Autosploit V3.0 - Automated Volume Exploiter

As the cite mightiness advise AutoSploit attempts to automate the exploitation of remote hosts. Targets tin hit the sack hold out collected automatically through Shodan, Censys or Zoomeye. But options to add together your custom targets in addition to host lists convey been included every bit well. The available Metasploit modules convey been selected to facilitate Remote Code Execution in addition to to endeavour to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host in addition to local port for MSF facilitated dorsum connections are configured past times filling out the dialog that comes upward earlier the exploit constituent is started
Operational Security Consideration
Receiving dorsum connections on your local machine mightiness non hold out the best stance from an OPSEC standpoint. Instead reckon running this tool from a VPS that has all the dependencies required, available.
The novel version of AutoSploit has a characteristic that allows you lot to laid a proxy earlier you lot connect in addition to a custom user-agent.

Installation
Installing AutoSploit is real simple, you lot tin hit the sack abide by the latest stable unloose here. You tin hit the sack also download the main branch every bit a zip or tarball or follow i of the below methods;

Cloning

sudo -s << EOF git clone https://github.com/NullArray/Autosploit.git cd AutoSploit chmod +x install.sh ./install.sh python2 autosploit.py EOF

Docker

sudo -s << EOF git clone https://github.com/NullArray/AutoSploit.git cd AutoSploit chmod +x install.sh ./install.sh cd AutoSploit/Docker docker network practise -d dyad haknet docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres docker construct -t autosploit . docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit EOF

On whatever Linux arrangement the next should work;

git clone https://github.com/NullArray/AutoSploit cd AutoSploit chmod +x install.sh ./install.sh

AutoSploit is compatible amongst macOS, however, you lot convey to hold out within a virtual surroundings for it to run successfully. In social club to attain this employ/perform the below operations via the final or inward the cast of a vanquish script.

sudo -s << '_EOF' pip2 install virtualenv --user git clone https://github.com/NullArray/AutoSploit.git virtualenv  source /bin/activate cd  pip2 install -r requirements.txt chmod +x install.sh ./install.sh python autosploit.py _EOF

More information on running Docker tin hit the sack hold out flora here

Usage
Starting the computer programme amongst python autosploit.py volition opened upward an AutoSploit final session. The options for which are every bit follows.

1. Usage And Legal 2. Gather Hosts 3. Custom Hosts 4. Add Single Host 5. View Gathered Hosts 6. Exploit Gathered Hosts 99. Quit

Choosing selection 2 volition prompt you lot for a platform specific search query. Enter IIS or Apache inward illustration in addition to select a search engine. After doing in addition to thence the collected hosts volition hold out saved to hold out used inward the Exploit component.
As of version 2.0 AutoSploit tin hit the sack hold out started amongst a publish of command line arguments/flags every bit well. Type python autosploit.py -h to display all the options available to you. I've posted the options below every bit good for reference.

usage: python autosploit.py -[c|z|s|a] -[q] QUERY                             [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH                             [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH                             [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT  optional arguments:   -h, --help            demo this assist message in addition to locomote out  search engines:   possible search engines to utilisation    -c, --censys          utilisation censys.io every bit the search engine to get together hosts   -z, --zoomeye         utilisation zoomeye.org every bit the search engine to get together hosts   -s, --shodan          utilisation shodan.io every bit the search engine to get together hosts   -a, --all             search all available search engines to get together hosts  requests:   arguments to edit your requests    --proxy PROTO://IP:PORT                         run behind a proxy piece performing the searches   --random-agent        utilisation a random HTTP User-Agent header   -P USER-AGENT, --personal-agent USER-AGENT                         overstep a personal User-Agent to utilisation for HTTP requests   -q QUERY, --query QUERY                         overstep your search inquiry  exploits:   arguments to edit your exploits    -E PATH, --exploit-file PATH                         supply a text file to convert into JSON in addition to salvage for                         afterwards utilisation   -C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT                         laid the configuration for MSF (IE -C default 127.0.0.1                         8080)   -e, --exploit         commencement exploiting the already gathered hosts  misc arguments:   arguments that don't gibe anywhere else    --ruby-exec           if you lot yell for to run the Ruby executable amongst MSF utilisation                         this   --msf-path MSF-PATH   overstep the path to your framework if it is non inward your                         ENV PATH   --whitelist PATH      alone exploit hosts listed inward the whitelist file

Dependencies
Note: All dependencies should hold out installed using the inward a higher house installation method, however, if you lot abide by they are not:
AutoSploit depends on the next Python2.7 modules.

requests psutil

Should you lot abide by you lot practise non convey these installed drib dead them amongst pip similar so.

pip install requests psutil

or

pip install -r requirements.txt

Since the computer programme invokes functionality from the Metasploit Framework you lot yell for to convey this installed also. Get it from Rapid7 past times clicking here.

Download AutoSploit