- Joined
- May 15, 2017
- Messages
- 981
- Likes
- 760
- Points
- 1,045
As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started
Operational Security Consideration
Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.
The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.
Installation
Docker
On any Linux system the following should work
AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script.
Usage
Starting the program with python autosploit.py will open an AutoSploit terminal session. The options for which are as follows.
Choosing option 2 will prompt you for a platform specific search query. Enter IIS or Apache in example and choose a search engine. After doing so the collected hosts will be saved to be used in the Exploit component.
As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type python autosploit.py -h to display all the options available to you. I've posted the options below as well for reference.
Dependencies
Note: All dependencies should be installed using the above installation method, however, if you find they are not:
AutoSploit depends on the following Python2.7 modules.
Should you find you do not have these installed get them with pip like so.
or
Download AutoSploit
Operational Security Consideration
Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.
The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.
Installation
Docker
On any Linux system the following should work
AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script.
Usage
Starting the program with python autosploit.py will open an AutoSploit terminal session. The options for which are as follows.
Choosing option 2 will prompt you for a platform specific search query. Enter IIS or Apache in example and choose a search engine. After doing so the collected hosts will be saved to be used in the Exploit component.
As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type python autosploit.py -h to display all the options available to you. I've posted the options below as well for reference.
Code:
usage: python autosploit.py -[c|z|s|a] -[q] QUERY [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH [--rand-agent] [--proxy] PROTO://IPORT [-P] AGENT optional arguments: -h, --help show this help message and exit search engines: possible search engines to use -c, --censys use censys.io as the search engine to gather hosts -z, --zoomeye use zoomeye.org as the search engine to gather hosts -s, --shodan use shodan.io as the search engine to gather hosts -a, --all search all available search engines to gather hosts requests: arguments to edit your requests --proxy PROTO://IP
Dependencies
Note: All dependencies should be installed using the above installation method, however, if you find they are not:
AutoSploit depends on the following Python2.7 modules.
Should you find you do not have these installed get them with pip like so.
or
Download AutoSploit