Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
8277b0e
Autosploit automation (#132)
Selora Apr 9, 2018
4506271
PR #133 cleaned - Autosploit Automation (#134)
Selora Apr 10, 2018
c389114
renaming to match the default modules
Ekultek Apr 11, 2018
98fd562
updating to match master
Apr 11, 2018
a919e55
updating to match master
Apr 11, 2018
0a8f552
fixes a typo in an
Apr 11, 2018
d6bccb0
completely reworked the OSX installer. It will now install on OSX suc…
Apr 11, 2018
a5408c8
merging the double install method into a single section
Apr 11, 2018
7c3ca6a
changing execution permissions on a couple files
Apr 11, 2018
80f7f84
minor update to catch a an error
Apr 11, 2018
f61b4fe
minor update to make it 'prettier'
Apr 11, 2018
df0e293
editing the results, no hardcoded '*'s now, they have their own variable
Apr 11, 2018
94035b8
minor update to edit a misspelling
Apr 11, 2018
c2936af
pretty update
Apr 11, 2018
e31bb3e
fixes a minor typo
Apr 11, 2018
75d4e50
added TODO's for reference
Jun 7, 2018
b998ad8
changing from services to systemctl (issue #138)
Jun 8, 2018
158087b
creating a check to see if you are admin or not. Will close if you ar…
Jun 8, 2018
41a938e
fixes the bug in sorting relevant modules (issue #141)
Jun 8, 2018
145611d
some updates for everything, PEPing and bashing syntax
Jun 8, 2018
ce914aa
the dryrun_autosploit script will now work successfully
Jun 8, 2018
d39cc7e
ready for production
Ekultek Jun 8, 2018
d842769
Merge branch 'master' into dev-beta
Ekultek Jun 8, 2018
5a0cf98
minor update for spacing
Ekultek Jun 8, 2018
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,5 @@ hosts.txt
secret.p
uid.p
etc/tokens/*
autosploit_out/*
venv/*
37 changes: 26 additions & 11 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,32 @@ docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit
EOF
```

On any Linux system the following should work;

```bash
git clone https://github.com/NullArray/AutoSploit
cd AutoSploit
chmod +x install.sh
./install.sh
```

If you want to run AutoSploit on a macOS system, AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. To do this, do the following;

```bash
sudo -s << '_EOF'
pip2 install virtualenv --user
git clone https://github.com/NullArray/AutoSploit.git
virtualenv <PATH-TO-YOUR-ENV>
source <PATH-TO-YOUR-ENV>/bin/activate
cd <PATH-TO-AUTOSPLOIT>
pip2 install -r requirements.txt
chmod +x install.sh
./install.sh
python autosploit.py
_EOF
```


More information on running Docker can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker)

## Usage
Expand Down Expand Up @@ -123,17 +149,6 @@ misc arguments:
--whitelist PATH only exploit hosts listed in the whitelist file
```

## Installation

On any Linux system the following should work;

```bash
git clone https://github.com/NullArray/AutoSploit
cd AutoSploit
chmod +x install.sh
./install.sh
```

If you want to run AutoSploit on a macOS system, AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. To do this, do the following;

```bash
Expand Down
28 changes: 28 additions & 0 deletions Vagrant/Vagrantfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Use as a strating point to spin up a box in lightsail.
# the vagrant-lightsail plugin is required
# You probably also need to:
# - Configure the ssh keys path
# - Install and configure the aws-cli package

Vagrant.configure('2') do |config|
config.vm.synced_folder ".", "/vagrant", type: "rsync",
rsync__exclude: ".git/",
rsync__auto: true

config.ssh.private_key_path = '/path/to/id_rsa'
config.ssh.username = 'ubuntu'
config.vm.box = 'lightsail'
config.vm.box_url = 'https://github.com/thejandroman/vagrant-lightsail/raw/master/box/lightsail.box'
config.vm.hostname = 'autosploit-launcher'

config.vm.provider :lightsail do |provider, override|
provider.port_info = [{ from_port: 0, to_port: 65535, protocol:
'all' }]
provider.keypair_name = 'id_rsa'
provider.bundle_id = 'small_1_0'
end

config.vm.provision "bootstrap", type: "shell", run: "once" do |s|
s.path = "./bootstrap/bootstrap.sh"
end
end
19 changes: 19 additions & 0 deletions Vagrant/bootstrap/bootstrap.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
#!/bin/bash

echo "Yolosploit configurator 2.42"
sudo apt-get --yes update
sudo apt-get --yes upgrade

echo "Installing metasploit. BE PATIENT (5 min max?)"
wget --quiet https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
chmod +x metasploit-latest-linux-x64-installer.run
sudo ./metasploit-latest-linux-x64-installer.run --unattendedmodeui none --prefix /opt/msf --mode unattended

echo "Installing python2"
sudo apt-get --yes install python python-pip python-virtualenv git

sudo apt-get --yes install fish
sudo chsh -s /usr/bin/fish ubuntu

cd ~
git clone https://github.com/NullArray/AutoSploit
5 changes: 3 additions & 2 deletions api_calls/censys.py
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,14 @@ class CensysAPIHook(object):
Censys API hook
"""

def __init__(self, identity=None, token=None, query=None, proxy=None, agent=None, **kwargs):
def __init__(self, identity=None, token=None, query=None, proxy=None, agent=None, save_mode=None, **kwargs):
self.id = identity
self.token = token
self.query = query
self.proxy = proxy
self.user_agent = agent
self.host_file = HOST_FILE
self.save_mode = save_mode

def censys(self):
"""
Expand All @@ -38,7 +39,7 @@ def censys(self):
json_data = req.json()
for item in json_data["results"]:
discovered_censys_hosts.add(str(item["ip"]))
write_to_file(discovered_censys_hosts, self.host_file)
write_to_file(discovered_censys_hosts, self.host_file, mode=self.save_mode)
return True
except Exception as e:
raise AutoSploitAPIConnectionError(str(e))
5 changes: 3 additions & 2 deletions api_calls/shodan.py
Original file line number Diff line number Diff line change
Expand Up @@ -17,12 +17,13 @@ class ShodanAPIHook(object):
Shodan API hook, saves us from having to install another dependency
"""

def __init__(self, token=None, query=None, proxy=None, agent=None, **kwargs):
def __init__(self, token=None, query=None, proxy=None, agent=None, save_mode=None, **kwargs):
self.token = token
self.query = query
self.proxy = proxy
self.user_agent = agent
self.host_file = HOST_FILE
self.save_mode = save_mode

def shodan(self):
"""
Expand All @@ -38,7 +39,7 @@ def shodan(self):
json_data = json.loads(req.content)
for match in json_data["matches"]:
discovered_shodan_hosts.add(match["ip_str"])
write_to_file(discovered_shodan_hosts, self.host_file)
write_to_file(discovered_shodan_hosts, self.host_file, mode=self.save_mode)
return True
except Exception as e:
raise AutoSploitAPIConnectionError(str(e))
Expand Down
5 changes: 3 additions & 2 deletions api_calls/zoomeye.py
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,14 @@ class ZoomEyeAPIHook(object):
so we're going to use some 'lifted' credentials to login for us
"""

def __init__(self, query=None, proxy=None, agent=None, **kwargs):
def __init__(self, query=None, proxy=None, agent=None, save_mode=None, **kwargs):
self.query = query
self.host_file = HOST_FILE
self.proxy = proxy
self.user_agent = agent
self.user_file = "{}/etc/text_files/users.lst".format(os.getcwd())
self.pass_file = "{}/etc/text_files/passes.lst".format(os.getcwd())
self.save_mode = save_mode

@staticmethod
def __decode(filepath):
Expand Down Expand Up @@ -81,7 +82,7 @@ def zoomeye(self):
discovered_zoomeye_hosts.add(ip)
else:
discovered_zoomeye_hosts.add(str(item["ip"][0]))
write_to_file(discovered_zoomeye_hosts, self.host_file)
write_to_file(discovered_zoomeye_hosts, self.host_file, mode=self.save_mode)
return True
except Exception as e:
raise AutoSploitAPIConnectionError(str(e))
Expand Down
6 changes: 5 additions & 1 deletion autosploit.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
from autosploit.main import main
from lib.output import error


if __name__ == "__main__":
main()
try:
main()
except KeyboardInterrupt:
error("user aborted session")
28 changes: 25 additions & 3 deletions autosploit/main.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
import os
import sys
import ctypes
import psutil
import platform

Expand All @@ -19,11 +21,23 @@
EXPLOIT_FILES_PATH,
START_SERVICES_PATH
)
from lib.jsonize import load_exploits
from lib.jsonize import (
load_exploits,
load_exploit_file
)


def main():

try:
is_admin = os.getuid() == 0
except AttributeError:
# we'll make it cross platform because it seems like a cool idea
is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0

if not is_admin:
close("must have admin privileges to run")

opts = AutoSploitParser().optparser()

logo()
Expand Down Expand Up @@ -73,8 +87,16 @@ def main():
info("attempting to load API keys")
loaded_tokens = load_api_keys()
AutoSploitParser().parse_provided(opts)
misc_info("checking if there are multiple exploit files")
loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)

if not opts.exploitFile:
misc_info("checking if there are multiple exploit files")
loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
else:
loaded_exploits = load_exploit_file(opts.exploitFile)
misc_info("Loaded {} exploits from {}.".format(
len(loaded_exploits),
opts.exploitFile))

AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits)
else:
warning("no arguments have been parsed, defaulting to terminal session. press 99 to quit and help to get help")
Expand Down
29 changes: 29 additions & 0 deletions dryrun_autosploit.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/usr/bin/env bash


if [[ $# -lt 1 ]]; then
echo "Syntax:"
echo -e "\t./dryrun_autosploit.sh <search_query> [whitelist]"
exit 1
fi

echo -e "[!] Make sure you are not on your localhost while running this script, press enter to continue";
read

WHITELIST=$2
SEARCH_QUERY=$1
LPORT=4444

LHOST=`dig +short @resolver1.opendns.com myip.opendns.com`
TIMESTAMP=`date +%s`


if [ ! $WHITELIST ]; then
echo "executing: python autosploit.py -s -c -q \"${SEARCH_QUERY}\" --overwrite -C \"msf_autorun_${TIMESTAMP}\" $LHOST $LPORT --exploit-file-to-use etc/json/default_modules.json --dry-run -e"

python autosploit.py -s -c -q "${SEARCH_QUERY}" --overwrite -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT --exploit-file-to-use etc/json/default_modules.json --dry-run -e
else
echo "executing: python autosploit.py -s -c -q \"${SEARCH_QUERY}\" --overwrite --whitelist $WHITELIST -e -C \"msf_autorun_${TIMESTAMP}\" $LHOST $LPORT --exploit-file-to-use etc/json/default_modules.json --dry-run -e"

python autosploit.py -s -c -q "${SEARCH_QUERY}" --overwrite --whitelist $WHITELIST -e -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT --exploit-file-to-use etc/json/default_modules.json --dry-run -e
fi;
25 changes: 25 additions & 0 deletions etc/json/default_fuzzers.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
{
"exploits": [
"auxiliary/fuzzers/dns/dns_fuzzer",
"auxiliary/fuzzers/ftp/client_ftp",
"auxiliary/fuzzers/ftp/ftp_pre_post",
"auxiliary/fuzzers/http/http_form_field",
"auxiliary/fuzzers/http/http_get_uri_long",
"auxiliary/fuzzers/http/http_get_uri_strings",
"auxiliary/fuzzers/ntp/ntp_protocol_fuzzer",
"auxiliary/fuzzers/smb/smb2_negotiate_corrupt",
"auxiliary/fuzzers/smb/smb_create_pipe",
"auxiliary/fuzzers/smb/smb_create_pipe_corrupt",
"auxiliary/fuzzers/smb/smb_negotiate_corrupt ",
"auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt",
"auxiliary/fuzzers/smb/smb_tree_connect",
"auxiliary/fuzzers/smb/smb_tree_connect_corrupt",
"auxiliary/fuzzers/smtp/smtp_fuzzer",
"auxiliary/fuzzers/ssh/ssh_kexinit_corrupt",
"auxiliary/fuzzers/ssh/ssh_version_15",
"auxiliary/fuzzers/ssh/ssh_version_2",
"auxiliary/fuzzers/ssh/ssh_version_corrupt",
"auxiliary/fuzzers/tds/tds_login_corrupt",
"auxiliary/fuzzers/tds/tds_login_username"
]
}
23 changes: 1 addition & 22 deletions etc/json/default_modules.json
Original file line number Diff line number Diff line change
Expand Up @@ -263,27 +263,6 @@
"exploit/windows/smb/ipass_pipe_exec",
"exploit/windows/smb/smb_relay",
"auxiliary/sqli/oracle/jvm_os_code_10g",
"auxiliary/sqli/oracle/jvm_os_code_11g",
"auxiliary/fuzzers/dns/dns_fuzzer",
"auxiliary/fuzzers/ftp/client_ftp",
"auxiliary/fuzzers/ftp/ftp_pre_post",
"auxiliary/fuzzers/http/http_form_field",
"auxiliary/fuzzers/http/http_get_uri_long",
"auxiliary/fuzzers/http/http_get_uri_strings",
"auxiliary/fuzzers/ntp/ntp_protocol_fuzzer",
"auxiliary/fuzzers/smb/smb2_negotiate_corrupt",
"auxiliary/fuzzers/smb/smb_create_pipe",
"auxiliary/fuzzers/smb/smb_create_pipe_corrupt",
"auxiliary/fuzzers/smb/smb_negotiate_corrupt ",
"auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt",
"auxiliary/fuzzers/smb/smb_tree_connect",
"auxiliary/fuzzers/smb/smb_tree_connect_corrupt",
"auxiliary/fuzzers/smtp/smtp_fuzzer",
"auxiliary/fuzzers/ssh/ssh_kexinit_corrupt",
"auxiliary/fuzzers/ssh/ssh_version_15",
"auxiliary/fuzzers/ssh/ssh_version_2",
"auxiliary/fuzzers/ssh/ssh_version_corrupt",
"auxiliary/fuzzers/tds/tds_login_corrupt",
"auxiliary/fuzzers/tds/tds_login_username"
"auxiliary/sqli/oracle/jvm_os_code_11g"
]
}
8 changes: 4 additions & 4 deletions etc/scripts/start_services.sh
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
#!/bin/bash

function startApacheLinux () {
sudo service apache2 start > /dev/null 2>&1
sudo systemctl start apache2 > /dev/null 2>&1
}

function startPostgreSQLLinux () {
sudo service postgresql start > /dev/null 2>&1
sudo systemctl start postgresql > /dev/null 2>&1
}

function startApacheOSX () {
Expand All @@ -24,8 +24,8 @@ function main () {
startApacheOSX;
startPostgreSQLOSX;
else
echo "[*} invalid operating system";
echo "[*] invalid operating system";
fi
}

main $@;
main $@;
Loading