To exploit target you need to exploit one by one, but with AutoSploit you can mass exploit targets. Targets can be collected from internet (shodan, cencys).
As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started
Operational Security Consideration:
Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.
The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.
Using Docker Compose is by far the easiest way to get AutoSploit up and running without too much of a hassle.
Just using Docker.
Dev team contributor Khast3x recently improved Docker operations as well as add more details to the README.md in the
Docker subdirectory. For more information on deploying AutoSploit with Docker please be sure to click here
On any Linux system the following should work :
AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script.
Starting the program with
python autosploit.py will open an AutoSploit terminal session. The options for which are as follows.
1. Usage And Legal 2. Gather Hosts 3. Custom Hosts 4. Add Single Host 5. View Gathered Hosts 6. Exploit Gathered Hosts 99. Quit
2 will prompt you for a platform specific search query. Enter
Apache in example and choose a search engine. After doing so the collected hosts will be saved to be used in the
As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type
python autosploit.py -h to display all the options available to you. I’ve posted the options below as well for reference.
Note: All dependencies should be installed using the above installation method, however, if you find they are not:
AutoSploit depends on the following Python2.7 modules.
Should you find you do not have these installed get them with pip like so.
Since the program invokes functionality from the Metasploit Framework you need to have this installed also. Get it from Rapid7 by clicking here.
Special thanks to Ekultek without whoms contributions to the project, the new version would have been a lot less spectacular.
Thanks to Khast3x for setting up Docker support.
Last but certainly not least. Thanks to all who have submitted Pull Requests, bug reports, useful and productive contributions in general.
If you would like to contribute to the development of this project please be sure to read CONTRIBUTING.md as it contains our contribution guidelines.
Please, also, be sure to read our contribution standards before sending pull requests
If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our Discord server.
If you happen to encounter a bug please feel free to Open a Ticket.
Thanks in advance.