Skip to content

PR #133 cleaned - Autosploit Automation #134

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Apr 10, 2018
Merged

PR #133 cleaned - Autosploit Automation #134

merged 4 commits into from
Apr 10, 2018

Conversation

Selora
Copy link
Contributor

@Selora Selora commented Apr 9, 2018
edited
Loading

#133 Rebased and cleaned.

PR Breakdown:

  • Bash scripts wrappers around autosploit. Could be use to test against a whitelist of your organisation's IP addresses.
  • Vagrantfile skeleton and provisioning file (used with lightsail provider). Environment dependant, use as a starting point.
  • Removed fuzzers from default modules JSON file. The fuzzer modules would block the script's execution forever. They are moved into a new json file. They can be run using the interactive terminal or specifying the JSON explicitly with --exploit-file-to-use
  • Bugfixes for PR Autosploit automation #132 . Fail/Success counters fix.
  • Improvements: Meterperter now starts in background, which allows an operator to run msfconsole into the corresponding workspace and interact with the new session while Autosploit is still finishing the remaining exploits in background.

Bash script usage:

./dryrun_autosploit.sh whitelist.txt "search_query"
Will search censys/shodan/etc and do a dry-run against discovered hosts that are in the whitelist.
This will generate a report containing the dry-run results for every hosts in the whitelist.
This does NOT exploit anything.

./run_autosploit.sh
Will run autosploit in exploit mode against previously discovered hosts in the whitelist.
This will generate a report with MSF results for every hosts in the whitelist.

Important:

  • You should do a dry-run before running "run_autosploit.sh".
  • Make sure that the whitelist is sound with a given scope, and validate against the dry-run report.
  • In other words, VALIDATE THE DRYRUN REPORT BEFORE LAUNCHING THE EXPLOIT RUN.

The code to compare each hosts against a whitelist hasn't been thoroughly tested. If you don't validate a dryrun report and run the "run_autosploit.sh" script, and you hit hosts that are outside your given scope, you have been warned. Run at your own risks.

selora added 4 commits April 9, 2018 17:35
Scripts to automate autosploit.
697e05a 
./dryrun_autosploit.sh will search censys/shodan/etc and do a dry-run against discovered hosts that are in the whitelist.
VALIDATE THE DRYRUN REPORT BEFORE LAUNCHING THE ACTUAL EXPLOIT RUN
./run_autosploit.sh will run autosploit in exploit mode against previously discovered hosts in the whitelist.
Removed blocking MSF modules from default module list.
fc60359 
Added a fuzzers-only json file.
In the same idea, Trans2open exploits are taking about 2h+ per host to run.
Maybe implement a "long run" feature in the next release?
Added a vagrant config to easily deploy autosploit to aws-lightsail.
af317aa 
COMES WITHOUT WARRANTY. Use as a starting point.
Tweaks to make it usable for dev:
	- Setup a synced folder with your autosploit dev in the Vagrantfile
		Refer to vagrant doc.
	- Use vagrant rsync-auto

Since vagrant file cannot really be shared as-is, some tweakings might be necessary.
Try:
-Modifying the Vagrantfile according to your ssh keys path
-Installing the aws-cli pacakge
-Configuring ~/.aws directory
Bugfix and improvements:
c6852de 
Successful exploits will start meterpreter in background.
Fixed counter for successful exploits/failed exploits bug, counting success/failure occurence, not line outputs.
Success/failures now grepping escaped MSF output for success/failures.
Grepping for keywords such as "Meterpreter", "Session" for success.
@Selora Selora changed the title Dev beta (clean) PR #133 cleaned - Autosploit Automation Apr 9, 2018
NullArray
NullArray approved these changes Apr 9, 2018
View reviewed changes
Copy link
Owner

@NullArray NullArray left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good to me, if @Ekultek agrees as well we can go ahead and merge as far as i am concerned.

@NullArray NullArray requested a review from Ekultek April 9, 2018 22:26
@Ekultek
Copy link
Contributor

Ekultek commented Apr 9, 2018

Love it

@Ekultek
Copy link
Contributor

Ekultek commented Apr 10, 2018

Merging

@Ekultek Ekultek merged commit 4506271 into NullArray:dev-beta Apr 10, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NullArray NullArray NullArray approved these changes

+1 more reviewer

@Ekultek Ekultek Ekultek approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Selora @Ekultek @NullArray