PenTestIT RSS Feed
It has been some days since there was a lot of hue and cry about AutoSploit and eventually everything subsided. I wrote about it in a post titled AutoSploit = Shodan/Censys/Zoomeye + Metasploit too. Recently, an updated an improved updated version - AutoSploit 2.2 was released. This post will try to describe the changes between the initial release and the newest version.
What is AutoSploit?
> AutoSploit stands for Automated Mass Exploiter. It attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions.
This release fixes a few bugs. A brief about them:
run_autosploit.sh. This will run AutoSploit in exploit mode against previously discovered hosts in the whitelist.
dryrun_autosploit.sh. This will search Censys/Shodan/etc. and do a dry-run against discovered hosts that are in the whitelist. VALIDATE THE DRYRUN REPORT BEFORE LAUNCHING THE ACTUAL EXPLOIT.
--dry-runflag, msfconsole will not be run. A report will still be produced.
--exploit-file-to-useoption. Load exploits directly from the specified file, do not prompt for exploit-file selection if this option is specified.
--overwriteto search engines. Specifying either will skip the prompt after a search query.
--overwritewill start with a blank file but will append further searches ex: with
--overwrite, both Shodan and Censys results will be appended to a clean file.
--exploit-file-to-useOutput an error message to the console if the specified exploit file does not exists.
AutoSploit 2.2 (AutoSploit-2.2.zip/AutoSploit-2.2.tar.gz) can be downloaded from here. Another way is to perform a git pull on the directory to get everything from the source repository.