw_decompress
decryptors/zyxel/rom-0_decrypt
exploits/linksys/ea6100_auth_bypass
exploits/netgear/n300_auth_bypass
exploits/zyxel/rom-0
harvesters/airlive/WT2000ARM
misc/accton/switch_backdoor_gen
misc/adb/a1_default_wpa_key
misc/adb/alice_cpe_backdoor
misc/arris/dg860a_mac2wps
misc/arris/tm602a_password_day
misc/belkin/mac2wps
misc/cobham/admin_reset_code
misc/draytek/vigor_master_key
misc/huawei/hg520_mac2wep
misc/huawei/hg8245_mac2wpa
misc/pirelli/drg_a255_mac2wpa
misc/sagem/fast_telnet_password
misc/sitecom/wlr-400X_mac2wpa
misc/vodafone/easybox_wpa2_keygen
scanners/allegrosoft/misfortune_cookie
misc/>load 

You can use load command to start a specific module of REXT. When loading module not just changing directory new sub-console is actually created. You can see that by typing help command. The list of available commands changed. REXT modules always follow the same convention for paths type/vendor/module.

misc/>load misc/arris/dg860a_mac2wps
misc/arris/dg860a_mac2wps>help

Documented commands (type help <topic>):
========================================
exit  help  mac  run  set

misc/arris/dg860a_mac2wps>

Typing info when module is loaded will print basic information about module and its options.

misc/arris/dg860a_mac2wps>info

Name:ARRIS DG860A WPS PIN Generator
File:dg860a_mac2wps.py
Author:Ján Trenčanský
License: GNU GPL v3
Created: 23.7.2015
Description: Generates WPS pin for Arris DG860A router based on mac
Based on: Work of Justin Oberdorf 
https://packetstormsecurity.com/files/123631/ARRIS-DG860A-WPS-PIN-Generator.html

Options:
    Name        Description

    mac         MAC address used as input for WPS pin generation
misc/arris/dg860a_mac2wps>

Here you can use command mac to print current MAC address or use the command set to set new MAC address. After you are done with the configuration of module properties you can execute it with run command (this applies for all modules disregarding of their type). Some basic validations are in place that will prevent you in setting incorrect values.

misc/arris/dg860a_mac2wps>mac
00:00:00:00:00
misc/arris/dg860a_mac2wps>set mac 11:22:33:44:55
Error: please provide valid MAC address
misc/arris/dg860a_mac2wps>set mac 00:50:56:C0:00:08
MAC set to: 00:50:56:C0:00:08 (VMware, Inc.)
misc/arris/dg860a_mac2wps>run
Success: 
WPS PIN: 62175401

Now that the module was executed you may wish to load different module. You can do this by typing back command. This command will exit only the current module and return you to the main REXT console. If you type exit it will exit REXT.

You can use unload command to get to REXT root directory. But this is not necessary since load command works with absolute paths you can use.

misc/arris/dg860a_mac2wps>back
misc/arris/>unload
>show
exploits
misc
harvesters
scanners
decryptors
>exit
Bye!

Download REXT

You might also like:

• 14 Best IP Hide Tools 2020

• The Dark Side Of The Web - Exploring Darknets | TED Talk

• 4 Best Ways To Hack Android Games

• Best Way To Securely Wipe Sensitive Data From Your Computer

• OFS Doser - A DoS (Denial of Service) Attack Tool For Android

• Johnny Lee: Wii Remote Hacks | TED Talk

• How To Recover Files On Android

• Ophcrack - A Windows Password Cracker

• 4 Best Secure Messaging Apps For Android and iPhone

• How To Hide Files Inside Any Image File On Android

• CrypticSMS - An Android Tool To Encrypt/Decrypt SMS

• Hash Decrypt - An Android Tool To Crack Hashes

• Cryptonite - A Local & Cloud Data Encryption Tool

• Photo Exif Editor - An Android Forensic Tool

• How To Change The Icon Of An Executable File

• 3 Best Free Android Apps For People Search (a.k.a Social Search)

• Top 17 Antiviruses For Android

• 15 Best Malware Sample Sources For Researchers and Reviewers

• WiFinspect - An Android Tool For WiFi Network Monitoring and Auditing

• How To Fake Your GPS Location On Android

• 10 Best Free Proxy/VPN Apps For Android

• AppUse - Android Pentest Platform Unified Standalone Environment