Autosploit automation #132

Selora · 2018-04-09T13:56:56Z

Some little tweaks and fixes to provide a way to launch without any prompts.

To run a search query without any prompt:
python autosploit.py -s -c -q 'search_query' --exploit-file-to-use etc/json/other_modules.json --overwrite

To run the exploitation modules without any prompt:
python autosploit.py --whitelist /path/to/whitelist.txt -e -C "msf_autorun_$(date +%s)" LHOST LPORT --exploit-file-to-use etc/json/some_modules.json

Search engines can be chained with exploitation:
python autosploit.py -s -c -q 'search_query' --whitelist /path/to/whitelist.txt -e -C "workspace" LHOST LPORT --exploit-file-to-use etc/json/other_modules.json --dry-run --append

Summary of added options:

--dry-run: When working with exploits, DO NOT launch metasploit. Do everything else (report, generate rcscripts, output, etc)
--overwrite/--append: Either start from scratch, discarding hosts.txt or append successive queries to hosts.txt
--exploit-file-to-use: Specify a JSON exploit file to use.

Other changes:

Whitelist parsing now escapes blank character on both whitelist file and hosts.txt
API token files (/etc/tokens) are now properly parsed if there's trailing blank characters at the end.

When reading an API key file, tokens are not stripped properly. Non-standard endlines causes an error with shodan/censys/etc APIs

When running without the terminal and the --dry-run flag, msfconsole will not be run. A report will still be produced.

All leading and trailing whitespaces should be removed before comparing IPs

Load exploits directly from the specified file, do not prompt for exploit-file selection if this option is specified.

Specifying either will skip the prompt after a search query. --overwrite will start with a blank file but will append futher searches ex: with -s -c --overwrite, both shodan and censys results will be appended to a clean file.

Ekultek · 2018-04-09T14:20:14Z

Add an option to completely erase the hosts file as well

Selora · 2018-04-09T14:21:45Z

Not sure I understand what is asked. The overwrite option will start with a clean slate.

Ekultek · 2018-04-09T14:22:59Z

@Selora Don't worry about it, I'll do it later, testing.

Ekultek · 2018-04-09T14:28:16Z

TBG-a0216:autosploit-test admin$ sudo !!
sudo python autosploit.py -q iis --append -a
Password:
#SploitaSaurusRex
                                           O_  RAWR!!
                                          /  > 
                                        -  >  ^\
                                      /   >  ^ /   
                                    (O)  >  ^ /   / / /  
       _____                        |            \\|//
      /  __ \                      _/      /     / _/
     /  /  | |                    /       /     / /
   _/  |___/ /                   /      ------_/ / 
 ==_|  \____/                 _/       /  ______/
     \   \                 __/           |\
      |   \_          ____/              / \      _                    
       \    \________/                  |\  \----/_V
        \_                              / \_______ V
          \__                /       \ /          V
             \               \        \
              \______         \_       \
                     \__________\_      \ 
                        /    /    \_    | 
                       |   _/       \   |
                      /  _/          \  |
                     |  /            |  |
                     \  \__          |   \__
                     /\____=\       /\_____=\ v(2.1)
[+] welcome to autosploit, give us a little bit while we configure
[i] checking your running platform
[i] checking for disabled services
[+] attempting to load API keys
[?] enter your Shodan API token: 50IKScEP2tRzh7Romg52f4QGMrOMAf6z      
[?] enter your Censys API token: 3gwcYFmq0atqQzyLJLYZqus0FfnkcIMB     
[?] enter your Censys ID: eb4147de-d464-4629-99de-60e0b9727b71     
[i] checking if there are multiple exploit files
[+] searching all search engines in order
[+] successfully wrote info to '/Users/admin/bin/python/autosploit-test/hosts.txt'
[?] would you like to (a)ppend or (o)verwrite the file:

Ekultek · 2018-04-09T14:31:02Z

[+] launching exploit 'auxiliary/fuzzers/ssh/ssh_version_2' against host '132.247.64.91'
Dry-run: sudo  msfconsole -r /Users/admin/bin/python/autosploit-test/autosploit_out/2018-04-09_09h29m49s/132.247.64.91/auxiliary-fuzzers-ssh-ssh_version_2 -q
[+] launching exploit 'auxiliary/fuzzers/ssh/ssh_version_corrupt' against host '132.247.64.91'
Dry-run: sudo  msfconsole -r /Users/admin/bin/python/autosploit-test/autosploit_out/2018-04-09_09h29m49s/132.247.64.91/auxiliary-fuzzers-ssh-ssh_version_corrupt -q
[+] launching exploit 'auxiliary/fuzzers/tds/tds_login_corrupt' against host '132.247.64.91'
Dry-run: sudo  msfconsole -r /Users/admin/bin/python/autosploit-test/autosploit_out/2018-04-09_09h29m49s/132.247.64.91/auxiliary-fuzzers-tds-tds_login_corrupt -q
[+] launching exploit 'auxiliary/fuzzers/tds/tds_login_username' against host '132.247.64.91'
Dry-run: sudo  msfconsole -r /Users/admin/bin/python/autosploit-test/autosploit_out/2018-04-09_09h29m49s/132.247.64.91/auxiliary-fuzzers-tds-tds_login_username -q
Traceback (most recent call last):
  File "autosploit.py", line 5, in <module>
    main()
  File "/Users/admin/bin/python/autosploit-test/autosploit/main.py", line 90, in main
    AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits)
  File "/Users/admin/bin/python/autosploit-test/lib/cmdline/cmd.py", line 197, in single_run_args
    dryRun=opt.dryRun
  File "/Users/admin/bin/python/autosploit-test/lib/exploitation/exploiter.py", line 92, in start_exploit
    makedirs(current_host_path)
  File "/usr/local/Cellar/python@2/2.7.14_3/Frameworks/Python.framework/Versions/2.7/lib/python2.7/os.py", line 157, in makedirs
    mkdir(name, mode)
OSError: [Errno 17] File exists: '/Users/admin/bin/python/autosploit-test/autosploit_out/2018-04-09_09h29m49s/36.89.40.241'

We don't need all that output for a dry run, just something like running all modules without exploiting will work (you can use the animation if you want to) don't worry about the error

Ekultek · 2018-04-09T14:33:14Z

TBG-a0216:autosploit-test admin$ python autosploit.py -C "msf_autorun_$(date +%s)" -e
usage: python autosploit.py -[c|z|s|a] -[q] QUERY
                            [-C] WORKSPACE LHOST LPORT [-e]
                            [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH
                            [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT
autosploit.py: error: argument -C/--config: expected 3 argument(s)

The -C flag expects three arguments by default. An easy way to work around this would be to make a flag specifically for the RPC files

Ekultek · 2018-04-09T14:34:19Z

autosploit.py: error: argument -C/--config: expected 3 argument(s)
TBG-a0216:autosploit-test admin$ sudo python autosploit.py -e --dry-run -C default 127.0.0.1 8080 --exploit-file-to-use /etc/sdfsdf.json

                  . '  .
               ' .( '.) '
       _     ('-.)' (`'.) '
      |0|- -(  #autosploit  )
   .--`+'--.  .  (' -,).(') .
   |`-----'|   (' .) - ('. )
   |       |    . (' `.  )
   |  .-.  |       ` .  `
   | (0.0) |
   | >|=|< |
   |  `"`  |
   |       |
   |       |
   `-.___.-'
   v(2.1)
    
[+] welcome to autosploit, give us a little bit while we configure
[i] checking your running platform
[i] checking for disabled services
[+] attempting to load API keys
[+] Shodan API token loaded from /Users/admin/bin/python/autosploit-test/etc/tokens/shodan.key
[+] Censys API token loaded from /Users/admin/bin/python/autosploit-test/etc/tokens/censys.key
Traceback (most recent call last):
  File "autosploit.py", line 5, in <module>
    main()
  File "/Users/admin/bin/python/autosploit-test/autosploit/main.py", line 85, in main
    loaded_exploits = load_exploit_file(opts.exploitFile)
  File "/Users/admin/bin/python/autosploit-test/lib/jsonize.py", line 31, in load_exploit_file
    with open(selected_file_path) as exploit_file:
IOError: [Errno 2] No such file or directory: '/etc/sdfsdf.json'

You need to catch the error if the file doesn't exist

Search results is not prompted anymore

Ekultek · 2018-04-09T14:35:45Z

Last thing;

Need short hands for the arguments:

-D/--dry-run: When working with exploits, DO NOT launch metasploit. Do everything else (report, generate rcscripts, output, etc)
-O/--overwrite/-A/--append: Either start from scratch, discarding hosts.txt or append successive queries to hosts.txt
-ef/--exploit-file-to-use: Specify a JSON exploit file to use.

You don't have to use those, make it your own, but make short hands please

Ekultek

fixes

Selora · 2018-04-09T14:39:32Z

For the -C flag, it was in the initial PR comments. Markdown gobbled the gt/lt signes. Fixed.

Selora · 2018-04-09T14:40:49Z

For short arguments, they are already included (see each commits, included in the PR comments are only the full argument names).

Added a tally at the end. Suppressed much of the output during a dry-run.

Ekultek · 2018-04-09T14:42:05Z

lib/cmdline/cmd.py

+        save_results_args.add_argument("--overwrite", action="store_true", dest="overwriteHosts",
+                        help="When specified, start from scratch by overwriting the host file with new search results.")
+        save_results_args.add_argument("--append", action="store_true", dest="appendHosts",
+                                       help="When specified, append discovered hosts to the host file.")



These don't have shorthands

Ekultek · 2018-04-09T14:42:23Z

lib/cmdline/cmd.py

+        exploit.add_argument("-d", "--dry-run", action="store_true", dest="dryRun",
+                             help="Do not launch metasploit's exploits. Do everything else. msfconsole is never called.")
+        exploit.add_argument("-f", "--exploit-file-to-use", metavar="PATH", dest="exploitFile",
+                             help="Run AutoSploit with provided exploit JSON file.")



Awesome! That's perfect thank you

Ekultek

lol i like the wins and losses

Ekultek · 2018-04-09T14:45:23Z

lib/settings.py

-        "censys": (open(API_KEYS["censys"][0]).read(), open(API_KEYS["censys"][1]).read()),
-        "shodan": (open(API_KEYS["shodan"][0]).read(), )
+        "censys": (open(API_KEYS["censys"][0]).read().rstrip(), open(API_KEYS["censys"][1]).read().rstrip()),
+        "shodan": (open(API_KEYS["shodan"][0]).read().rstrip(), )
    }


Question, why .rstrip() why not just strip it? (idc either way, just curious)

No particular reasons. I had problems with copy-pasta and dangling spaces / CR-LF vs LF endings.

Okay that makes sense. Thought there was some magic I didn't know about lol.

Output an error message to the console if the specified exploit file does not exists.

Ekultek · 2018-04-09T14:55:27Z

comment when you want me to start testing again. Got some iPads to configure

Selora · 2018-04-09T14:58:30Z

Should be good to go

Ekultek · 2018-04-09T15:00:05Z

retesting

Ekultek · 2018-04-09T15:05:03Z

TBG-a0216:autosploit-test admin$ sudo python autosploit.py -f /etc/adsfsdf.sjdfsd -e -C default 127.0.0.1 8080
#SploitaSaurusRex
                                           O_  RAWR!!
                                          /  > 
                                        -  >  ^\
                                      /   >  ^ /   
                                    (O)  >  ^ /   / / /  
       _____                        |            \\|//
      /  __ \                      _/      /     / _/
     /  /  | |                    /       /     / /
   _/  |___/ /                   /      ------_/ / 
 ==_|  \____/                 _/       /  ______/
     \   \                 __/           |\
      |   \_          ____/              / \      _                    
       \    \________/                  |\  \----/_V
        \_                              / \_______ V
          \__                /       \ /          V
             \               \        \
              \______         \_       \
                     \__________\_      \ 
                        /    /    \_    | 
                       |   _/       \   |
                      /  _/          \  |
                     |  /            |  |
                     \  \__          |   \__
                     /\____=\       /\_____=\ v(2.1)
[+] welcome to autosploit, give us a little bit while we configure
[i] checking your running platform
[i] checking for disabled services
[+] attempting to load API keys
[+] Shodan API token loaded from /Users/admin/bin/python/autosploit-test/etc/tokens/shodan.key
[+] Censys API token loaded from /Users/admin/bin/python/autosploit-test/etc/tokens/censys.key
[!] [Errno 2] No such file or directory: '/etc/adsfsdf.sjdfsd'
[i] Loaded 0 exploits from /etc/adsfsdf.sjdfsd.
[+] Launching exploits against 213 hosts:
[+] 216.167.199.223

	54.174.212.152

	63.135.96.79

	216.231.131.113

	184.168.193.47

	64.201.171.15

use lib.settings.close to completely exit the program when a failure happens

Ekultek · 2018-04-09T15:09:37Z

The rest looks good though, good job

Selora · 2018-04-09T15:09:42Z

Requiring 3 arguments to configure metasploit is intended. I haven't changed that argument. I edited the original PR comments.

Ekultek · 2018-04-09T15:10:23Z

@Selora Oh I misunderstood, let me retest that

Ekultek · 2018-04-09T15:11:54Z

Scratch the last issue. The -C is good. Just close the program if there's an error

Ekultek · 2018-04-09T15:15:24Z

merging

selora added 5 commits April 7, 2018 12:50

API keys token file reading error fix

0b1f569

When reading an API key file, tokens are not stripped properly. Non-standard endlines causes an error with shodan/censys/etc APIs

Added a dry-run flag.

30ae78f

When running without the terminal and the --dry-run flag, msfconsole will not be run. A report will still be produced.

Sanitized whitelist comparision with host file.

2250e6c

All leading and trailing whitespaces should be removed before comparing IPs

Added an --exploit-file-to-use option.

8647b29

Load exploits directly from the specified file, do not prompt for exploit-file selection if this option is specified.

Added --append/--overwrite to search engines.

205f8ed

Specifying either will skip the prompt after a search query. --overwrite will start with a blank file but will append futher searches ex: with -s -c --overwrite, both shodan and censys results will be appended to a clean file.

Search all fix for append/overwrite flags.

53cad49

Search results is not prompted anymore

Ekultek self-requested a review April 9, 2018 14:37

Ekultek suggested changes Apr 9, 2018

View reviewed changes

Modified the Exploiter output.

698fa22

Added a tally at the end. Suppressed much of the output during a dry-run.

Ekultek reviewed Apr 9, 2018

View reviewed changes

Bugfix, --exploit-file-to-use

4a323b3

Output an error message to the console if the specified exploit file does not exists.

Added short arguments for --append/--overwrite

fbf7af3

Closing program if invalid file is passed to --exploit-file-to-use

ae2c1be

Ekultek approved these changes Apr 9, 2018

View reviewed changes

Ekultek merged commit 8277b0e into NullArray:dev-beta Apr 9, 2018

Selora mentioned this pull request Apr 9, 2018

PR #133 cleaned - Autosploit Automation #134

Merged

Autosploit automation #132

Autosploit automation #132

Uh oh!

Conversation

Selora commented Apr 9, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Selora commented Apr 9, 2018

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Ekultek commented Apr 9, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Ekultek commented Apr 9, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Ekultek commented Apr 9, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Ekultek left a comment

Choose a reason for hiding this comment

Uh oh!

Selora commented Apr 9, 2018

Uh oh!

Selora commented Apr 9, 2018

Uh oh!

Ekultek Apr 9, 2018

Choose a reason for hiding this comment

Uh oh!

Ekultek Apr 9, 2018

Choose a reason for hiding this comment

Uh oh!

Ekultek left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Ekultek Apr 9, 2018

Choose a reason for hiding this comment

Uh oh!

Selora Apr 9, 2018

Choose a reason for hiding this comment

Uh oh!

Ekultek Apr 9, 2018

Choose a reason for hiding this comment

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Selora commented Apr 9, 2018

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Selora commented Apr 9, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Ekultek commented Apr 9, 2018 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Ekultek commented Apr 9, 2018

Uh oh!

Uh oh!

Selora commented Apr 9, 2018 •

edited

Loading

Ekultek commented Apr 9, 2018 •

edited

Loading

Ekultek commented Apr 9, 2018 •

edited

Loading

Ekultek commented Apr 9, 2018 •

edited

Loading

Ekultek left a comment •

edited

Loading

Selora commented Apr 9, 2018 •

edited

Loading

Ekultek commented Apr 9, 2018 •

edited

Loading