|
DOWNLOAD
Jointrooter is a pen-test tool for routers using the TELNET protocol and soon the SSH (i.e.
linksys);
to do so it uses dictionaries and a file with the prompts of different models, to be
able to audit more routers we only need to add new prompts. Actually the database has
prompts for: ZyXeL, 3Com & Vigor ( although is possible that it will detect many more due
that a lot of prompts are similar, i.e.: “>” ).
We recomend to use it with Fast HTTP Auth Scanner, created by Andres Tarasco, published
at http://www.514.es, so that the web portal and TELNET service can be audited.
It is designed for routers that only ask for password, like login & password, i.e. , always
are sent in blocks of pairs the entries of the dictionary, even if only the user exists.
This means if we have as an entry the user: prueba and after pepe, both without a
password: Router with User & Pass:
User: prueba
Pass: NULL
User: pepe
Pass: NULL
Router con User:
User: prueba
User: NULL
User: pepe
Pass: NULL
If it was not done this way, we would send as prueba's password, pepe in the router with User & Password, something that WE DO NOT WANT.
T O D O
======================
- Add SSH suppor.t
- Improve Dictionaries/Prompts
- Add multithreading support.
- Improve source code.
- Comment source code.
- Creating correlation of events depending the signatures.
- Porting to Linux
- Docking it with FAST HTTP AUTH SCANNER.
- Create it without DEBUG_OK.
- Add audit of IP ranges.
- Improve arguments entries.
- Specifie timeout from the comand entry.
- Obtain optimum timeout automatically
- Create routine to delete duplicated entries from the credential list.
- Enable as user and password '\n'
|