Metadata-Version: 2.4
Name: routerxpl
Version: 0.6.3
Summary: Network Device Security Assessment Framework — 647 modules, 338 CVEs, 49 vendors
Author-email: André Henrique <henrique.santos@uniaogeek.com.br>
Maintainer-email: André Henrique <henrique.santos@uniaogeek.com.br>
License: Copyright 2024-2026, RouterXPL-Forge by André Henrique (@mrhenrike)
        All rights reserved.
        
        Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
        
            * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
            * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
            * Neither the name of RouterXPL-Forge nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
        
        THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
        
        The above licensing was taken from the BSD licensing and is applied to RouterXPL-Forge as well.
        
        RouterXPL-Forge is provided as is, and is a royalty free open-source application.
        
        Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit.
Project-URL: Homepage, https://github.com/mrhenrike/RouterXPL-Forge
Project-URL: Repository, https://github.com/mrhenrike/RouterXPL-Forge
Project-URL: Documentation, https://github.com/mrhenrike/RouterXPL-Forge/wiki
Project-URL: Bug Tracker, https://github.com/mrhenrike/RouterXPL-Forge/issues
Project-URL: Changelog, https://github.com/mrhenrike/RouterXPL-Forge/releases
Keywords: security,pentesting,router,iot,exploit,network-security,vulnerability-scanner,gpon,cve,ethical-hacking,red-team,routersploit,automation
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Console
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Education
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: Science/Research
Classifier: Intended Audience :: System Administrators
Classifier: Intended Audience :: Telecommunications Industry
Classifier: License :: OSI Approved :: BSD License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Programming Language :: Python :: 3.13
Classifier: Topic :: Security
Classifier: Topic :: System :: Networking
Classifier: Topic :: Utilities
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: requests>=2.32.4
Requires-Dist: paramiko>=3.0
Requires-Dist: pysnmp>=4.4.12
Requires-Dist: pycryptodome>=3.18
Requires-Dist: scapy>=2.5
Requires-Dist: setuptools>=68
Requires-Dist: colorama>=0.4.6
Requires-Dist: rich>=13.0
Requires-Dist: aiohttp>=3.9
Requires-Dist: psutil>=5.9
Requires-Dist: python-nmap>=0.7.1
Requires-Dist: telnetlib3>=2.0.0; python_version >= "3.13"
Provides-Extra: ml
Requires-Dist: numpy>=1.24; extra == "ml"
Requires-Dist: scikit-learn>=1.3; extra == "ml"
Provides-Extra: ml-gpu
Requires-Dist: torch>=2.0.0; extra == "ml-gpu"
Requires-Dist: numpy>=1.24; extra == "ml-gpu"
Provides-Extra: dev
Requires-Dist: build>=1.0; extra == "dev"
Requires-Dist: twine>=5.0; extra == "dev"
Requires-Dist: flake8>=6.0; extra == "dev"
Requires-Dist: bandit>=1.7; extra == "dev"
Requires-Dist: pip-audit>=2.6; extra == "dev"
Requires-Dist: pytest>=7.0; extra == "dev"
Dynamic: license-file

# RouterXPL-Forge

**Network Device Security Assessment Framework**

RouterXPL-Forge is an open-source exploitation framework designed for security professionals to audit routers, switches, TAPs, and SOHO edge devices. It provides **666 modules** covering credential testing, vulnerability exploitation, network scanning, payload generation, and encoding — with **338 CVEs** mapped across **51 vendors**.

> **Author:** André Henrique ([@mrhenrike](https://github.com/mrhenrike)) | [União Geek](https://github.com/Uniao-Geek)

---

## Features

- **516 exploit modules** — RCE, auth bypass, path traversal, info disclosure, buffer overflow, DNS hijacking, command injection, backdoor, CSRF, config decrypt
- **88 credential modules** — dictionary attacks against FTP, SSH, Telnet, HTTP, SNMP, SFTP
- **5 scanner modules** — AutoPwn, device-specific scanners
- **32 payload modules** — reverse/bind TCP shells for x86, x64, ARM, MIPS, Python, Perl, PHP
- **13 encoder modules** — Base64 and hex encoding for Python, PHP, Perl
- **12 generic modules** — Heartbleed, ShellShock, UPnP SSDP/IGD, SNMP bruteforce, TCP Xmas scan, UDP amplification test, CVE lookup
- **338 CVEs mapped** — from 2001 to 2026, covering all major vulnerability classes
- **23 vendor-specific wordlists** — externalized default credentials per vendor (incl. ISP-specific Brazil)
- **Network discovery** — SSDP, ARP, Nmap, Scapy fallback, OUI lookup (IEEE database), T0–T5 timing profiles
- **Session management** — persistent scan history per host (IP+MAC), resume/restart, full findings index
- **Chained autopwn modules** — multi-phase vendor-specific exploitation chains (Huawei GPON ONT, D-Link, TP-Link, etc.)

## Supported Device Types

| Type | Coverage | Description |
|------|----------|-------------|
| **Routers / GPON ONT / CPE** | 580+ modules | SOHO routers, enterprise gateways, GPON CPE/ONT (primary focus) |
| **Switches L2/L3** | 3 modules | Managed switches (Cisco, D-Link, NETGEAR) — limited coverage |
| **SOHO Edge** | 9 modules | Travel routers, NAS, wireless APs |

## Supported Vendors

2Wire · 3Com · ActionTec · Arris · Aruba · Asmax · ASUS · Belkin · BHU · Billion · Calix · CERIO · Cisco · Comtrend · D-Link · Draytek · FiberHome · Fortinet · GPON · HooToo · Huawei · Intelbras · IPFire · Juniper · LG · Linksys · Mercury · MikroTik · MitraStar · Movistar · Netcore · NETGEAR · Netsys · OpenWrt · Ruijie · SerComm · Shuttle · SonicWall · Technicolor · Tenda · Thomson · TOTOLINK · TP-Link · TRENDnet · Ubiquiti · Wavlink · Xiaomi · Zhone · ZTE · ZyXEL

## Quick Start

```bash
# Clone the repository
git clone https://github.com/mrhenrike/RouterXPL-Forge.git
cd RouterXPL-Forge

# Install dependencies
pip install -r requirements.txt

# Launch the interactive shell
python rxf.py

# Or run a specific module non-interactively
python rxf.py -m exploits/routers/dlink/dir_300_600_rce -s target 192.168.1.1
```

## Usage

### Interactive Shell

```
rxf > use exploits/routers/dlink/dir_300_600_rce
rxf (D-Link DIR-300 & DIR-600 RCE) > show options
rxf (D-Link DIR-300 & DIR-600 RCE) > set target 192.168.1.1
rxf (D-Link DIR-300 & DIR-600 RCE) > check
rxf (D-Link DIR-300 & DIR-600 RCE) > run
```

### Common Commands

| Command | Description |
|---------|-------------|
| `use <module>` | Select a module |
| `show options` | Display configurable options |
| `show info` | Display module metadata and references |
| `show devices` | List supported device types |
| `set <option> <value>` | Configure an option |
| `check` | Verify if target is vulnerable |
| `run` | Execute the module |
| `search <term>` | Search modules by keyword |
| `discover [subnet] [--timing T0-T5] [--fresh]` | Scan subnet, fingerprint targets, suggest modules |
| `sessions list\|show\|delete\|export\|purge` | Manage persistent scan history per host |

### Network Discovery

```
# Auto-detect subnet from active interfaces and scan (default timing T3)
rxf > discover

# Scan specific subnet with stealth timing
rxf > discover 192.168.1.0/24 --timing T1

# Force fresh scan, ignore previous session history
rxf > discover 192.168.1.0/24 --fresh
```

Discovery uses a multi-phase pipeline: ARP sweep → Nmap (multi-method host probes) → Scapy → TCP connect fallback. Results are matched against the module catalog and filtered by vendor/model. The IEEE OUI database (`routerxpl/data/oui.txt`) resolves MAC addresses to vendors with online-first lookup and local fallback. When a host exposes WiFi capabilities, the tool recommends [WirelessXPL-Forge](https://github.com/mrhenrike/WirelessXPL-Forge) for wireless-specific attacks.

**Timing profiles (T0–T5)** mirror Nmap conventions:

| Profile | Delay | Use case |
|---------|-------|----------|
| T0 | paranoid — 300s | IDS evasion |
| T1 | sneaky — 15s | Quiet audits |
| T2 | polite — 2s | Minimal impact |
| T3 | normal — 0.5s | Default |
| T4 | aggressive — 0.1s | Fast LAN scans |
| T5 | insane — 0s | CTF / lab only |

### Session Management

```
# List all hosts with scan history
rxf > sessions list

# Full history for one host: tested modules, findings, timestamps
rxf > sessions show 192.168.1.1

# Export session as JSON
rxf > sessions export 192.168.1.1

# Delete one session
rxf > sessions delete 192.168.1.1

# Purge all sessions
rxf > sessions purge
```

Sessions are stored in `~/.rxf_sessions/` as JSON, keyed by SHA-256 of IP+MAC. On re-discovery of a known host, already-tested modules are shown as `[Tested]` and skipped by default.

### AutoPwn Scanner

```
rxf > use scanners/autopwn
rxf (AutoPwn) > set target 192.168.1.0/24
rxf (AutoPwn) > run
```

## Module Structure

```
routerxpl/modules/
├── creds/             # Credential testing (FTP, SSH, Telnet, HTTP, SNMP)
│   ├── generic/       # Protocol-agnostic bruteforce and defaults
│   └── routers/       # Vendor-specific default credentials
├── exploits/          # Vulnerability exploitation
│   ├── generic/       # Cross-vendor (Heartbleed, ShellShock, GPON)
│   ├── routers/       # Router exploits by vendor (44 vendor folders)
│   ├── switches/      # Switch exploits (Cisco, D-Link, NETGEAR)
│   └── soho_edge/     # SOHO edge device exploits
├── scanners/          # Network scanning and AutoPwn
├── payloads/          # Reverse/bind shells (multi-arch)
├── encoders/          # Payload encoding (Base64, Hex)
└── generic/           # CVE lookup, SNMP, UPnP SSDP, UPnP IGD exploit, wordlist tools
```

## Architecture Diagrams

Mermaid diagrams for all supported device categories are in [`docs/diagrams/architecture/`](docs/diagrams/architecture/). Rendered PNGs are in [`docs/img/architecture/`](docs/img/architecture/).

| SOHO Router | ISP CPE / GPON ONT |
|:-----------:|:------------------:|
| ![SOHO router](docs/img/architecture/rxf_arch_router_soho.png) | ![ISP CPE](docs/img/architecture/rxf_arch_isp_cpe.png) |

| Mixed Edge | GPON ONT Full Attack Map |
|:----------:|:------------------------:|
| ![Mixed edge](docs/img/architecture/rxf_arch_edge_mixed.png) | ![GPON ONT attack map](docs/img/architecture/rxf_arch_gpon_ont_attack.png) |

## Requirements

- Python 3.8+
- Optional: `nmap` (binary) for enhanced network discovery
- Dependencies: `requests`, `paramiko`, `pysnmp`, `pycryptodome`, `scapy`, `colorama`, `rich`, `python-nmap`

Full list: [`requirements.txt`](requirements.txt)

## Legal Disclaimer

RouterXPL-Forge is intended for authorized security testing and research only. Use this tool exclusively on systems you own or have explicit written permission to test. Unauthorized access to computer systems is illegal. The authors assume no liability for misuse.

## License

BSD License — see [LICENSE](LICENSE) for details.

---

> **Author:** André Henrique ([@mrhenrike](https://github.com/mrhenrike)) | **União Geek** — [https://github.com/Uniao-Geek](https://github.com/Uniao-Geek)
