From 8e4816801caaf2751bfcb945f0bfcca06ba3d4e0 Mon Sep 17 00:00:00 2001 From: Ekultek Date: Thu, 1 Mar 2018 11:43:46 -0600 Subject: [PATCH 01/10] Added a helpful link directory --- README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 850d373..33c8146 100644 --- a/README.md +++ b/README.md @@ -9,6 +9,14 @@ Receiving back connections on your local machine might not be the best idea from The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent. +# Helpful links + - [Usage](https://github.com/NullArray/AutoSploit#usage) + - [Dependencies](https://github.com/NullArray/AutoSploit#dependencies) + - [User Manual](https://github.com/NullArray/AutoSploit/wiki) + - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements) + - [Development](https://github.com/NullArray/AutoSploit#active-development) + - [Discord server](https://discord.gg/9BeeZQk) + ## Usage Clone the repo. Or deploy via Docker. Details for which can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker) @@ -113,10 +121,13 @@ And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker suppor ### Active Development + While this isn't exactly a Beta release it is an early release nonetheless as such the tool might be subject to changes in the future. I've been working on the new version of the tool in an open source capacity with the help of a number of developers -that have expressed an interest in doing so. The new version will include extra features such as the ability to load in a custom target and exploit list among many more enhancements. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta) +that have expressed an interest in doing so. The new version will include extra features such as the ability to load in a custom target and exploit list among many more enhancements. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). + +If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord chat](https://discord.gg/9BeeZQk). ### Note From 33671f25d5393cff0f740acae7129fb06ecc5010 Mon Sep 17 00:00:00 2001 From: NullArray Date: Thu, 1 Mar 2018 17:53:20 +0000 Subject: [PATCH 02/10] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 33c8146..c7ebacf 100644 --- a/README.md +++ b/README.md @@ -122,7 +122,7 @@ And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker suppor ### Active Development -While this isn't exactly a Beta release it is an early release nonetheless as such the tool might be subject to changes in the future. +While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. I've been working on the new version of the tool in an open source capacity with the help of a number of developers that have expressed an interest in doing so. The new version will include extra features such as the ability to load in a custom target and exploit list among many more enhancements. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). From 425799885ca026f075ea07c8b3ce593e33d9de4b Mon Sep 17 00:00:00 2001 From: NullArray Date: Thu, 1 Mar 2018 18:34:12 +0000 Subject: [PATCH 03/10] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c7ebacf..3fc99e1 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,7 @@ And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker suppor While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. I've been working on the new version of the tool in an open source capacity with the help of a number of developers -that have expressed an interest in doing so. The new version will include extra features such as the ability to load in a custom target and exploit list among many more enhancements. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). +that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord chat](https://discord.gg/9BeeZQk). From 7c0ea6b0b34ff225ac7c7e402718c5a172bc25dc Mon Sep 17 00:00:00 2001 From: NullArray Date: Thu, 1 Mar 2018 18:41:31 +0000 Subject: [PATCH 04/10] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 3fc99e1..e4b81a3 100644 --- a/README.md +++ b/README.md @@ -127,6 +127,8 @@ While this isn't exactly a Beta release, AutoSploit 2.0 is an early release none I've been working on the new version of the tool in an open source capacity with the help of a number of developers that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). +If you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines. + If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord chat](https://discord.gg/9BeeZQk). ### Note From 6e24c524596e3f14554643eba416aaa712ca5b12 Mon Sep 17 00:00:00 2001 From: Aidan Holland Date: Fri, 2 Mar 2018 11:06:56 -0500 Subject: [PATCH 05/10] Added install script --- .gitignore | 2 +- CONTRIBUTING.md | 30 ++++++++++++++-------------- README.md | 29 ++++++++++++--------------- autosploit.py | 2 +- install.sh | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 81 insertions(+), 34 deletions(-) create mode 100755 install.sh diff --git a/.gitignore b/.gitignore index 589e0df..9e972d1 100644 --- a/.gitignore +++ b/.gitignore @@ -4,4 +4,4 @@ api.p hosts.txt secret.p uid.p -etc/tokens/* \ No newline at end of file +etc/tokens/* diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index c209f1f..6a02d39 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,11 +2,11 @@ All contributions to AutoSploit are not only welcomed, but highly appreciated, please keep in mind the following while making a pull request: - - Each request should make at least one logical change - - All contributions should be forked from the `dev-beta` branch - - Each request will need to be reviewed before merged, if anything seems weird we will either fix it or ask you to fix it for us - - If you have multiple pushes in one request, please squash them together (or we will before we merge) - - All pull requests that are merged are provided under the same license as the program is, keep the following in mind; +- Each request should make at least one logical change +- All contributions should be forked from the `dev-beta` branch +- Each request will need to be reviewed before merged, if anything seems weird we will either fix it or ask you to fix it for us +- If you have multiple pushes in one request, please squash them together (or we will before we merge) +- All pull requests that are merged are provided under the same license as the program is, keep the following in mind; > By submitting code contributions to AutoSploit via Git pull request or other, checking them into the AutoSploit's source code repository, it is understood (unless you specify otherwise) that you are offering the AutoSploit copyright holders the unlimited, non-exclusive right to reuse, modify, and re-license the code. This is important because the inability to re-license code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them. @@ -14,13 +14,13 @@ All contributions to AutoSploit are not only welcomed, but highly appreciated, p To get started making a contribution please do the following: - - Fork the repository using the fork button - - `git clone https://github.com//AutoSploit.git -b dev-beta` - - Edit the code to your liking - - After editing `git branch && git checkout ` - - Add your commits and comment them - - `git push --set-upstream origin ` - - Open a [pull request](https://github.com/NullArray/AutoSploit/pulls) - - Wait for us to check it out - - Thank you. +- Fork the repository using the fork button +- `git clone https://github.com//AutoSploit.git -b dev-beta` +- Edit the code to your liking +- After editing `git branch && git checkout ` +- Add your commits and comment them +- `git push --set-upstream origin ` +- Open a [pull request](https://github.com/NullArray/AutoSploit/pulls) +- Wait for us to check it out + + Thank you. diff --git a/README.md b/README.md index e4b81a3..46f4f8f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,6 @@ # AutoSploit -As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. -The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started +As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started **Operational Security Consideration** @@ -10,16 +9,17 @@ Receiving back connections on your local machine might not be the best idea from The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent. # Helpful links - - [Usage](https://github.com/NullArray/AutoSploit#usage) - - [Dependencies](https://github.com/NullArray/AutoSploit#dependencies) - - [User Manual](https://github.com/NullArray/AutoSploit/wiki) - - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements) - - [Development](https://github.com/NullArray/AutoSploit#active-development) - - [Discord server](https://discord.gg/9BeeZQk) + +- [Usage](https://github.com/NullArray/AutoSploit#usage) +- [Dependencies](https://github.com/NullArray/AutoSploit#dependencies) +- [User Manual](https://github.com/NullArray/AutoSploit/wiki) +- [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements) +- [Development](https://github.com/NullArray/AutoSploit#active-development) +- [Discord server](https://discord.gg/9BeeZQk) ## Usage -Clone the repo. Or deploy via Docker. Details for which can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker) +Clone the repo. Or deploy via Docker. Details for which can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker) `git clone https://github.com/NullArray/AutoSploit.git` @@ -37,8 +37,7 @@ Starting the program with `python autosploit.py` will open an AutoSploit termina Choosing option `2` will prompt you for a platform specific search query. Enter `IIS` or `Apache` in example and choose a search engine. After doing so the collected hosts will be saved to be used in the `Exploit` component. -As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type `python autosploit.py -h` -to display all the options available to you. I've posted the options below as well for reference. +As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type `python autosploit.py -h` to display all the options available to you. I've posted the options below as well for reference. ``` usage: python autosploit.py -[c|z|s|a] -[q] QUERY @@ -88,7 +87,6 @@ misc arguments: ENV PATH ``` - ## Dependencies AutoSploit depends on the following Python2.7 modules. @@ -118,14 +116,11 @@ Special thanks to [Ekultek](https://github.com/Ekultek) without whoms contributi And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker support. - - ### Active Development -While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. +While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. -I've been working on the new version of the tool in an open source capacity with the help of a number of developers -that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). +I've been working on the new version of the tool in an open source capacity with the help of a number of developers that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). If you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines. diff --git a/autosploit.py b/autosploit.py index 579923c..13c7eb5 100644 --- a/autosploit.py +++ b/autosploit.py @@ -2,4 +2,4 @@ if __name__ == "__main__": - main() \ No newline at end of file + main() diff --git a/install.sh b/install.sh new file mode 100755 index 0000000..db9b3b6 --- /dev/null +++ b/install.sh @@ -0,0 +1,52 @@ +#!/bin/bash + +echo " ____ __ __ ______ ___ _____ ____ _ ___ ____ ______ "; +echo " / || | || | / \ / ___/| \| | / \| || |"; +echo "| o || | || || ( \_ | o ) | | || | | |"; +echo "| || | ||_| |_|| O |\__ || _/| |___ | O || | |_| |_|"; +echo "| _ || : | | | | |/ \ || | | || || | | | "; +echo "| | || | | | | |\ || | | || || | | | "; +echo "|__|__| \__,_| |__| \___/ \___||__| |_____| \___/|____| |__| "; +echo " "; + +function installDebian() { + sudo apt-get update; + sudo apt-get -y install git python2.7 python-pip postgresql apache2; + pip install requests psutil; + installMSF; +} + +function installFedora() { + sudo yum -y install git python-pip; + pip install requests psutil; + installMSF; +} + +function installMSF() { + if [ ! -d "/opt/metasploit-framework" ]; then + curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ + chmod 755 msfinstall && \ + ./msfinstall; + rm msfinstall; + fi +} + +function install() { + case "$(uname -a)" in + *Debian*) + installDebian; + ;; + *Fedora*) + installFedora; + ;; + *) + echo "Unable to detect Linux flavor..."; + ;; + esac + echo ""; + echo "Installation Complete"; + echo "Running AutoSploit"; + python2.7 autosploit.py; +} + +install; From cda77094e17ca7c076f451d149c690c7a90603b2 Mon Sep 17 00:00:00 2001 From: Aidan Holland Date: Fri, 2 Mar 2018 12:10:22 -0500 Subject: [PATCH 06/10] Check PATH --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index db9b3b6..29af525 100755 --- a/install.sh +++ b/install.sh @@ -23,7 +23,7 @@ function installFedora() { } function installMSF() { - if [ ! -d "/opt/metasploit-framework" ]; then + if [ ! -e "/usr/bin/msfconsole" ]; then curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ chmod 755 msfinstall && \ ./msfinstall; From 9ec57c0bbbc3f22a0716f336c70b00b4ec2be032 Mon Sep 17 00:00:00 2001 From: Aidan Holland Date: Fri, 2 Mar 2018 12:21:43 -0500 Subject: [PATCH 07/10] Fixed msfconsole PATH --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 29af525..3b8753a 100755 --- a/install.sh +++ b/install.sh @@ -23,7 +23,7 @@ function installFedora() { } function installMSF() { - if [ ! -e "/usr/bin/msfconsole" ]; then + if [[ ! "$(which msfconsole)" = */* ]]; then curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \ chmod 755 msfinstall && \ ./msfinstall; From ac8859156ddb8a30fda31e2e7785e2bc100c6c76 Mon Sep 17 00:00:00 2001 From: Aidan Holland Date: Fri, 2 Mar 2018 12:29:40 -0500 Subject: [PATCH 08/10] Fixed ubuntu error --- install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/install.sh b/install.sh index 3b8753a..de1acc8 100755 --- a/install.sh +++ b/install.sh @@ -33,7 +33,7 @@ function installMSF() { function install() { case "$(uname -a)" in - *Debian*) + *Debian*|*Ubuntu*) installDebian; ;; *Fedora*) From c6e0730af4821e6b7c7ad3ceb5a1bb45828a6999 Mon Sep 17 00:00:00 2001 From: Aidan Holland Date: Fri, 2 Mar 2018 12:38:44 -0500 Subject: [PATCH 09/10] Added installation instructions --- README.md | 13 +++++++++++-- install.sh | 2 -- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index bec1c0b..6328944 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,15 @@ misc arguments: ENV PATH ``` +## Installation + +```bash +git clone https://github.com/NullArray/AutoSploit +cd AutoSploit +chmod +x install.sh +./install.sh +``` + ## Dependencies AutoSploit depends on the following Python2.7 modules. @@ -123,9 +132,9 @@ While this isn't exactly a Beta release, AutoSploit 2.0 is an early release none ### Active Development -While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. +While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. -I've been working on the new version of the tool in an open source capacity with the help of a number of developers +I've been working on the new version of the tool in an open source capacity with the help of a number of developers that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta). If you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines. diff --git a/install.sh b/install.sh index de1acc8..56bb9ee 100755 --- a/install.sh +++ b/install.sh @@ -45,8 +45,6 @@ function install() { esac echo ""; echo "Installation Complete"; - echo "Running AutoSploit"; - python2.7 autosploit.py; } install; From b6b2c1b6bbecaf4063e1db5ee0117a5108505d5a Mon Sep 17 00:00:00 2001 From: Aidan Holland Date: Fri, 2 Mar 2018 12:47:56 -0500 Subject: [PATCH 10/10] Use pip2 --- install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/install.sh b/install.sh index 56bb9ee..b00b4a5 100755 --- a/install.sh +++ b/install.sh @@ -12,13 +12,13 @@ echo " "; function installDebian() { sudo apt-get update; sudo apt-get -y install git python2.7 python-pip postgresql apache2; - pip install requests psutil; + pip2 install requests psutil; installMSF; } function installFedora() { sudo yum -y install git python-pip; - pip install requests psutil; + pip2 install requests psutil; installMSF; }