Authentication Bypass in ASUS AiCloud Routers

Repository contains a single substantive Go program, origasus.go, plus a README. The code is an operational exploit/scanner targeting ASUS AiCloud/AsusWRT devices and explicitly references a chained attack involving SETROOTCERTIFICATE to write /etc/cert.pem.1 and APPLYAPP/RC_SERVICE to execute commands. It is not merely a detector: it reads targets from stdin or a file, supports optional TLS and multi-port scanning, verifies ASUS-related indicators to reduce false positives, and then attempts exploitation using multiple HTTP request and shell-execution variants. The exploit is structured as a concurrent scanner with global configuration, signal handling, exploited-host tracking, and environment-driven loader customization. It maintains a list of common ASUS management ports, supports host:port parsing or separator-based input, and skips previously exploited hosts unless disabled. The payload logic is the most notable part: it builds several shell-script variants intended to be written to /etc/cert.pem.1, then tries many command-injection forms to execute that file. The staged script attempts to download kla.sh from a configurable loader host over HTTP or raw TCP using wget, busybox wget, curl, nc, or toybox nc, stores it in writable temp locations, marks it executable, and launches it in the background with a campaign tag. Fingerprintable observables include the default loader IP 11.11.11.11, HTTP path /bins/kla.sh, TCP port 3342, target-side file /etc/cert.pem.1, temp directories /dev/shm, /var/tmp, /tmp, and the local bookkeeping file exploited.txt. Overall, this repository is a compact standalone Go-based exploitation utility for mass-targeting vulnerable ASUS router/web-management interfaces, with built-in staging for a second-phase shell payload.