gethsploit - Finding Ethereum nodes which are vulnerable to RPC-attacks.

gethsploit – Finding Ethereum nodes which are vulnerable to RPC-attacks.

gethsploit is a set of python scripts to enumerate ethereum peers which have rpc-ports enabled.

Prerequisites:
Make sure you have geth installed, preferably the latest version, which has some fixes concerning attaching to other rpc-instances.

Using Gethsploit:
Make sure geth is not running, or getsploit will only run once.

Finding Ethereum nodes which are vulnerable to RPC-attacks

Finding Ethereum nodes which are vulnerable to RPC-attacks

getsploit iterates until cancelled.
+ starts up geth
+ waits 60 seconds to populate peers
+ enumerates peers and extracts running version
+ probes the peer to see if the RPC-instance is running
+ kills geth

Requirements:
– python 2.7x
– python telnetlib, yaml, requests

usage:

Source: https://github.com/KarmaHostage