TechKnow

Author Topic: AutoSploit "Mass Exploiter" !!!  (Read 245 times)

0 Members and 1 Guest are viewing this topic.

Offline Conner Snowden

  • EHVSN
  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
  • Hussssh !!
AutoSploit "Mass Exploiter" !!!
« on: February 13, 2018, 07:46:59 PM »


Hello everyone  :tongue: Today we will be discussing the new tool that have been released by one of the cyber security guys and its called AutoSploit , Basically AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; Apache, IIS, etc, upon which a list of candidates will be retrieved.

After this operation has been completed the 'Exploit' component of the program will go about the business of attempting to exploit these targets by running a series of Metasploit modules against them. Which Metasploit modules will be employed in this manner is determined by programmatically comparing the name of the module to the initial search query. However, I have added functionality to run all available modules against the targets in a 'Hail Mary' type of attack as well.

The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured through the dialog that comes up before the 'Exploit' component is started.

Operational Security Consideration

Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available. 


Here is the link for the mentioned tool on github

https://github.com/NullArray/AutoSploit

Also i made a small walk through video  on YouTube and results was shocking

here is the link  !!
https://www.youtube.com/watch?v=C6CoCS6Ndz4

Anyway enjoy the video and happy testing  :android-devil:
« Last Edit: February 15, 2018, 08:30:41 PM by Conner Snowden »
Knock knock , i was here !