Autosploit: Advanced Remote Host Mass Exploitation

With this tool, you can easily launch an attack on a remote host within a fairly short time. This is made possible due to the availability of Shodan, a powerful search engine that allows you to automatically fish out targets that are connected to a particular network service. Alternatively, you can also use target seeking tools such as Zoomeye and Censys to search out intended targets.

Apart from the automated host searching and collection, AutoSploit also gives you the option of creating your own customized target list. With this option in place, you can effectively launch attack-intended searches on hosts of your choice by manually adding them to your list.

Metasploit Modules and How They Work Together

AutoSploit Features:

• Automated Target Collection
• Customized Target List (allows you to add your own list of targets)
• Metasploit Modules
• Custom user-agent
• Mass exploitations

Supported Platforms:

• Linux
• OS X (must be within virtual environments to properly function)

Dependencies:

This tool relies on the below Python 2.7 modules:

• requests
• psutil

The required dependencies should all be in place after performing an installation with the recommended method, but you can easily install them using pip:

$ pip install -r requirements.txt

Alternatively:

$ pip install requests psutil

Autosploit Install

Install AutoSploit via Docker Compose:

Clone the repo:

$ git clone https://github.com/NullArray/AutoSploit.git

Navigate to the Autosploit directory and run:

$ cd Autosploit/Docker
$ docker-compose run --rm autosploit

Install AutoSploit on Linux (via cloning)

Clone:

$ git clone https://github.com/NullArray/AutoSploit

Navigate to the AutoSploit directory, make the install script executable and install:

$ cd AutoSploit
$ chmod +x install.sh
$ ./install.sh

Usage

To start AutoSploit run:

$ python autosploit.py

This will take you to the available user options that you can choose from.

usage: python autosploit.py -[c|z|s|a] -[q] QUERY
                            [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH
                            [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH
                            [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT

optional arguments:
  -h, --help            show this help message and exit

search engines:
  possible search engines to use

  -c, --censys          use censys.io as the search engine to gather hosts
  -z, --zoomeye         use zoomeye.org as the search engine to gather hosts
  -s, --shodan          use shodan.io as the search engine to gather hosts
  -a, --all             search all available search engines to gather hosts

requests:
  arguments to edit your requests

  --proxy PROTO://IP:PORT
                        run behind a proxy while performing the searches
  --random-agent        use a random HTTP User-Agent header
  -P USER-AGENT, --personal-agent USER-AGENT
                        pass a personal User-Agent to use for HTTP requests
  -q QUERY, --query QUERY
                        pass your search query

exploits:
  arguments to edit your exploits

  -E PATH, --exploit-file PATH
                        provide a text file to convert into JSON and save for
                        later use
  -C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT
                        set the configuration for MSF (IE -C default 127.0.0.1
                        8080)
  -e, --exploit         start exploiting the already gathered hosts

misc arguments:
  arguments that don't fit anywhere else

  --ruby-exec           if you need to run the Ruby executable with MSF use
                        this
  --msf-path MSF-PATH   pass the path to your framework if it is not in your
                        ENV PATH
  --whitelist PATH      only exploit hosts listed in the whitelist file

The post AutoSploit: Automated Mass Exploiter appeared first on Tech Chronicles.

Hackronian contains a diverse range of tools which allow the user to gain information, attack targets, perform sniffing and snooping on targets and perform post exploitation operations on the target. This main benefit of this suite is that all these different tools are available in one place and the user can experiment with different tools within the same terminal. The secondary benefit of this tool is that it can be installed on Android with all the same features.

Features:

• Contains more than 50 different tools
• Modules range from information gathering to post exploitation
• Available for both Android and Linux
• Perfect for creating a penetration testing workflow

HACKTRONIAN Menu :

• Information Gathering
• Password Attacks
• Wireless Testing
• Exploitation Tools
• Sniffing & Spoofing
• Web Hacking
• Private Web Hacking
• Post Exploitation
• Install The HACKTRONIAN

Information Gathering:

• Nmap
• Setoolkit
• Port Scanning
• Host To IP
• wordpress user
• CMS scanner
• XSStrike
• Dork – Google Dorks Passive Vulnerability Auditor
• Scan A server’s Users
• Crips

Password Attacks:

• Cupp
• Ncrack

Wireless Testing:

• reaver
• pixiewps
• Fluxion

Exploitation Tools:

• ATSCAN
• sqlmap
• Shellnoob
• commix
• FTP Auto Bypass
• jboss-autopwn

Sniffing & Spoofing:

• Setoolkit
• SSLtrip
• pyPISHER
• SMTP Mailer

Web Hacking:

• Drupal Hacking
• Inurlbr
• WordPress & Joomla Scanner
• Gravity Form Scanner
• File Upload Checker
• WordPress Exploit Scanner
• WordPress Plugins Scanner
• Shell and Directory Finder
• Joomla! 1.5 – 3.4.5 remote code execution
• Vbulletin 5.X remote code execution
• BruteX – Automatically brute force all services running on a target
• Arachni – Web Application Security Scanner Framework

Private Web Hacking:

• Get all websites
• Get joomla websites
• Get wordpress websites
• Control Panel Finder
• Zip Files Finder
• Upload File Finder
• Get server users
• SQli Scanner
• Ports Scan (range of ports)
• ports Scan (common ports)
• Get server Info
• Bypass Cloudflare

Post Exploitation:

• Shell Checker
• POET
• Weeman

Supported Platforms:

• Linux
• Android (Termux)

Installation in Linux :

This Tool Must Run As ROOT !!!

git clone https://github.com/thehackingsage/hacktronian.git

cd hacktronian

chmod +x install.sh

./install.sh

That’s it.. you can execute tool by typing hacktronian

Installation in Android :

Open Termux

pkg install git

pkg install python

git clone https://github.com/thehackingsage/hacktronian.git

cd hacktronian

chmod +x hacktronian.py

python2 hacktronian.py

Video Tutorial :

YouTube : https://www.youtube.com/watch?v=1LJlyQAQby4

Hacktronian Usage

To execute Hacktronian, run:

$ hacktronian

 _   _    _    ____ _  _______ ____   ___  _   _ ___    _    _   _ 
| | | |  / \  / ___| |/ /_   _|  _ \ / _ \| \ | |_ _|  / \  | \ | |
| |_| | / _ \| |   | ' /  | | | |_) | | | |  \| || |  / _ \ |  \| |
|  _  |/ ___ \ |___| . \  | | |  _ <| |_| | |\  || | / ___ \| |\  |
|_| |_/_/   \_\____|_|\_\ |_| |_| \_\_ __/|_| \_|___/_/   \_\_| \_|
 
[!] This Tool Must Run As ROOT [!] https://linktr.ee/thehackingsage
 
   {1}--Information Gathering
   {2}--Password Attacks
   {3}--Wireless Testing
   {4}--Exploitation Tools
   {5}--Sniffing & Spoofing
   {6}--Web Hacking
   {7}--Private Web Hacking
   {8}--Post Exploitation
   {0}--Install The HACKTRONIAN
   {99}-Exit
 
hacktronian~#

Download: https://github.com/thehackingsage/hacktronian

The post Hacktronian: All in One Hacking Tool for Linux appeared first on Tech Chronicles.