AutoSploit:一款以Python编码的自动化大规模漏洞测试工具

可能大家之前已经使用过AutpSploit这款自动化漏洞利用工具了,但是这款工具现在又进行了大幅度改进。

AutoSploit= Shodan/Censys/Zoomeye + Metasploit

可能大家之前已经使用过AutpSploit这款自动化漏洞利用工具了,但是这款工具现在又进行了大幅度改进。

AutoSploit是什么?

AutoSploit是一款采用Python开发的自动化大规模漏洞利用工具,它可以利用Shodan、Censys或Zoomeye搜索引擎来定位攻击目标,用户可以随意选择使用其中任意一个。设置好需要攻击的目标之后,该工具可以启动相关的Metasploit模块来实施攻击。默认配置下,AutoSploit提供了超过三百中预定义的Metasploit模块,用户可以用它们在不同操作系统主机、Web应用程序和入侵检测系统等基础设施上实现代码执行。当然了,用户也可以通过修改etc/json/default_modules.json文件来添加新的模块。

下面给出的是AutoSploit默认自带的MetaSploit模块列表:

exploit/windows/ftp/ms09_053_ftpd_nlst
exploit/windows/firewall/blackice_pam_icq
exploit/windows/http/amlibweb_webquerydll_app
exploit/windows/http/ektron_xslt_exec_ws
exploit/windows/http/umbraco_upload_aspx
exploit/windows/iis/iis_webdav_scstoragepathfromurl
exploit/windows/iis/iis_webdav_upload_asp
exploit/windows/iis/ms01_023_printer
exploit/windows/iis/ms01_026_dbldecode
exploit/windows/iis/ms01_033_idq
exploit/windows/iis/ms02_018_htr
exploit/windows/iis/ms02_065_msadc
exploit/windows/iis/ms03_007_ntdll_webdav
exploit/windows/iis/msadc
exploit/windows/isapi/ms00_094_pbserver
exploit/windows/isapi/ms03_022_nsiislog_post
exploit/windows/isapi/ms03_051_fp30reg_chunked
exploit/windows/isapi/rsa_webagent_redirect
exploit/windows/isapi/w3who_query
exploit/windows/scada/advantech_webaccess_dashboard_file_upload
exploit/windows/ssl/ms04_011_pct
exploit/freebsd/http/watchguard_cmd_exec
exploit/linux/http/alienvault_exec
exploit/linux/http/alienvault_sqli_exec
exploit/linux/http/astium_sqli_upload
exploit/linux/http/centreon_sqli_exec
exploit/linux/http/centreon_useralias_exec
exploit/linux/http/crypttech_cryptolog_login_exec
exploit/linux/http/dolibarr_cmd_exec
exploit/linux/http/goautodial_3_rce_command_injection
exploit/linux/http/kloxo_sqli
exploit/linux/http/nagios_xi_chained_rce
exploit/linux/http/netgear_wnr2000_rce
exploit/linux/http/pandora_fms_sqli
exploit/linux/http/riverbed_netprofiler_netexpress_exe
exploit/linux/http/wd_mycloud_multiupload_upload
exploit/linux/http/zabbix_sqli
exploit/linux/misc/qnap_transcode_server
exploit/linux/mysql/mysql_yassl_getname
exploit/linux/mysql/mysql_yassl_hello
exploit/linux/postgres/postgres_payload
exploit/linux/samba/is_known_pipename
exploit/multi/browser/java_jre17_driver_manager
exploit/multi/http/atutor_sqli
exploit/multi/http/dexter_casinoloader_exec
exploit/multi/http/drupal_drupageddon
exploit/multi/http/manage_engine_dc_pmp_sqli
exploit/multi/http/manageengine_search_sqli
exploit/multi/http/movabletype_upgrade_exec
exploit/multi/http/php_volunteer_upload_exe
exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli
exploit/multi/http/splunk_mappy_exec
exploit/multi/http/testlink_upload_exec
exploit/multi/http/zpanel_information_disclosure_rce
exploit/multi/misc/legend_bot_exec
exploit/multi/mysql/mysql_udf_payload
exploit/multi/postgres/postgres_createlang
exploit/solaris/sunrpc/ypupdated_exec
exploit/unix/ftp/proftpd_133c_backdoor
exploit/unix/http/tnftp_savefile
exploit/unix/webapp/joomla_contenthistory_sqli_rce
exploit/unix/webapp/kimai_sqli
exploit/unix/webapp/openemr_sqli_privesc_upload
exploit/unix/webapp/seportal_sqli_exec
exploit/unix/webapp/vbulletin_vote_sqli_exec
exploit/unix/webapp/vicidial_manager_send_cmd_exec
exploit/windows/antivirus/symantec_endpoint_manager_rce
exploit/windows/http/apache_mod_rewrite_ldap
exploit/windows/http/ca_totaldefense_regeneratereports
exploit/windows/http/cyclope_ess_sqli
exploit/windows/http/hp_mpa_job_acct
exploit/windows/http/solarwinds_storage_manager_sql
exploit/windows/http/sonicwall_scrutinizer_sql
exploit/windows/misc/altiris_ds_sqli
exploit/windows/misc/fb_cnct_group
exploit/windows/misc/lianja_db_net
exploit/windows/misc/manageengine_eventlog_analyzer_rce
exploit/windows/mssql/lyris_listmanager_weak_pass
exploit/windows/mssql/ms02_039_slammer
exploit/windows/mssql/ms09_004_sp_replwritetovarbin
exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli
exploit/windows/mssql/mssql_linkcrawler
exploit/windows/mssql/mssql_payload
exploit/windows/mssql/mssql_payload_sqli
exploit/windows/mysql/mysql_mof
exploit/windows/mysql/mysql_start_up
exploit/windows/mysql/mysql_yassl_hello
exploit/windows/mysql/scrutinizer_upload_exec
exploit/windows/postgres/postgres_payload
exploit/windows/scada/realwin_on_fcs_login
exploit/multi/http/rails_actionpack_inline_exec
exploit/multi/http/rails_dynamic_render_code_exec
exploit/multi/http/rails_json_yaml_code_exec
exploit/multi/http/rails_secret_deserialization
exploit/multi/http/rails_web_console_v2_code_exec
exploit/multi/http/rails_xml_yaml_code_exec
exploit/multi/http/rocket_servergraph_file_requestor_rce
exploit/multi/http/phpmoadmin_exec
exploit/multi/http/phpmyadmin_3522_backdoor
exploit/multi/http/phpmyadmin_preg_replace
exploit/multi/http/phpscheduleit_start_date
exploit/multi/http/phptax_exec
exploit/multi/http/phpwiki_ploticus_exec
exploit/multi/http/plone_popen2
exploit/multi/http/pmwiki_pagelist
exploit/multi/http/joomla_http_header_rce
exploit/multi/http/novell_servicedesk_rce
exploit/multi/http/oracle_reports_rce
exploit/multi/http/php_utility_belt_rce
exploit/multi/http/phpfilemanager_rce
exploit/multi/http/processmaker_exec
exploit/multi/http/rocket_servergraph_file_requestor_rce
exploit/multi/http/spree_search_exec
exploit/multi/http/spree_searchlogic_exec
exploit/multi/http/struts_code_exec_parameters
exploit/multi/http/vtiger_install_rce
exploit/multi/http/werkzeug_debug_rce
exploit/multi/http/zemra_panel_rce
exploit/multi/http/zpanel_information_disclosure_rce
exploit/multi/http/joomla_http_header_rce
exploit/unix/webapp/joomla_akeeba_unserialize
exploit/unix/webapp/joomla_comjce_imgmanager
exploit/unix/webapp/joomla_contenthistory_sqli_rce
exploit/unix/webapp/joomla_media_upload_exec
exploit/multi/http/builderengine_upload_exec
exploit/multi/http/caidao_php_backdoor_exec
exploit/multi/http/atutor_sqli
exploit/multi/http/ajaxplorer_checkinstall_exec
exploit/multi/http/apache_activemq_upload_jsp
exploit/unix/webapp/wp_lastpost_exec
exploit/unix/webapp/wp_mobile_detector_upload_execute
exploit/multi/http/axis2_deployer
exploit/unix/webapp/wp_foxypress_upload
exploit/linux/http/tr064_ntpserver_cmdinject
exploit/linux/misc/quest_pmmasterd_bof
exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload
exploit/unix/webapp/php_xmlrpc_eval
exploit/unix/webapp/wp_admin_shell_upload
exploit/linux/http/sophos_wpa_sblistpack_exec
exploit/linux/local/sophos_wpa_clear_keys
exploit/multi/http/zpanel_information_disclosure_rce
auxiliary/admin/cisco/cisco_asa_extrabacon
auxiliary/admin/cisco/cisco_secure_acs_bypass
auxiliary/admin/cisco/vpn_3000_ftp_bypass
exploit/bsdi/softcart/mercantec_softcart
exploit/freebsd/misc/citrix_netscaler_soap_bof
exploit/freebsd/samba/trans2open
exploit/linux/ftp/proftp_sreplace
exploit/linux/http/dcos_marathon
exploit/linux/http/f5_icall_cmd
exploit/linux/http/fritzbox_echo_exec
exploit/linux/http/gitlist_exec
exploit/linux/http/goautodial_3_rce_command_injection
exploit/linux/http/ipfire_bashbug_exec
exploit/linux/http/ipfire_oinkcode_exec
exploit/linux/http/ipfire_proxy_exec
exploit/linux/http/kaltura_unserialize_rce
exploit/linux/http/lifesize_uvc_ping_rce
exploit/linux/http/nagios_xi_chained_rce
exploit/linux/http/netgear_dgn1000_setup_unauth_exec
exploit/linux/http/netgear_wnr2000_rce
exploit/linux/http/nuuo_nvrmini_auth_rce
exploit/linux/http/nuuo_nvrmini_unauth_rce
exploit/linux/http/op5_config_exec
exploit/linux/http/pandora_fms_exec
exploit/linux/http/pineapple_preconfig_cmdinject
exploit/linux/http/seagate_nas_php_exec_noauth
exploit/linux/http/symantec_messaging_gateway_exec
exploit/linux/http/trendmicro_imsva_widget_exec
exploit/linux/http/trueonline_billion_5200w_rce
exploit/linux/http/trueonline_p660hn_v1_rce
exploit/linux/http/trueonline_p660hn_v2_rce
exploit/linux/http/vcms_upload
exploit/linux/misc/lprng_format_string
exploit/linux/misc/mongod_native_helper
exploit/linux/misc/ueb9_bpserverd
exploit/linux/mysql/mysql_yassl_getname
exploit/linux/pop3/cyrus_pop3d_popsubfolders
exploit/linux/postgres/postgres_payload
exploit/linux/pptp/poptop_negative_read
exploit/linux/proxy/squid_ntlm_authenticate
exploit/linux/samba/lsa_transnames_heap
exploit/linux/samba/setinfopolicy_heap
exploit/linux/samba/trans2open
exploit/multi/elasticsearch/script_mvel_rce
exploit/multi/elasticsearch/search_groovy_script
exploit/multi/http/atutor_sqli
exploit/multi/http/axis2_deployer
exploit/multi/http/familycms_less_exe
exploit/multi/http/freenas_exec_raw
exploit/multi/http/gestioip_exec
exploit/multi/http/glassfish_deployer
exploit/multi/http/glpi_install_rce
exploit/multi/http/joomla_http_header_rce
exploit/multi/http/makoserver_cmd_exec
exploit/multi/http/novell_servicedesk_rc
exploit/multi/http/oracle_reports_rce
exploit/multi/http/php_utility_belt_rce
exploit/multi/http/phpfilemanager_rce
exploit/multi/http/phpmyadmin_3522_backdoor
exploit/multi/http/phpwiki_ploticus_exec
exploit/multi/http/processmaker_exec
exploit/multi/http/rails_actionpack_inline_exec
exploit/multi/http/rails_dynamic_render_code_exec
exploit/multi/http/rails_secret_deserialization
exploit/multi/http/rocket_servergraph_file_requestor_rce
exploit/multi/http/simple_backdoors_exec
exploit/multi/http/spree_search_exec
exploit/multi/http/spree_searchlogic_exec
exploit/multi/http/struts2_rest_xstream
exploit/multi/http/struts_code_exec
exploit/multi/http/struts_code_exec_classloader
exploit/multi/http/struts_code_exec_parameters
exploit/multi/http/struts_dev_mode
exploit/multi/http/sysaid_auth_file_upload
exploit/multi/http/tomcat_jsp_upload_bypass
exploit/multi/http/vtiger_install_rce
exploit/multi/http/werkzeug_debug_rce
exploit/multi/http/zemra_panel_rce
exploit/multi/http/zpanel_information_disclosure_rce
exploit/multi/ids/snort_dce_rpc
exploit/multi/misc/batik_svg_java
exploit/multi/misc/pbot_exec
exploit/multi/misc/veritas_netbackup_cmdexec
exploit/multi/mysql/mysql_udf_payload
exploit/multi/php/php_unserialize_zval_cookie
exploit/unix/http/freepbx_callmenum
exploit/unix/http/lifesize_room
exploit/unix/http/pfsense_clickjacking
exploit/unix/http/pfsense_group_member_exec
exploit/unix/http/tnftp_savefile
exploit/unix/misc/polycom_hdx_traceroute_exec
exploit/unix/webapp/awstats_migrate_exec
exploit/unix/webapp/carberp_backdoor_exec
exploit/unix/webapp/citrix_access_gateway_exec
exploit/unix/webapp/dogfood_spell_exec
exploit/unix/webapp/invision_pboard_unserialize_exec
exploit/unix/webapp/joomla_contenthistory_sqli_rce
exploit/unix/webapp/mybb_backdoor
exploit/unix/webapp/opensis_modname_exec
exploit/unix/webapp/oscommerce_filemanager
exploit/unix/webapp/piwik_superuser_plugin_upload
exploit/unix/webapp/tikiwiki_upload_exec
exploit/unix/webapp/webtester_exec
exploit/unix/webapp/wp_phpmailer_host_header
exploit/unix/webapp/wp_total_cache_exec
exploit/windows/antivirus/symantec_endpoint_manager_rce
exploit/windows/http/ektron_xslt_exec
exploit/windows/http/ektron_xslt_exec_ws
exploit/windows/http/geutebrueck_gcore_x64_rce_bo
exploit/windows/http/hp_autopass_license_traversal
exploit/windows/http/manage_engine_opmanager_rce
exploit/windows/http/netgear_nms_rce
exploit/windows/http/sepm_auth_bypass_rce
exploit/windows/http/trendmicro_officescan_widget_exec
exploit/windows/iis/iis_webdav_upload_asp
exploit/windows/iis/msadc
exploit/windows/misc/manageengine_eventlog_analyzer_rce
exploit/windows/novell/file_reporter_fsfui_upload
exploit/windows/scada/ge_proficy_cimplicity_gefebt
exploit/windows/smb/ipass_pipe_exec
exploit/windows/smb/smb_relay
auxiliary/sqli/oracle/jvm_os_code_10g
auxiliary/sqli/oracle/jvm_os_code_11g
auxiliary/fuzzers/dns/dns_fuzzer
auxiliary/fuzzers/ftp/client_ftp
auxiliary/fuzzers/ftp/ftp_pre_post
auxiliary/fuzzers/http/http_form_field
auxiliary/fuzzers/http/http_get_uri_long
auxiliary/fuzzers/http/http_get_uri_strings
auxiliary/fuzzers/ntp/ntp_protocol_fuzzer
auxiliary/fuzzers/smb/smb2_negotiate_corrupt
auxiliary/fuzzers/smb/smb_create_pipe
auxiliary/fuzzers/smb/smb_create_pipe_corrupt
auxiliary/fuzzers/smb/smb_negotiate_corrupt
auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt
auxiliary/fuzzers/smb/smb_tree_connect
auxiliary/fuzzers/smb/smb_tree_connect_corrupt
auxiliary/fuzzers/smtp/smtp_fuzzer
auxiliary/fuzzers/ssh/ssh_kexinit_corrupt
auxiliary/fuzzers/ssh/ssh_version_15
auxiliary/fuzzers/ssh/ssh_version_2
auxiliary/fuzzers/ssh/ssh_version_corrupt
auxiliary/fuzzers/tds/tds_login_corrupt
auxiliary/fuzzers/tds/tds_login_username

工具安装

AutoSploit的安装非常简单,你可以点击【这里】下载最新发布的版本,或者使用下列方法进行下载安装。

项目克隆

sudo -s << EOF
git clone https://github.com/NullArray/Autosploit.git
cd AutoSploit
chmod +x install.sh
./install.sh
python2 autosploit.py
EOF

Docker

sudo -s << EOF
git clone https://github.com/NullArray/AutoSploit.git
cd AutoSploit
chmod +x install.sh
./installsh
cd AutoSploit/Docker
docker network create -d bridge haknet
docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres
docker build -t autosploit .
docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit
EOF

依赖组件

AutoSploit目前需要使用下列Python 2.7模块:

requests
psutil

大家可以使用pip命令完成依赖组件的安装:

pip install requests psutil

或者

pip install -r requirements.txt

工具使用

在命令行中输入命令“python autosploit.py”即可打开AutoSploit终端会话:

usage:python autosploit.py -[c|z|s|a] -[q] QUERY
                            [-C] WORKSPACELHOST LPORT [-e] [--whitewash] PATH
                            [--ruby-exec][--msf-path] PATH [-E] EXPLOIT-FILE-PATH
                            [--rand-agent] [--proxy]PROTO://IP:PORT [-P] AGENT
 
optional arguments:
  -h, --help            show this help message and exit
 
search engines:
  possible search engines to use
 
  -c, --censys          use censys.io as the search engine togather hosts
  -z, --zoomeye         use zoomeye.org as the search engineto gather hosts
  -s, --shodan          use shodan.io as the search engine togather hosts
  -a, --all             search all available searchengines to gather hosts
 
requests:
  arguments to edit your requests
 
  --proxy PROTO://IP:PORT
                        run behind a proxywhile performing the searches
  --random-agent        use a random HTTP User-Agent header
  -P USER-AGENT, --personal-agent USER-AGENT
                        pass a personalUser-Agent to use for HTTP requests
  -q QUERY, --query QUERY
                        pass your search query
 
exploits:
  arguments to edit your exploits
 
  -E PATH, --exploit-file PATH
                        provide a text file toconvert into JSON and save for
                        later use
  -C WORKSPACE LHOST LPORT, --config WORKSPACELHOST LPORT
                        set the configurationfor MSF (IE -C default 127.0.0.1
                        8080)
  -e, --exploit         start exploiting the already gatheredhosts
 
miscarguments:
  arguments that don't fit anywhere else
 
  --ruby-exec           if you need to run the Rubyexecutable with MSF use
                        this
  --msf-path MSF-PATH   pass the path to your framework if it is notin your
                        ENV PATH
  --whitelist PATH      only exploit hosts listed in thewhitelist file

资源获取

AutoSplit项目地址:【GitHub传送门

GitHubRelase:【传送门

* 参考来源:pentestit,FB小编Alpha_h4ck编译,转载请注明来自FreeBuf.COM

2

发表评论

已有 1 条评论

取消
Loading...
css.php