AutoSploit: Automated Mass Exploiter

Last Release: 09/04/2019     Last Commit: 09/04/2019

AutoSploit: Automated Mass Exploiter

AutoSploit is a powerful hacking tool that has the ability to automate exploitation operations on remote hosts. This tool enables you to perform mass exploitations on the system being targeted by utilizing the services offered by ShodanCensys, Zoomeye and Metasploit. This tool is developed using Python.

AutoSploit: Automated Mass Exploiter Logo/Banner

Autosploit: Advanced Remote Host Mass Exploitation

With this tool, you can easily launch an attack on a remote host within a fairly short time. This is made possible due to the availability of Shodan, a powerful search engine that allows you to automatically fish out targets that are connected to a particular network service. Alternatively, you can also use target seeking tools such as Zoomeye and Censys to search out intended targets.

Apart from the automated host searching and collection, AutoSploit also gives you the option of creating your own customized target list. With this option in place, you can effectively launch attack-intended searches on hosts of your choice by manually adding them to your list.

Metasploit Modules and How They Work Together

The available powerful Metasploit modules are responsible for handling the rest of the work after the targets have been collected. By default, Metasploit comes with a long list of attack modules but you can manually add other modules of your liking to make the tool more powerful. The module deployed will depend on the platform search query that was used when an attack was launched. The Metasploit modules can help a pentester to gain access to services such as Meterpreter sessions and also be able to make remote code executions and many other attacks.
The combination of Shodan and Metasploit makes it very easy to use autosploit especially since the whole process is automated. The inclusion of Metasploit makes autosploit very effective tool when it comes to launching attacks on Apache-based projects.

AutoSploit Features:

  • Automated Target Collection
  • Customized Target List (allows you to add your own list of targets)
  • Metasploit Modules
  • Custom user-agent
  • Mass exploitations

Supported Platforms:

  • Linux
  • OS X (must be within virtual environments to properly function)

Dependencies:

This tool relies on the below Python 2.7 modules:

  • requests
  • psutil

The required dependencies should all be in place after performing an installation with the recommended method, but you can easily install them using pip:

$ pip install -r requirements.txt

Alternatively:

$ pip install requests psutil

Autosploit Install

Install AutoSploit via Docker Compose:

Clone the repo:

$ git clone https://github.com/NullArray/AutoSploit.git

Navigate to the Autosploit directory and run:

$ cd Autosploit/Docker
$ docker-compose run --rm autosploit

Install AutoSploit on Linux (via cloning)

Clone:

$ git clone https://github.com/NullArray/AutoSploit

Navigate to the AutoSploit directory, make the install script executable and install:

$ cd AutoSploit
$ chmod +x install.sh
$ ./install.sh

Usage

To start AutoSploit run:

$ python autosploit.py

This will take you to the available user options that you can choose from.

usage: python autosploit.py -[c|z|s|a] -[q] QUERY
                            [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH
                            [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH
                            [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT

optional arguments:
  -h, --help            show this help message and exit

search engines:
  possible search engines to use

  -c, --censys          use censys.io as the search engine to gather hosts
  -z, --zoomeye         use zoomeye.org as the search engine to gather hosts
  -s, --shodan          use shodan.io as the search engine to gather hosts
  -a, --all             search all available search engines to gather hosts

requests:
  arguments to edit your requests

  --proxy PROTO://IP:PORT
                        run behind a proxy while performing the searches
  --random-agent        use a random HTTP User-Agent header
  -P USER-AGENT, --personal-agent USER-AGENT
                        pass a personal User-Agent to use for HTTP requests
  -q QUERY, --query QUERY
                        pass your search query

exploits:
  arguments to edit your exploits

  -E PATH, --exploit-file PATH
                        provide a text file to convert into JSON and save for
                        later use
  -C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT
                        set the configuration for MSF (IE -C default 127.0.0.1
                        8080)
  -e, --exploit         start exploiting the already gathered hosts

misc arguments:
  arguments that don't fit anywhere else

  --ruby-exec           if you need to run the Ruby executable with MSF use
                        this
  --msf-path MSF-PATH   pass the path to your framework if it is not in your
                        ENV PATH
  --whitelist PATH      only exploit hosts listed in the whitelist file
Documentation Box
Download Box