Scripts to automate autosploit. #133
Conversation
./dryrun_autosploit.sh will search censys/shodan/etc and do a dry-run against discovered hosts that are in the whitelist. VALIDATE THE DRYRUN REPORT BEFORE LAUNCHING THE ACTUAL EXPLOIT RUN ./run_autosploit.sh will run autosploit in exploit mode against previously discovered hosts in the whitelist.
COMES WITHOUT WARRANTY. Use as a starting point. Tweaks to make it usable for dev: - Setup a synced folder with your autosploit dev in the Vagrantfile Refer to vagrant doc. - Use vagrant rsync-auto Since vagrant file cannot really be shared as-is, some tweakings might be necessary. Try: -Modifying the Vagrantfile according to your ssh keys path -Installing the aws-cli pacakge -Configuring ~/.aws directory
etc/json/other_modules.json
Outdated
| @@ -0,0 +1,268 @@ | |||
| { | |||
There was a problem hiding this comment.
This is a list of non-blocking modules. Without using this module file, autosploit is not usable against multiple host since most fuzzers are hanging for an indefinite amount of time.
There was a problem hiding this comment.
So it's basically the same as default_modules.json without fuzzers correct?
There was a problem hiding this comment.
So why wouldn't we just fix/remove the fuzzers instead of creating a duplicate file?
There was a problem hiding this comment.
It's a dev branch; I'm just putting a file I'm able to work with, without deleting stuff some other might rely on.
Feel free to modify the default_modules.json and drop the other_modules.json file.
There was a problem hiding this comment.
yeah just delete this and I'll merge the vagrant
| @@ -0,0 +1,28 @@ | |||
| # Use as a strating point to spin up a box in lightsail. | |||
There was a problem hiding this comment.
Need a Vagrant run in the README, set that up real quick
There was a problem hiding this comment.
Can I leave this to you? I'm just putting this as-is, I do not intend to make it useful nor to explain my setup.
That's what I used as a dev environment, I'm just putting this in case somebody would be interested.
There was a problem hiding this comment.
I have no idea how vagrant works, so we'll just add an issue about it I guess
|
I'm gonna need @NullArray's approval on the removal of the fuzzers. I mean the user could launch their own JSON file with just fuzzers if they wanted |
|
Perhaps we can just put the fuzzers in a separate JSON file and ship it with AutoSploit. Then simply add an option to run AutoSploit in "fuzzer mode", instead of users having to provide their own JSON file, this way we don't have to get rid of the fuzzers and we'll be user friendly by providing an easy solution. |
Successful exploits will start meterpreter in background. Counter for successful exploits/failed exploits bug, couting output lines, not success/failure occurence
Exploiter now grepping escaped MSF output for success/failures. ANSI escape sequences are now properly ignored
|
I'm going to close this PR and rebase these commits into something cleaner. |
* Scripts to automate autosploit. ./dryrun_autosploit.sh will search censys/shodan/etc and do a dry-run against discovered hosts that are in the whitelist. VALIDATE THE DRYRUN REPORT BEFORE LAUNCHING THE ACTUAL EXPLOIT RUN ./run_autosploit.sh will run autosploit in exploit mode against previously discovered hosts in the whitelist. * Removed blocking MSF modules from default module list. Added a fuzzers-only json file. In the same idea, Trans2open exploits are taking about 2h+ per host to run. Maybe implement a "long run" feature in the next release? * Added a vagrant config to easily deploy autosploit to aws-lightsail. COMES WITHOUT WARRANTY. Use as a starting point. Tweaks to make it usable for dev: - Setup a synced folder with your autosploit dev in the Vagrantfile Refer to vagrant doc. - Use vagrant rsync-auto Since vagrant file cannot really be shared as-is, some tweakings might be necessary. Try: -Modifying the Vagrantfile according to your ssh keys path -Installing the aws-cli pacakge -Configuring ~/.aws directory * Bugfix and improvements: Successful exploits will start meterpreter in background. Fixed counter for successful exploits/failed exploits bug, counting success/failure occurence, not line outputs. Success/failures now grepping escaped MSF output for success/failures. Grepping for keywords such as "Meterpreter", "Session" for success.
Wrappers around autosploit.
Could be use to test against a whitelist of your organisation's IP addresses.
./dryrun_autosploit.sh whitelist.txt "search_query"
Will search censys/shodan/etc and do a dry-run against discovered hosts that are in the whitelist.
This will generate a report containing the dry-run results for every hosts in the whitelist.
This does NOT exploit anything.
./run_autosploit.sh
Will run autosploit in exploit mode against previously discovered hosts in the whitelist.
This will generate a report with MSF results for every hosts in the whitelist.
IMPORTANT:
The code to compare each hosts against a whitelist hasn't been thoroughly tested. If you don't validate a dryrun report and run the "run_autosploit.sh" script, and you hit hosts that are outside your given scope, you have been warned.
Also added a Vagrant file. Could be useful to someone, I don't intend to push this a something functional or usable out-of-the-box. Feel free to drop it.