Search the Community

AutoSploit As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform-specific search query such as; Apache, IIS, etc, upon which a list of candidates will be retrieved. After this operation has been completed the ‘Exploit’ component of the program will go about the business of attempting to exploit these targets by running a series of Metasploit modules against them. Which Metasploit modules will be employed in this manner is determined by programmatically comparing the name of the module to the initial search query. However, I have added functionality to run all available modules against the targets in a ‘Hail Mary’ type of attack as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, localhost and local port for MSF facilitated back connections are configured through the dialog that comes up before the ‘Exploit’ component is started. Operational Security Consideration Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available. Version 4.0 released Implements the ability to use nmap from within the terminal function as a "local" system. Meaning that instead of having multiple tabs open to nmap and attack you can now nmap from within the shell and make your choice on what to target [HIDE][Hidden Content]]

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started Operational Security Consideration Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available. The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent. This release adds a number of features and bug fixes. Features New Terminal. Now also supports; Custom Commands Command History Native binary execution (/bin & /sbin) Host file backup support Options to renew or reset API tokens SRC [Hidden Content]

AutoSploit As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started Operational Security Consideration Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available. The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent. Changelog v3.0 Features New Terminal. Now also supports; Custom Commands Command Histor Native binary execution (/bin & /sbin) Host file backup support Options to renew or reset API tokens [HIDE][Hidden Content]]