AutoSploit : Automated Mass Exploiter

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well.

The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions.

Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started

Operational Security Consideration:

Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.

The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.

Also Read – Arjun : HTTP Parameter Discovery Suite

Installation

Installing AutoSploit is very simple, you can find the latest stable release here. You can also download the master branch as a zip or tarball or follow one of the below methods;

Docker Compose

Using Docker Compose is by far the easiest way to get AutoSploit up and running without too much of a hassle.

git clone https://github.com/NullArray/AutoSploit.git
cd Autosploit/Docker
docker-compose run –rm autosploit

Docker

Just using Docker.

git clone https://github.com/NullArray/AutoSploit.git cd Autosploit/Docker
# If you wish to edit default postgres service details, edit database.yml. Should work out of the box
# nano database.yml
docker network create -d bridge haknet
docker run –network haknet –name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres
docker build -t autosploit .
docker run -it –network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit

Dev team contributor Khast3x recently improved Docker operations as well as add more details to the README.md in the Docker subdirectory. For more information on deploying AutoSploit with Docker please be sure to click here

Cloning

On any Linux system the following should work;

git clone https://github.com/NullArray/AutoSploit
cd AutoSploit
chmod +x install.sh
./install.sh

AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script.

sudo -s << ‘_EOF’ pip2 install virtualenv –user git clone https://github.com/NullArray/AutoSploit.git virtualenv
source /bin/activate
cd
pip2 install -r requirements.txt
chmod +x install.sh
./install.sh
python autosploit.py
_EOF

Usage

Starting the program with python autosploit.py will open an AutoSploit terminal session. The options for which are as follows.

1. Usage And Legal
2.Gather Hosts
3.Custom Hosts
4.Add Single Host
5.View Gathered Hosts
6.Exploit Gathered Hosts
99.Quit

Choosing option 2 will prompt you for a platform specific search query. Enter IIS or Apache in example and choose a search engine. After doing so the collected hosts will be saved to be used in the Exploit component.

As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type python autosploit.py -h to display all the options available to you. I’ve posted the options below as well for reference.

usage: python autosploit.py -[c|z|s|a] -[q] QUERY
[-C] WORKSPACE LHOST LPORT [-e] [–whitewash] PATH
[–ruby-exec] [–msf-path] PATH [-E] EXPLOIT-FILE-PATH
[–rand-agent] [–proxy] PROTO://IP:PORT [-P] AGENT

optional arguments:
-h, –help show this help message and exit
search engines: possible search engines to use
-c, –censys use censys.io as the search engine to gather hosts
-z, –zoomeye use zoomeye.org as the search engine to gather hosts
-s, –shodan use shodan.io as the search engine to gather hosts
-a, –all search all available search engines to gather hosts

requests:
arguments to edit your requests
–proxy PROTO://IP:PORT run behind a proxy while performing the searches
–random-agent use a random HTTP User-Agent header
-P USER-AGENT, –personal-agent USER-AGENT pass a personal User-Agent to use for HTTP requests
-q QUERY, –query QUERY pass your search query

exploits:
arguments to edit your exploits
-E PATH, –exploit-file PATH provide a text file to convert into JSON and save for later use
-C WORKSPACE LHOST LPORT, –config WORKSPACE LHOST LPORT set the configuration for MSF (IE -C default 127.0.0.1 8080)
-e, –exploit start exploiting the already gathered hosts

misc arguments:
arguments that don’t fit anywhere else

–ruby-exec if you need to run the Ruby executable with MSF use this
–msf-path MSF-PATH pass the path to your framework if it is not in your ENV PATH
–whitelist PATH only exploit hosts listed in the whitelist file

Dependencies

Note: All dependencies should be installed using the above installation method, however, if you find they are not:

AutoSploit depends on the following Python2.7 modules.

requests
psutil

Should you find you do not have these installed get them with pip like so.

pip install requests psutil

or

pip install -r requirements.txt

Since the program invokes functionality from the Metasploit Framework you need to have this installed also. Get it from Rapid7 by clicking here.

R K

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago