know, I know that you already have read about AutoSploit and used it probably since word got out about this auto exploitation tool some two months ago. However, between then and now, a lot has changed with the tool and this post is about that.
What is AutoSploit?
AutoSploit is an automated, mass exploitation tool coded in Python that can leverage Shodan, Censys or Zoomeye search engines to locate targets. You can choose either one or all three search engines. It also has an ability to include custom targets that you manually add. The mass exploitation tool then launches relevant Metasploit modules on the discovered targets. By default, there are about 300 pre-defined Metasploit modules that the tool comes out-of-the box with. These have been added with the purpose of code execution affecting different operating systems, web applications, IDS, etc. Of course, again as and when you want to add new modules to this list, simply editing the etc/json/default_modules.json file should be good enough. These modules include some really old exploits like MS01-023 (CVE-2001-0241) affecting Windows operating systems, etc.
Following is a list of the default Metasploit modules that comes with AutoSploit:
Код:
exploit/windows/ftp/ms09_053_ftpd_nlst
exploit/windows/firewall/blackice_pam_icq
exploit/windows/http/amlibweb_webquerydll_app
exploit/windows/http/ektron_xslt_exec_ws
exploit/windows/http/umbraco_upload_aspx
exploit/windows/iis/iis_webdav_scstoragepathfromurl
exploit/windows/iis/iis_webdav_upload_asp
exploit/windows/iis/ms01_023_printer
exploit/windows/iis/ms01_026_dbldecode
exploit/windows/iis/ms01_033_idq
exploit/windows/iis/ms02_018_htr
exploit/windows/iis/ms02_065_msadc
exploit/windows/iis/ms03_007_ntdll_webdav
exploit/windows/iis/msadc
exploit/windows/isapi/ms00_094_pbserver
exploit/windows/isapi/ms03_022_nsiislog_post
exploit/windows/isapi/ms03_051_fp30reg_chunked
exploit/windows/isapi/rsa_webagent_redirect
exploit/windows/isapi/w3who_query
exploit/windows/scada/advantech_webaccess_dashboard_file_upload
exploit/windows/ssl/ms04_011_pct
exploit/freebsd/http/watchguard_cmd_exec
exploit/linux/http/alienvault_exec
exploit/linux/http/alienvault_sqli_exec
exploit/linux/http/astium_sqli_upload
exploit/linux/http/centreon_sqli_exec
exploit/linux/http/centreon_useralias_exec
exploit/linux/http/crypttech_cryptolog_login_exec
exploit/linux/http/dolibarr_cmd_exec
exploit/linux/http/goautodial_3_rce_command_injection
exploit/linux/http/kloxo_sqli
exploit/linux/http/nagios_xi_chained_rce
exploit/linux/http/netgear_wnr2000_rce
exploit/linux/http/pandora_fms_sqli
exploit/linux/http/riverbed_netprofiler_netexpress_exe
exploit/linux/http/wd_mycloud_multiupload_upload
exploit/linux/http/zabbix_sqli
exploit/linux/misc/qnap_transcode_server
exploit/linux/mysql/mysql_yassl_getname
exploit/linux/mysql/mysql_yassl_hello
exploit/linux/postgres/postgres_payload
exploit/linux/samba/is_known_pipename
exploit/multi/browser/java_jre17_driver_manager
exploit/multi/http/atutor_sqli
exploit/multi/http/dexter_casinoloader_exec
exploit/multi/http/drupal_drupageddon
exploit/multi/http/manage_engine_dc_pmp_sqli
exploit/multi/http/manageengine_search_sqli
exploit/multi/http/movabletype_upgrade_exec
exploit/multi/http/php_volunteer_upload_exe
exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli
exploit/multi/http/splunk_mappy_exec
exploit/multi/http/testlink_upload_exec
exploit/multi/http/zpanel_information_disclosure_rce
exploit/multi/misc/legend_bot_exec
exploit/multi/mysql/mysql_udf_payload
exploit/multi/postgres/postgres_createlang
exploit/solaris/sunrpc/ypupdated_exec
exploit/unix/ftp/proftpd_133c_backdoor
exploit/unix/http/tnftp_savefile
exploit/unix/webapp/joomla_contenthistory_sqli_rce
exploit/unix/webapp/kimai_sqli
exploit/unix/webapp/openemr_sqli_privesc_upload
exploit/unix/webapp/seportal_sqli_exec
exploit/unix/webapp/vbulletin_vote_sqli_exec
exploit/unix/webapp/vicidial_manager_send_cmd_exec
exploit/windows/antivirus/symantec_endpoint_manager_rce
exploit/windows/http/apache_mod_rewrite_ldap
exploit/windows/http/ca_totaldefense_regeneratereports
exploit/windows/http/cyclope_ess_sqli
exploit/windows/http/hp_mpa_job_acct
exploit/windows/http/solarwinds_storage_manager_sql
exploit/windows/http/sonicwall_scrutinizer_sql
exploit/windows/misc/altiris_ds_sqli
exploit/windows/misc/fb_cnct_group
exploit/windows/misc/lianja_db_net
exploit/windows/misc/manageengine_eventlog_analyzer_rce
exploit/windows/mssql/lyris_listmanager_weak_pass
exploit/windows/mssql/ms02_039_slammer
exploit/windows/mssql/ms09_004_sp_replwritetovarbin
exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli
exploit/windows/mssql/mssql_linkcrawler
exploit/windows/mssql/mssql_payload
exploit/windows/mssql/mssql_payload_sqli
exploit/windows/mysql/mysql_mof
exploit/windows/mysql/mysql_start_up
exploit/windows/mysql/mysql_yassl_hello
exploit/windows/mysql/scrutinizer_upload_exec
exploit/windows/postgres/postgres_payload
exploit/windows/scada/realwin_on_fcs_login
exploit/multi/http/rails_actionpack_inline_exec
exploit/multi/http/rails_dynamic_render_code_exec
exploit/multi/http/rails_json_yaml_code_exec
exploit/multi/http/rails_secret_deserialization
exploit/multi/http/rails_web_console_v2_code_exec
exploit/multi/http/rails_xml_yaml_code_exec
exploit/multi/http/rocket_servergraph_file_requestor_rce
exploit/multi/http/phpmoadmin_exec
exploit/multi/http/phpmyadmin_3522_backdoor
exploit/multi/http/phpmyadmin_preg_replace
exploit/multi/http/phpscheduleit_start_date
exploit/multi/http/phptax_exec
exploit/multi/http/phpwiki_ploticus_exec
exploit/multi/http/plone_popen2
exploit/multi/http/pmwiki_pagelist
exploit/multi/http/joomla_http_header_rce
exploit/multi/http/novell_servicedesk_rce
exploit/multi/http/oracle_reports_rce
exploit/multi/http/php_utility_belt_rce
exploit/multi/http/phpfilemanager_rce
exploit/multi/http/processmaker_exec
exploit/multi/http/rocket_servergraph_file_requestor_rce
exploit/multi/http/spree_search_exec
exploit/multi/http/spree_searchlogic_exec
exploit/multi/http/struts_code_exec_parameters
exploit/multi/http/vtiger_install_rce
exploit/multi/http/werkzeug_debug_rce
exploit/multi/http/zemra_panel_rce
exploit/multi/http/zpanel_information_disclosure_rce
exploit/multi/http/joomla_http_header_rce
exploit/unix/webapp/joomla_akeeba_unserialize
exploit/unix/webapp/joomla_comjce_imgmanager
exploit/unix/webapp/joomla_contenthistory_sqli_rce
exploit/unix/webapp/joomla_media_upload_exec
exploit/multi/http/builderengine_upload_exec
exploit/multi/http/caidao_php_backdoor_exec
exploit/multi/http/atutor_sqli
exploit/multi/http/ajaxplorer_checkinstall_exec
exploit/multi/http/apache_activemq_upload_jsp
exploit/unix/webapp/wp_lastpost_exec
exploit/unix/webapp/wp_mobile_detector_upload_execute
exploit/multi/http/axis2_deployer
exploit/unix/webapp/wp_foxypress_upload
exploit/linux/http/tr064_ntpserver_cmdinject
exploit/linux/misc/quest_pmmasterd_bof
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
exploit/unix/webapp/php_xmlrpc_eval
exploit/unix/webapp/wp_admin_shell_upload
exploit/linux/http/sophos_wpa_sblistpack_exec
exploit/linux/local/sophos_wpa_clear_keys
exploit/multi/http/zpanel_information_disclosure_rce
auxiliary/admin/cisco/cisco_asa_extrabacon
auxiliary/admin/cisco/cisco_secure_acs_bypass
auxiliary/admin/cisco/vpn_3000_ftp_bypass
exploit/bsdi/softcart/mercantec_softcart
exploit/freebsd/misc/citrix_netscaler_soap_bof
exploit/freebsd/samba/trans2open
exploit/linux/ftp/proftp_sreplace
exploit/linux/http/dcos_marathon
exploit/linux/http/f5_icall_cmd
exploit/linux/http/fritzbox_echo_exec
exploit/linux/http/gitlist_exec
exploit/linux/http/goautodial_3_rce_command_injection
exploit/linux/http/ipfire_bashbug_exec
exploit/linux/http/ipfire_oinkcode_exec
exploit/linux/http/ipfire_proxy_exec
exploit/linux/http/kaltura_unserialize_rce
exploit/linux/http/lifesize_uvc_ping_rce
exploit/linux/http/nagios_xi_chained_rce
exploit/linux/http/netgear_dgn1000_setup_unauth_exec
exploit/linux/http/netgear_wnr2000_rce
exploit/linux/http/nuuo_nvrmini_auth_rce
exploit/linux/http/nuuo_nvrmini_unauth_rce
exploit/linux/http/op5_config_exec
exploit/linux/http/pandora_fms_exec
exploit/linux/http/pineapple_preconfig_cmdinject
exploit/linux/http/seagate_nas_php_exec_noauth
exploit/linux/http/symantec_messaging_gateway_exec
exploit/linux/http/trendmicro_imsva_widget_exec
exploit/linux/http/trueonline_billion_5200w_rce
exploit/linux/http/trueonline_p660hn_v1_rce
exploit/linux/http/trueonline_p660hn_v2_rce
exploit/linux/http/vcms_upload
exploit/linux/misc/lprng_format_string
exploit/linux/misc/mongod_native_helper
exploit/linux/misc/ueb9_bpserverd
exploit/linux/mysql/mysql_yassl_getname
exploit/linux/pop3/cyrus_pop3d_popsubfolders
exploit/linux/postgres/postgres_payload
exploit/linux/pptp/poptop_negative_read
exploit/linux/proxy/squid_ntlm_authenticate
exploit/linux/samba/lsa_transnames_heap
exploit/linux/samba/setinfopolicy_heap
exploit/linux/samba/trans2open
exploit/multi/elasticsearch/script_mvel_rce
exploit/multi/elasticsearch/search_groovy_script
exploit/multi/http/atutor_sqli
exploit/multi/http/axis2_deployer
exploit/multi/http/familycms_less_exe
exploit/multi/http/freenas_exec_raw
exploit/multi/http/gestioip_exec
exploit/multi/http/glassfish_deployer
exploit/multi/http/glpi_install_rce
exploit/multi/http/joomla_http_header_rce
exploit/multi/http/makoserver_cmd_exec
exploit/multi/http/novell_servicedesk_rc
exploit/multi/http/oracle_reports_rce
exploit/multi/http/php_utility_belt_rce
exploit/multi/http/phpfilemanager_rce
exploit/multi/http/phpmyadmin_3522_backdoor
exploit/multi/http/phpwiki_ploticus_exec
exploit/multi/http/processmaker_exec
exploit/multi/http/rails_actionpack_inline_exec
exploit/multi/http/rails_dynamic_render_code_exec
exploit/multi/http/rails_secret_deserialization
exploit/multi/http/rocket_servergraph_file_requestor_rce
exploit/multi/http/simple_backdoors_exec
exploit/multi/http/spree_search_exec
exploit/multi/http/spree_searchlogic_exec
exploit/multi/http/struts2_rest_xstream
exploit/multi/http/struts_code_exec
exploit/multi/http/struts_code_exec_classloader
exploit/multi/http/struts_code_exec_parameters
exploit/multi/http/struts_dev_mode
exploit/multi/http/sysaid_auth_file_upload
exploit/multi/http/tomcat_jsp_upload_bypass
exploit/multi/http/vtiger_install_rce
exploit/multi/http/werkzeug_debug_rce
exploit/multi/http/zemra_panel_rce
exploit/multi/http/zpanel_information_disclosure_rce
exploit/multi/ids/snort_dce_rpc
exploit/multi/misc/batik_svg_java
exploit/multi/misc/pbot_exec
exploit/multi/misc/veritas_netbackup_cmdexec
exploit/multi/mysql/mysql_udf_payload
exploit/multi/php/php_unserialize_zval_cookie
exploit/unix/http/freepbx_callmenum
exploit/unix/http/lifesize_room
exploit/unix/http/pfsense_clickjacking
exploit/unix/http/pfsense_group_member_exec
exploit/unix/http/tnftp_savefile
exploit/unix/misc/polycom_hdx_traceroute_exec
exploit/unix/webapp/awstats_migrate_exec
exploit/unix/webapp/carberp_backdoor_exec
exploit/unix/webapp/citrix_access_gateway_exec
exploit/unix/webapp/dogfood_spell_exec
exploit/unix/webapp/invision_pboard_unserialize_exec
exploit/unix/webapp/joomla_contenthistory_sqli_rce
exploit/unix/webapp/mybb_backdoor
exploit/unix/webapp/opensis_modname_exec
exploit/unix/webapp/oscommerce_filemanager
exploit/unix/webapp/piwik_superuser_plugin_upload
exploit/unix/webapp/tikiwiki_upload_exec
exploit/unix/webapp/webtester_exec
exploit/unix/webapp/wp_phpmailer_host_header
exploit/unix/webapp/wp_total_cache_exec
exploit/windows/antivirus/symantec_endpoint_manager_rce
exploit/windows/http/ektron_xslt_exec
exploit/windows/http/ektron_xslt_exec_ws
exploit/windows/http/geutebrueck_gcore_x64_rce_bo
exploit/windows/http/hp_autopass_license_traversal
exploit/windows/http/manage_engine_opmanager_rce
exploit/windows/http/netgear_nms_rce
exploit/windows/http/sepm_auth_bypass_rce
exploit/windows/http/trendmicro_officescan_widget_exec
exploit/windows/iis/iis_webdav_upload_asp
exploit/windows/iis/msadc
exploit/windows/misc/manageengine_eventlog_analyzer_rce
exploit/windows/novell/file_reporter_fsfui_upload
exploit/windows/scada/ge_proficy_cimplicity_gefebt
exploit/windows/smb/ipass_pipe_exec
exploit/windows/smb/smb_relay
auxiliary/sqli/oracle/jvm_os_code_10g
auxiliary/sqli/oracle/jvm_os_code_11g
auxiliary/fuzzers/dns/dns_fuzzer
auxiliary/fuzzers/ftp/client_ftp
auxiliary/fuzzers/ftp/ftp_pre_post
auxiliary/fuzzers/http/http_form_field
auxiliary/fuzzers/http/http_get_uri_long
auxiliary/fuzzers/http/http_get_uri_strings
auxiliary/fuzzers/ntp/ntp_protocol_fuzzer
auxiliary/fuzzers/smb/smb2_negotiate_corrupt
auxiliary/fuzzers/smb/smb_create_pipe
auxiliary/fuzzers/smb/smb_create_pipe_corrupt
auxiliary/fuzzers/smb/smb_negotiate_corrupt
auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt
auxiliary/fuzzers/smb/smb_tree_connect
auxiliary/fuzzers/smb/smb_tree_connect_corrupt
auxiliary/fuzzers/smtp/smtp_fuzzer
auxiliary/fuzzers/ssh/ssh_kexinit_corrupt
auxiliary/fuzzers/ssh/ssh_version_15
auxiliary/fuzzers/ssh/ssh_version_2
auxiliary/fuzzers/ssh/ssh_version_corrupt
auxiliary/fuzzers/tds/tds_login_corrupt
auxiliary/fuzzers/tds/tds_login_username
Installation of the tool is pretty simple and won’t need anything on Kali Linux, however this tool can also be Dockerized. Post installation, you are requested for your Shodan and Censys API credentials, which as stored in /AutoSploit/etc/tokens/shodan.key and /AutoSploit/etc/tokens/censys.key respectively.
All in all a good tool if you know what you are doing as you need some configuration of this tool to actually get a shell. The default module list also won’t help much as the exploits are pretty old and you may end with some low hanging fruits eventually and I do not really know the brouhaha behind the release of this tool by the people in this security industry.
Now about the newer features in the latest AutoSploit release. This release has a few bug fixes and three new features. A feature that I like in this release is the addition of an exploit reporting feature. Metasploit output is captured and saved to a report file. Additionally, a .rc script file for every module ran against a given host is also created, allowing you to reproduce whatever caused an exploit to work. Another feature in this release is the introduction of a command whitelist which contains a list of items allowed commands, blocking all others not included in this list.
Download AutoSploit:
The latest version of this mass exploitation tool was released 4 days ago – AutoSploit v2.1 (AutoSploit-2.1.zip/AutoSploit-2.1.tar.gz), which can be downloaded from
[Ссылки могут видеть только зарегистрированные пользователи. . Another way is to perform a git pull on the directory to get everything from the source repository.
Поиск
12.05.2018, 17:56
AutoSploit = Shodan/Censys/Zoomeye + Metasploit
Линейный вид
