AutoSploit is a powerful hacking tool that has the ability to automate exploitation operations on remote hosts. This tool enables you to perform mass exploitations on the system being targeted by utilizing the services offered by Shodan, Censys, Zoomeye and Metasploit. This tool is developed using Python.
Autosploit: Advanced Remote Host Mass Exploitation
With this tool, you can easily launch an attack on a remote host within a fairly short time. This is made possible due to the availability of Shodan, a powerful search engine that allows you to automatically fish out targets that are connected to a particular network service. Alternatively, you can also use target seeking tools such as Zoomeye and Censys to search out intended targets.
Apart from the automated host searching and collection, AutoSploit also gives you the option of creating your own customized target list. With this option in place, you can effectively launch attack-intended searches on hosts of your choice by manually adding them to your list.
Metasploit Modules and How They Work Together
AutoSploit Features:
- Automated Target Collection
- Customized Target List (allows you to add your own list of targets)
- Metasploit Modules
- Custom user-agent
- Mass exploitations
Supported Platforms:
- Linux
- OS X (must be within virtual environments to properly function)
Dependencies:
This tool relies on the below Python 2.7 modules:
- requests
- psutil
The required dependencies should all be in place after performing an installation with the recommended method, but you can easily install them using pip:
$ pip install -r requirements.txt
Alternatively:
$ pip install requests psutil
Autosploit Install
Install AutoSploit via Docker Compose:
Clone the repo:
$ git clone https://github.com/NullArray/AutoSploit.git
Navigate to the Autosploit directory and run:
$ cd Autosploit/Docker
$ docker-compose run --rm autosploit
Install AutoSploit on Linux (via cloning)
Clone:
$ git clone https://github.com/NullArray/AutoSploit
Navigate to the AutoSploit directory, make the install script executable and install:
$ cd AutoSploit
$ chmod +x install.sh
$ ./install.sh
Usage
To start AutoSploit run:
$ python autosploit.py
This will take you to the available user options that you can choose from.
usage: python autosploit.py -[c|z|s|a] -[q] QUERY
[-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH
[--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH
[--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT
optional arguments:
-h, --help show this help message and exit
search engines:
possible search engines to use
-c, --censys use censys.io as the search engine to gather hosts
-z, --zoomeye use zoomeye.org as the search engine to gather hosts
-s, --shodan use shodan.io as the search engine to gather hosts
-a, --all search all available search engines to gather hosts
requests:
arguments to edit your requests
--proxy PROTO://IP:PORT
run behind a proxy while performing the searches
--random-agent use a random HTTP User-Agent header
-P USER-AGENT, --personal-agent USER-AGENT
pass a personal User-Agent to use for HTTP requests
-q QUERY, --query QUERY
pass your search query
exploits:
arguments to edit your exploits
-E PATH, --exploit-file PATH
provide a text file to convert into JSON and save for
later use
-C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT
set the configuration for MSF (IE -C default 127.0.0.1
8080)
-e, --exploit start exploiting the already gathered hosts
misc arguments:
arguments that don't fit anywhere else
--ruby-exec if you need to run the Ruby executable with MSF use
this
--msf-path MSF-PATH pass the path to your framework if it is not in your
ENV PATH
--whitelist PATH only exploit hosts listed in the whitelist file
