diff --git a/.gitignore b/.gitignore index 589e0df..9e972d1 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,4 @@ api.p hosts.txt secret.p uid.p -etc/tokens/* \ No newline at end of file +etc/tokens/* diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c209f1f..6a02d39 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,11 +2,11 @@ All contributions to AutoSploit are not only welcomed, but highly appreciated, please keep in mind the following while making a pull request: - - Each request should make at least one logical change - - All contributions should be forked from the `dev-beta` branch - - Each request will need to be reviewed before merged, if anything seems weird we will either fix it or ask you to fix it for us - - If you have multiple pushes in one request, please squash them together (or we will before we merge) - - All pull requests that are merged are provided under the same license as the program is, keep the following in mind; +- Each request should make at least one logical change +- All contributions should be forked from the `dev-beta` branch +- Each request will need to be reviewed before merged, if anything seems weird we will either fix it or ask you to fix it for us +- If you have multiple pushes in one request, please squash them together (or we will before we merge) +- All pull requests that are merged are provided under the same license as the program is, keep the following in mind; > By submitting code contributions to AutoSploit via Git pull request or other, checking them into the AutoSploit's source code repository, it is understood (unless you specify otherwise) that you are offering the AutoSploit copyright holders the unlimited, non-exclusive right to reuse, modify, and re-license the code. This is important because the inability to re-license code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them. @@ -14,13 +14,13 @@ All contributions to AutoSploit are not only welcomed, but highly appreciated, p To get started making a contribution please do the following: - - Fork the repository using the fork button - - `git clone https://github.com//AutoSploit.git -b dev-beta` - - Edit the code to your liking - - After editing `git branch && git checkout ` - - Add your commits and comment them - - `git push --set-upstream origin ` - - Open a [pull request](https://github.com/NullArray/AutoSploit/pulls) - - Wait for us to check it out - - Thank you. +- Fork the repository using the fork button +- `git clone https://github.com//AutoSploit.git -b dev-beta` +- Edit the code to your liking +- After editing `git branch && git checkout ` +- Add your commits and comment them +- `git push --set-upstream origin ` +- Open a [pull request](https://github.com/NullArray/AutoSploit/pulls) +- Wait for us to check it out + + Thank you. diff --git a/README.md b/README.md index 967f25e..19f4455 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # AutoSploit -As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. -The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started +As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started **Operational Security Consideration** @@ -68,8 +67,7 @@ Starting the program with `python autosploit.py` will open an AutoSploit termina Choosing option `2` will prompt you for a platform specific search query. Enter `IIS` or `Apache` in example and choose a search engine. After doing so the collected hosts will be saved to be used in the `Exploit` component. -As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type `python autosploit.py -h` -to display all the options available to you. I've posted the options below as well for reference. +As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type `python autosploit.py -h` to display all the options available to you. I've posted the options below as well for reference. ``` usage: python autosploit.py -[c|z|s|a] -[q] QUERY @@ -119,6 +117,14 @@ misc arguments: ENV PATH ``` +## Installation + +```bash +git clone https://github.com/NullArray/AutoSploit +cd AutoSploit +chmod +x install.sh +./install.sh +``` ## Dependencies @@ -149,12 +155,15 @@ Special thanks to [Ekultek](https://github.com/Ekultek) without whoms contributi And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker support. +### Active Development + +While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. ### Active Development -While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. +While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. -I've been working on the new version of the tool in an open source capacity with the help of a number of developers +I've been working on the new version of the tool in an open source capacity with the help of a number of developers that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). If you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines. diff --git a/autosploit.py b/autosploit.py index 579923c..13c7eb5 100644 --- a/autosploit.py +++ b/autosploit.py @@ -2,4 +2,4 @@ if __name__ == "__main__": - main() \ No newline at end of file + main() diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..b00b4a5 --- /dev/null +++ b/install.sh @@ -0,0 +1,50 @@ +#!/bin/bash + +echo " ____ __ __ ______ ___ _____ ____ _ ___ ____ ______ "; +echo " / || | || | / \ / ___/| \| | / \| || |"; +echo "| o || | || || ( \_ | o ) | | || | | |"; +echo "| || | ||_| |_|| O |\__ || _/| |___ | O || | |_| |_|"; +echo "| _ || : | | | | |/ \ || | | || || | | | "; +echo "| | || | | | | |\ || | | || || | | | "; +echo "|__|__| \__,_| |__| \___/ \___||__| |_____| \___/|____| |__| "; +echo " "; + +function installDebian() { + sudo apt-get update; + sudo apt-get -y install git python2.7 python-pip postgresql apache2; + pip2 install requests psutil; + installMSF; +} + +function installFedora() { + sudo yum -y install git python-pip; + pip2 install requests psutil; + installMSF; +} + +function installMSF() { + if [[ ! "$(which msfconsole)" = */* ]]; then + curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ + chmod 755 msfinstall && \ + ./msfinstall; + rm msfinstall; + fi +} + +function install() { + case "$(uname -a)" in + *Debian*|*Ubuntu*) + installDebian; + ;; + *Fedora*) + installFedora; + ;; + *) + echo "Unable to detect Linux flavor..."; + ;; + esac + echo ""; + echo "Installation Complete"; +} + +install;