AutoPWN Suite : Project For Scanning Vulnerabilities And Exploiting Systems Automatically

AutoPWN Suite is a project for scanning vulnerabilities and exploiting systems automatically.

Features

• Fully automatic! (Use -y flag to enable)
• Detect network IP range without any user input.
• Vulnerability detection based on version.
• Web app vulnerability testing. (Only LFI for now)
• Get information about the vulnerability right from your terminal.
• Automatically download exploit related with vulnerability.
• Noise mode for creating a noise on the network.
• Evasion mode for being sneaky.
• Automatically decide which scan types to use based on privilege.
• Easy to read output.
• Specify your arguments using a config file.
• Send scan results via webhook or email.
• Works on Windows, MacOS and Linux.

How does it work?

AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of softwares running on it. After gathering enough information about the host, AutoPWN Suite automatically generates a list of “keywords” to search NIST vulnerability database.

Installation

You can install it using pip. (sudo recommended)

sudo pip install autopwn-suite

OR

You can clone the repo.

git clone https://github.com/GamehunterKaan/AutoPWN-Suite.git

OR

You can download debian (deb) package from releases.

sudo apt-get install ./autopwn-suite_1.5.0.deb

Usage

Running with root privileges (sudo) is always recommended.

Automatic mode (This is the intended way of using AutoPWN Suite.)

autopwn-suite -y

Help Menu

$ autopwn-suite -h
usage: autopwn.py [-h] [-v] [-y] [-c CONFIG] [-t TARGET] [-hf HOSTFILE] [-st {arp,ping}] [-nf NMAPFLAGS] [-s {0,1,2,3,4,5}] [-a API] [-m {evade,noise,normal}]
[-nt TIMEOUT] [-o OUTPUT] [-rp {email,webhook}] [-rpe EMAIL] [-rpep PASSWORD] [-rpet EMAIL] [-rpef EMAIL] [-rpes SERVER] [-rpesp PORT] [-rpw WEBHOOK]
AutoPWN Suite
options:
-h, –help show this help message and exit
-v, –version Print version and exit.
-y, –yesplease Don’t ask for anything. (Full automatic mode)
-c CONFIG, –config CONFIG
Specify a config file to use. (Default : None)
Scanning:
Options for scanning
-t TARGET, –target TARGET
Target range to scan. This argument overwrites the hostfile argument. (192.168.0.1 or 192.168.0.0/24)
-hf HOSTFILE, –hostfile HOSTFILE
File containing a list of hosts to scan.
-st {arp,ping}, –scantype {arp,ping}
Scan type.
-nf NMAPFLAGS, –nmapflags NMAPFLAGS
Custom nmap flags to use for portscan. (Has to be specified like : -nf=”-O”)
-s {0,1,2,3,4,5}, –speed {0,1,2,3,4,5}
Scan speed. (Default : 3)
-a API, –api API Specify API key for vulnerability detection for faster scanning. (Default : None)
-m {evade,noise,normal}, –mode {evade,noise,normal}
Scan mode.
-nt TIMEOUT, –noisetimeout TIMEOUT
Noise mode timeout. (Default : None)
Reporting:
Options for reporting
-o OUTPUT, –output OUTPUT
Output file name. (Default : autopwn.log)
-rp {email,webhook}, –report {email,webhook}
Report sending method.
-rpe EMAIL, –reportemail EMAIL
Email address to use for sending report.
-rpep PASSWORD, –reportemailpassword PASSWORD
Password of the email report is going to be sent from.
-rpet EMAIL, –reportemailto EMAIL
Email address to send report to.
-rpef EMAIL, –reportemailfrom EMAIL
Email to send from.
-rpes SERVER, –reportemailserver SERVER
Email server to use for sending report.
-rpesp PORT, –reportemailserverport PORT
Port of the email server.
-rpw WEBHOOK, –reportwebhook WEBHOOK
Webhook to use for sending report.