AutoSploit is a powerful hacking tool that has the ability to automate exploitation operations on remote hosts. This tool enables you to perform mass exploitations on the system being targeted by utilizing the services offered by Shodan, Censys, Zoomeye and Metasploit. This tool is developed using Python.
Autosploit: Advanced Remote Host Mass Exploitation
With this tool, you can easily launch an attack on a remote host within a fairly short time. This is made possible due to the availability of Shodan, a powerful search engine that allows you to automatically fish out targets that are connected to a particular network service. Alternatively, you can also use target seeking tools such as Zoomeye and Censys to search out intended targets.
Apart from the automated host searching and collection, AutoSploit also gives you the option of creating your own customized target list. With this option in place, you can effectively launch attack-intended searches on hosts of your choice by manually adding them to your list.
Metasploit Modules and How They Work Together
- Automated Target Collection
- Customized Target List (allows you to add your own list of targets)
- Metasploit Modules
- Custom user-agent
- Mass exploitations
- OS X (must be within virtual environments to properly function)
This tool relies on the below
Python 2.7 modules:
The required dependencies should all be in place after performing an installation with the recommended method, but you can easily install them using
$ pip install -r requirements.txt
$ pip install requests psutil
Install AutoSploit via Docker Compose:
Clone the repo:
$ git clone https://github.com/NullArray/AutoSploit.git
Navigate to the Autosploit directory and run:
$ cd Autosploit/Docker
$ docker-compose run --rm autosploit
Install AutoSploit on Linux (via cloning)
$ git clone https://github.com/NullArray/AutoSploit
Navigate to the AutoSploit directory, make the install script executable and install:
$ cd AutoSploit
$ chmod +x install.sh
To start AutoSploit run:
$ python autosploit.py
This will take you to the available user options that you can choose from.
usage: python autosploit.py -[c|z|s|a] -[q] QUERY [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT optional arguments: -h, --help show this help message and exit search engines: possible search engines to use -c, --censys use censys.io as the search engine to gather hosts -z, --zoomeye use zoomeye.org as the search engine to gather hosts -s, --shodan use shodan.io as the search engine to gather hosts -a, --all search all available search engines to gather hosts requests: arguments to edit your requests --proxy PROTO://IP:PORT run behind a proxy while performing the searches --random-agent use a random HTTP User-Agent header -P USER-AGENT, --personal-agent USER-AGENT pass a personal User-Agent to use for HTTP requests -q QUERY, --query QUERY pass your search query exploits: arguments to edit your exploits -E PATH, --exploit-file PATH provide a text file to convert into JSON and save for later use -C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT set the configuration for MSF (IE -C default 127.0.0.1 8080) -e, --exploit start exploiting the already gathered hosts misc arguments: arguments that don't fit anywhere else --ruby-exec if you need to run the Ruby executable with MSF use this --msf-path MSF-PATH pass the path to your framework if it is not in your ENV PATH --whitelist PATH only exploit hosts listed in the whitelist file