AutoPWN Suite : Project For Scanning Vulnerabilities And Exploiting Systems Automatically

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

Features

Fully automatic! (Use -y flag to enable)
Detect network IP range without any user input.
Vulnerability detection based on version.
Web app vulnerability testing. (Only LFI for now)
Get information about the vulnerability right from your terminal.
Automatically download exploit related with vulnerability.
Noise mode for creating a noise on the network.
Evasion mode for being sneaky.
Automatically decide which scan types to use based on privilege.
Easy to read output.
Specify your arguments using a config file.
Send scan results via webhook or email.
Works on Windows, MacOS and Linux.

How does it work?

AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of softwares running on it. After gathering enough information about the host, AutoPWN Suite automatically generates a list of “keywords” to search NIST vulnerability database.

Installation

You can install it using pip. (sudo recommended)

sudo pip install autopwn-suite

You can clone the repo.

git clone https://github.com/GamehunterKaan/AutoPWN-Suite.git

You can download debian (deb) package from releases.

sudo apt-get install ./autopwn-suite_1.5.0.deb

Usage

Running with root privileges (sudo) is always recommended.

Automatic mode (This is the intended way of using AutoPWN Suite.)

autopwn-suite -y

Help Menu

$ autopwn-suite -h
usage: autopwn.py [-h] [-v] [-y] [-c CONFIG] [-t TARGET] [-hf HOSTFILE] [-st {arp,ping}] [-nf NMAPFLAGS] [-s {0,1,2,3,4,5}] [-a API] [-m {evade,noise,normal}]
[-nt TIMEOUT] [-o OUTPUT] [-rp {email,webhook}] [-rpe EMAIL] [-rpep PASSWORD] [-rpet EMAIL] [-rpef EMAIL] [-rpes SERVER] [-rpesp PORT] [-rpw WEBHOOK]
AutoPWN Suite
options:
-h, –help show this help message and exit
-v, –version Print version and exit.
-y, –yesplease Don’t ask for anything. (Full automatic mode)
-c CONFIG, –config CONFIG
Specify a config file to use. (Default : None)
Scanning:
Options for scanning
-t TARGET, –target TARGET
Target range to scan. This argument overwrites the hostfile argument. (192.168.0.1 or 192.168.0.0/24)
-hf HOSTFILE, –hostfile HOSTFILE
File containing a list of hosts to scan.
-st {arp,ping}, –scantype {arp,ping}
Scan type.
-nf NMAPFLAGS, –nmapflags NMAPFLAGS
Custom nmap flags to use for portscan. (Has to be specified like : -nf=”-O”)
-s {0,1,2,3,4,5}, –speed {0,1,2,3,4,5}
Scan speed. (Default : 3)
-a API, –api API Specify API key for vulnerability detection for faster scanning. (Default : None)
-m {evade,noise,normal}, –mode {evade,noise,normal}
Scan mode.
-nt TIMEOUT, –noisetimeout TIMEOUT
Noise mode timeout. (Default : None)
Reporting:
Options for reporting
-o OUTPUT, –output OUTPUT
Output file name. (Default : autopwn.log)
-rp {email,webhook}, –report {email,webhook}
Report sending method.
-rpe EMAIL, –reportemail EMAIL
Email address to use for sending report.
-rpep PASSWORD, –reportemailpassword PASSWORD
Password of the email report is going to be sent from.
-rpet EMAIL, –reportemailto EMAIL
Email address to send report to.
-rpef EMAIL, –reportemailfrom EMAIL
Email to send from.
-rpes SERVER, –reportemailserver SERVER
Email server to use for sending report.
-rpesp PORT, –reportemailserverport PORT
Port of the email server.
-rpw WEBHOOK, –reportwebhook WEBHOOK
Webhook to use for sending report.