how to install the vulnerability exploitation framework routerspread on non root mobile phones

Posted by deaguero at 2020-04-10

Translator: wisfree

Estimated contribution fee: 200rmb

Submission method: send an email to Linwei Chen, or log in to the web page for online submission

Routerspread is similar to the famous Metasploit. Routerspread is also a powerful vulnerability exploitation framework. But routerspread is mainly aimed at router devices. It can quickly identify and exploit the security vulnerabilities in the router. This article will show you how to install routerspread to Android devices without root step by step.

Words written in the front

Before that, I wrote a tutorial about how to install routerspread on Kali Linux and Mac OS (OS X), but in this article, I will teach you how to install routerspread on an Android smartphone without root step by step. After installation, it means that you can conduct vulnerability mining or security testing on the router to which this smartphone is connected. Next, it's time for Android devices to demonstrate their portability and functionality.

The story of router spread and router

Routers are the gateway for us to enter the Internet world. They can send our network traffic, encrypt our traffic and protect our privacy, or allow us to connect with other devices through the local network.

After buying a router, many ordinary users usually take it back and plug in the Internet cable to connect it, and then use it until it breaks down. But you may not know that the router is also a small computer running Linux system. Most users will not change the administrator password of the router, and may never install additional security plug-ins or security updates for the router. If you are unlucky, you should change your router password and install the corresponding update patch before reading this article.

Because the router is often a device that is easily ignored by ordinary users, we only need to use the right tools to scan and exploit the common vulnerabilities in the router. Routerspread exploits the most common router security vulnerabilities and default configuration. With the help of routerspread, we can attack the router through any device that supports Python scripts.

Android and Debian Linux

If you want to run the hacker tool on Android phones, you need to get the root permission of the phones first in most cases, but the root process of some phones is likely to be very complex, and even users can't get the root permission at all, and the phones will become very insecure after root. In order to install and run routerspread on Android phones without root, we need to use an app named gnuroot Debian to build and configure Debian system environment on Android phones, which is the legendary Kali Linux.

The running screenshot after installation is as follows:

Kali can help us determine whether most of the dependent components have been installed, so we need to install all the dependent components for our Android Debian system first, so that the system can run normally. The whole process does not need root permission or other messy permissions. We can run Linux Python tools directly on Android phones to complete the installation. It should be noted that although packet injection is not supported, such a framework as router spread can still work normally.

Using attack framework on Android devices

The natural nature of the Android environment allows us to easily use a variety of wireless attack technologies to detect, connect and invade any wireless access point. When intruding into the router, the Android application tools I used are as follows:

1. In order to detect and identify the wireless network in an area, I used Wigle WiFi wardriving. It allows us to view, record and interact with all wireless networks in the area that are transmitting data.

2. In order to scan and identify the target network that can be attacked according to the manufacturer, IP address and available services, I used the find network scanner, which can return the network details connected to the current device.

3. Once we have determined the network to be tested / attacked, routerspread's autopwn scanner will send all available payloads to the target network. The test equipment we use is Samsung's latest flagship Galaxy S8. The whole test process can be completed in less than a minute.

Using Android phone without root as attack platform

Using a powerful Linux attack framework on Android phones can provide us with another attack perspective. Even if other people know that you are doing something "abnormal" with your phone, they will not doubt you. This is a great advantage of using Android phones for hacker attacks.

It is often said that the best weapon is the one in your hand, and hacker tools are no exception. After configuring our attack environment, we can use gnuroot Debian to audit the security of any router without any special tools.

Soon you will find that when you attack someone's router with your mobile phone on the road, they think you are playing Pok é mon go!

What do we need to prepare?

The only hardware we need is Android smartphone. I'm using a Samsung Galaxy S8, because a mobile phone with a huge full curved glass screen can remind me how vulnerable my life is at any time, but you can also use other Android phones, as long as it supports gnuroot Debian.

Step 1: install gnuroot Debian

First, we need to install gnuroot Debian, which can help us run Debian Linux system in an Android device vendor without root. In the Google play store, search gnuroot Debian or click [this link] to download it directly.

Download and install the app (60MB). When it runs for the first time, the tool will automatically configure the Debian environment:

The whole configuration process will take about a minute or two. After the configuration is completed, you will see the following interface:

Step 2: install the dependent components

Debian Linux for Android is not like Kali Linux. It does not have any special dependent components preinstalled, so we have to install many things ourselves. First, we update the Debian system with the following command:

apt-get update

Then install some of the tools routerspread needs:

apt-get install sudo sudo apt-get install git-core sudo apt-get install python-dev python-pip libncurses5-dev git

Step 3: install routerspread

After the installation of dependent components, we can download routerspread using the following command:

git clone

Step 4: run routerspread for the first time

After the router spread installation is complete, we need to run it and make sure it works. Use the following command to navigate to the home directory of routerspread:

cd routersploit sudo python ./

Wait a few seconds or so, and then you'll see the start-up screen of router spread. The operation interface of routerspread is very similar to that of Metasploit. The main operation commands are as follows:

1. Use (module)

2. Set

3. Show options

4. Check (determine whether the target can be attacked)

5. Run (run exploit module)

The module we want to run is autopwn. The command is as follows:

use scanners/autopwn

This command will launch the autopwn scanner and start vulnerability scanning on the target.

Step 5: set attack target

After installing Wigle WiFi wardriving, we can use our Android phone to view the nearby wireless network. When you have access to a Wi Fi network or a Wi Fi password, we can use find or other network scanners to scan the network and search out all devices connected to the router.

After you locate the IP address of the target, we can set it in autopwn. We can use the following commands to view the optional actions for the module:

show options

After entering the autopwn module, we can use the following commands in the terminal to set the IP address of the router to be attacked:

set target IP_address_here

Replace the IP address here in the above command with the IP address of the router to be attacked, and then press enter. If you are not sure whether the setting is successful, you can enter the command "show options" again to confirm. Next, enter the command "run" and press enter to perform the scan module. Wait for a moment, and the tool will output the scan results and the security vulnerabilities found on the terminal.

Step 6: exploit the discovered vulnerabilities

At the end of the scan, type the "use" command and copy in the exploit module provided by autopwn. For example:

use exploits/cameras/dlink/dcs_9301_9321_auth_bypass

Set the IP address of the target as before:

set target IP_address_here

After the IP address is set, run the command "check" to determine whether the vulnerability can be exploited to attack the target device. If available, run the "run" command to execute the exploit module.


Please don't use it for malicious purposes. Even if the target router has no defense mechanism at all, you should not do too much to it. It is worth noting that since the "action" of autopwn scanner will be relatively large, it is likely to be detected by security products. Please use it carefully.

If you have any questions about this article, please contact the author. (twitter or instagram)