AutoSploit是一款采用Python开发的自动化大规模漏洞利用工具,它可以利用Shodan、Censys或Zoomeye搜索引擎来定位攻击目标,用户可以随意选择使用其中任意一个。设置好需要攻击的目标之后,该工具可以启动相关的Metasploit模块来实施攻击。默认配置下,AutoSploit提供了超过三百中预定义的Metasploit模块,用户可以用它们在不同操作系统主机、Web应用程序和入侵检测系统等基础设施上实现代码执行。当然了,用户也可以通过修改etc/json/default_modules.json文件来添加新的模块。
下面给出的是AutoSploit默认自带的MetaSploit模块列表:
exploit/windows/ftp/ms09_053_ftpd_nlstexploit/windows/firewall/blackice_pam_icqexploit/windows/http/amlibweb_webquerydll_appexploit/windows/http/ektron_xslt_exec_wsexploit/windows/http/umbraco_upload_aspxexploit/windows/iis/iis_webdav_scstoragepathfromurlexploit/windows/iis/iis_webdav_upload_aspexploit/windows/iis/ms01_023_printerexploit/windows/iis/ms01_026_dbldecodeexploit/windows/iis/ms01_033_idqexploit/windows/iis/ms02_018_htrexploit/windows/iis/ms02_065_msadcexploit/windows/iis/ms03_007_ntdll_webdavexploit/windows/iis/msadcexploit/windows/isapi/ms00_094_pbserverexploit/windows/isapi/ms03_022_nsiislog_postexploit/windows/isapi/ms03_051_fp30reg_chunkedexploit/windows/isapi/rsa_webagent_redirectexploit/windows/isapi/w3who_queryexploit/windows/scada/advantech_webaccess_dashboard_file_uploadexploit/windows/ssl/ms04_011_pctexploit/freebsd/http/watchguard_cmd_execexploit/linux/http/alienvault_execexploit/linux/http/alienvault_sqli_execexploit/linux/http/astium_sqli_uploadexploit/linux/http/centreon_sqli_execexploit/linux/http/centreon_useralias_execexploit/linux/http/crypttech_cryptolog_login_execexploit/linux/http/dolibarr_cmd_execexploit/linux/http/goautodial_3_rce_command_injectionexploit/linux/http/kloxo_sqliexploit/linux/http/nagios_xi_chained_rceexploit/linux/http/netgear_wnr2000_rceexploit/linux/http/pandora_fms_sqliexploit/linux/http/riverbed_netprofiler_netexpress_exeexploit/linux/http/wd_mycloud_multiupload_uploadexploit/linux/http/zabbix_sqliexploit/linux/misc/qnap_transcode_serverexploit/linux/mysql/mysql_yassl_getnameexploit/linux/mysql/mysql_yassl_helloexploit/linux/postgres/postgres_payloadexploit/linux/samba/is_known_pipenameexploit/multi/browser/java_jre17_driver_managerexploit/multi/http/atutor_sqliexploit/multi/http/dexter_casinoloader_execexploit/multi/http/drupal_drupageddonexploit/multi/http/manage_engine_dc_pmp_sqliexploit/multi/http/manageengine_search_sqliexploit/multi/http/movabletype_upgrade_execexploit/multi/http/php_volunteer_upload_exeexploit/multi/http/sonicwall_scrutinizer_methoddetail_sqliexploit/multi/http/splunk_mappy_execexploit/multi/http/testlink_upload_execexploit/multi/http/zpanel_information_disclosure_rceexploit/multi/misc/legend_bot_execexploit/multi/mysql/mysql_udf_payloadexploit/multi/postgres/postgres_createlangexploit/solaris/sunrpc/ypupdated_execexploit/unix/ftp/proftpd_133c_backdoorexploit/unix/http/tnftp_savefileexploit/unix/webapp/joomla_contenthistory_sqli_rceexploit/unix/webapp/kimai_sqliexploit/unix/webapp/openemr_sqli_privesc_uploadexploit/unix/webapp/seportal_sqli_execexploit/unix/webapp/vbulletin_vote_sqli_execexploit/unix/webapp/vicidial_manager_send_cmd_execexploit/windows/antivirus/symantec_endpoint_manager_rceexploit/windows/http/apache_mod_rewrite_ldapexploit/windows/http/ca_totaldefense_regeneratereportsexploit/windows/http/cyclope_ess_sqliexploit/windows/http/hp_mpa_job_acctexploit/windows/http/solarwinds_storage_manager_sqlexploit/windows/http/sonicwall_scrutinizer_sqlexploit/windows/misc/altiris_ds_sqliexploit/windows/misc/fb_cnct_groupexploit/windows/misc/lianja_db_netexploit/windows/misc/manageengine_eventlog_analyzer_rceexploit/windows/mssql/lyris_listmanager_weak_passexploit/windows/mssql/ms02_039_slammerexploit/windows/mssql/ms09_004_sp_replwritetovarbinexploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqliexploit/windows/mssql/mssql_linkcrawlerexploit/windows/mssql/mssql_payloadexploit/windows/mssql/mssql_payload_sqliexploit/windows/mysql/mysql_mofexploit/windows/mysql/mysql_start_upexploit/windows/mysql/mysql_yassl_helloexploit/windows/mysql/scrutinizer_upload_execexploit/windows/postgres/postgres_payloadexploit/windows/scada/realwin_on_fcs_loginexploit/multi/http/rails_actionpack_inline_execexploit/multi/http/rails_dynamic_render_code_execexploit/multi/http/rails_json_yaml_code_execexploit/multi/http/rails_secret_deserializationexploit/multi/http/rails_web_console_v2_code_execexploit/multi/http/rails_xml_yaml_code_execexploit/multi/http/rocket_servergraph_file_requestor_rceexploit/multi/http/phpmoadmin_execexploit/multi/http/phpmyadmin_3522_backdoorexploit/multi/http/phpmyadmin_preg_replaceexploit/multi/http/phpscheduleit_start_dateexploit/multi/http/phptax_execexploit/multi/http/phpwiki_ploticus_execexploit/multi/http/plone_popen2exploit/multi/http/pmwiki_pagelistexploit/multi/http/joomla_http_header_rceexploit/multi/http/novell_servicedesk_rceexploit/multi/http/oracle_reports_rceexploit/multi/http/php_utility_belt_rceexploit/multi/http/phpfilemanager_rceexploit/multi/http/processmaker_execexploit/multi/http/rocket_servergraph_file_requestor_rceexploit/multi/http/spree_search_execexploit/multi/http/spree_searchlogic_execexploit/multi/http/struts_code_exec_parametersexploit/multi/http/vtiger_install_rceexploit/multi/http/werkzeug_debug_rceexploit/multi/http/zemra_panel_rceexploit/multi/http/zpanel_information_disclosure_rceexploit/multi/http/joomla_http_header_rceexploit/unix/webapp/joomla_akeeba_unserializeexploit/unix/webapp/joomla_comjce_imgmanagerexploit/unix/webapp/joomla_contenthistory_sqli_rceexploit/unix/webapp/joomla_media_upload_execexploit/multi/http/builderengine_upload_execexploit/multi/http/caidao_php_backdoor_execexploit/multi/http/atutor_sqliexploit/multi/http/ajaxplorer_checkinstall_execexploit/multi/http/apache_activemq_upload_jspexploit/unix/webapp/wp_lastpost_execexploit/unix/webapp/wp_mobile_detector_upload_executeexploit/multi/http/axis2_deployerexploit/unix/webapp/wp_foxypress_uploadexploit/linux/http/tr064_ntpserver_cmdinjectexploit/linux/misc/quest_pmmasterd_bofexploit/multi/http/wp_ninja_forms_unauthenticated_file_uploadexploit/unix/webapp/php_xmlrpc_evalexploit/unix/webapp/wp_admin_shell_uploadexploit/linux/http/sophos_wpa_sblistpack_execexploit/linux/local/sophos_wpa_clear_keysexploit/multi/http/zpanel_information_disclosure_rceauxiliary/admin/cisco/cisco_asa_extrabaconauxiliary/admin/cisco/cisco_secure_acs_bypassauxiliary/admin/cisco/vpn_3000_ftp_bypassexploit/bsdi/softcart/mercantec_softcartexploit/freebsd/misc/citrix_netscaler_soap_bofexploit/freebsd/samba/trans2openexploit/linux/ftp/proftp_sreplaceexploit/linux/http/dcos_marathonexploit/linux/http/f5_icall_cmdexploit/linux/http/fritzbox_echo_execexploit/linux/http/gitlist_execexploit/linux/http/goautodial_3_rce_command_injectionexploit/linux/http/ipfire_bashbug_execexploit/linux/http/ipfire_oinkcode_execexploit/linux/http/ipfire_proxy_execexploit/linux/http/kaltura_unserialize_rceexploit/linux/http/lifesize_uvc_ping_rceexploit/linux/http/nagios_xi_chained_rceexploit/linux/http/netgear_dgn1000_setup_unauth_execexploit/linux/http/netgear_wnr2000_rceexploit/linux/http/nuuo_nvrmini_auth_rceexploit/linux/http/nuuo_nvrmini_unauth_rceexploit/linux/http/op5_config_execexploit/linux/http/pandora_fms_execexploit/linux/http/pineapple_preconfig_cmdinjectexploit/linux/http/seagate_nas_php_exec_noauthexploit/linux/http/symantec_messaging_gateway_execexploit/linux/http/trendmicro_imsva_widget_execexploit/linux/http/trueonline_billion_5200w_rceexploit/linux/http/trueonline_p660hn_v1_rceexploit/linux/http/trueonline_p660hn_v2_rceexploit/linux/http/vcms_uploadexploit/linux/misc/lprng_format_stringexploit/linux/misc/mongod_native_helperexploit/linux/misc/ueb9_bpserverdexploit/linux/mysql/mysql_yassl_getnameexploit/linux/pop3/cyrus_pop3d_popsubfoldersexploit/linux/postgres/postgres_payloadexploit/linux/pptp/poptop_negative_readexploit/linux/proxy/squid_ntlm_authenticateexploit/linux/samba/lsa_transnames_heapexploit/linux/samba/setinfopolicy_heapexploit/linux/samba/trans2openexploit/multi/elasticsearch/script_mvel_rceexploit/multi/elasticsearch/search_groovy_scriptexploit/multi/http/atutor_sqliexploit/multi/http/axis2_deployerexploit/multi/http/familycms_less_exeexploit/multi/http/freenas_exec_rawexploit/multi/http/gestioip_execexploit/multi/http/glassfish_deployerexploit/multi/http/glpi_install_rceexploit/multi/http/joomla_http_header_rceexploit/multi/http/makoserver_cmd_execexploit/multi/http/novell_servicedesk_rcexploit/multi/http/oracle_reports_rceexploit/multi/http/php_utility_belt_rceexploit/multi/http/phpfilemanager_rceexploit/multi/http/phpmyadmin_3522_backdoorexploit/multi/http/phpwiki_ploticus_execexploit/multi/http/processmaker_execexploit/multi/http/rails_actionpack_inline_execexploit/multi/http/rails_dynamic_render_code_execexploit/multi/http/rails_secret_deserializationexploit/multi/http/rocket_servergraph_file_requestor_rceexploit/multi/http/simple_backdoors_execexploit/multi/http/spree_search_execexploit/multi/http/spree_searchlogic_execexploit/multi/http/struts2_rest_xstreamexploit/multi/http/struts_code_execexploit/multi/http/struts_code_exec_classloaderexploit/multi/http/struts_code_exec_parametersexploit/multi/http/struts_dev_modeexploit/multi/http/sysaid_auth_file_uploadexploit/multi/http/tomcat_jsp_upload_bypassexploit/multi/http/vtiger_install_rceexploit/multi/http/werkzeug_debug_rceexploit/multi/http/zemra_panel_rceexploit/multi/http/zpanel_information_disclosure_rceexploit/multi/ids/snort_dce_rpcexploit/multi/misc/batik_svg_javaexploit/multi/misc/pbot_execexploit/multi/misc/veritas_netbackup_cmdexecexploit/multi/mysql/mysql_udf_payloadexploit/multi/php/php_unserialize_zval_cookieexploit/unix/http/freepbx_callmenumexploit/unix/http/lifesize_roomexploit/unix/http/pfsense_clickjackingexploit/unix/http/pfsense_group_member_execexploit/unix/http/tnftp_savefileexploit/unix/misc/polycom_hdx_traceroute_execexploit/unix/webapp/awstats_migrate_execexploit/unix/webapp/carberp_backdoor_execexploit/unix/webapp/citrix_access_gateway_execexploit/unix/webapp/dogfood_spell_execexploit/unix/webapp/invision_pboard_unserialize_execexploit/unix/webapp/joomla_contenthistory_sqli_rceexploit/unix/webapp/mybb_backdoorexploit/unix/webapp/opensis_modname_execexploit/unix/webapp/oscommerce_filemanagerexploit/unix/webapp/piwik_superuser_plugin_uploadexploit/unix/webapp/tikiwiki_upload_execexploit/unix/webapp/webtester_execexploit/unix/webapp/wp_phpmailer_host_headerexploit/unix/webapp/wp_total_cache_execexploit/windows/antivirus/symantec_endpoint_manager_rceexploit/windows/http/ektron_xslt_execexploit/windows/http/ektron_xslt_exec_wsexploit/windows/http/geutebrueck_gcore_x64_rce_boexploit/windows/http/hp_autopass_license_traversalexploit/windows/http/manage_engine_opmanager_rceexploit/windows/http/netgear_nms_rceexploit/windows/http/sepm_auth_bypass_rceexploit/windows/http/trendmicro_officescan_widget_execexploit/windows/iis/iis_webdav_upload_aspexploit/windows/iis/msadcexploit/windows/misc/manageengine_eventlog_analyzer_rceexploit/windows/novell/file_reporter_fsfui_uploadexploit/windows/scada/ge_proficy_cimplicity_gefebtexploit/windows/smb/ipass_pipe_execexploit/windows/smb/smb_relayauxiliary/sqli/oracle/jvm_os_code_10gauxiliary/sqli/oracle/jvm_os_code_11gauxiliary/fuzzers/dns/dns_fuzzerauxiliary/fuzzers/ftp/client_ftpauxiliary/fuzzers/ftp/ftp_pre_postauxiliary/fuzzers/http/http_form_fieldauxiliary/fuzzers/http/http_get_uri_longauxiliary/fuzzers/http/http_get_uri_stringsauxiliary/fuzzers/ntp/ntp_protocol_fuzzerauxiliary/fuzzers/smb/smb2_negotiate_corruptauxiliary/fuzzers/smb/smb_create_pipeauxiliary/fuzzers/smb/smb_create_pipe_corruptauxiliary/fuzzers/smb/smb_negotiate_corruptauxiliary/fuzzers/smb/smb_ntlm1_login_corruptauxiliary/fuzzers/smb/smb_tree_connectauxiliary/fuzzers/smb/smb_tree_connect_corruptauxiliary/fuzzers/smtp/smtp_fuzzerauxiliary/fuzzers/ssh/ssh_kexinit_corruptauxiliary/fuzzers/ssh/ssh_version_15auxiliary/fuzzers/ssh/ssh_version_2auxiliary/fuzzers/ssh/ssh_version_corruptauxiliary/fuzzers/tds/tds_login_corruptauxiliary/fuzzers/tds/tds_login_username
AutoSploit的安装非常简单,可使用下列方法进行下载安装。
项目克隆
sudo -s << EOFgit clone https://github.com/NullArray/Autosploit.gitcd AutoSploitchmod +x install.sh./install.shpython2 autosploit.pyEOF
Docker
sudo -s << EOFgit clone https://github.com/NullArray/AutoSploit.gitcd AutoSploitchmod +x install.sh./installshcd AutoSploit/Dockerdocker network create -d bridge haknetdocker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgresdocker build -t autosploit .docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploitEOF
依赖组件
AutoSploit目前需要使用下列Python 2.7模块:
requestspsutil
大家可以使用pip命令完成依赖组件的安装:
pip install requests psutil
或者
pip install -r requirements.txt
在命令行中输入命令“python autosploit.py”即可打开AutoSploit终端会话:
usage:python autosploit.py -[c|z|s|a] -[q] QUERY[-C] WORKSPACELHOST LPORT [-e] [--whitewash] PATH[--ruby-exec][--msf-path] PATH [-E] EXPLOIT-FILE-PATH[--rand-agent] [--proxy]PROTO://IP:PORT [-P] AGENToptional arguments:-h, --help show this help message and exitsearch engines:possible search engines to use-c, --censys use censys.io as the search engine togather hosts-z, --zoomeye use zoomeye.org as the search engineto gather hosts-s, --shodan use shodan.io as the search engine togather hosts-a, --all search all available searchengines to gather hostsrequests:arguments to edit your requests--proxy PROTO://IP:PORTrun behind a proxywhile performing the searches--random-agent use a random HTTP User-Agent header-P USER-AGENT, --personal-agent USER-AGENTpass a personalUser-Agent to use for HTTP requests-q QUERY, --query QUERYpass your search queryexploits:arguments to edit your exploits-E PATH, --exploit-file PATHprovide a text file toconvert into JSON and save forlater use-C WORKSPACE LHOST LPORT, --config WORKSPACELHOST LPORTset the configurationfor MSF (IE -C default 127.0.0.18080)-e, --exploit start exploiting the already gatheredhostsmiscarguments:arguments that don't fit anywhere else--ruby-exec if you need to run the Rubyexecutable with MSF usethis--msf-path MSF-PATH pass the path to your framework if it is notin yourENV PATH--whitelist PATH only exploit hosts listed in thewhitelist file
AutoSplit项目地址:
https://github.com/NullArray/AutoSploit
GitHubRelase:
https://github.com/NullArray/AutoSploit/releases
