{"id":13539035,"url":"https://github.com/nullarray/autosploit","last_synced_at":"2025-05-14T11:13:33.825Z","repository":{"id":42535679,"uuid":"119572063","full_name":"NullArray/AutoSploit","owner":"NullArray","description":"Automated Mass Exploiter","archived":false,"fork":false,"pushed_at":"2023-05-22T21:34:12.000Z","size":418,"stargazers_count":5097,"open_issues_count":77,"forks_count":1130,"subscribers_count":232,"default_branch":"master","last_synced_at":"2025-04-03T21:08:28.697Z","etag":null,"topics":["automation","exploit","exploitation","metasploit","offsec","python","security","security-tools"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NullArray.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2018-01-30T17:47:18.000Z","updated_at":"2025-04-02T19:16:01.000Z","dependencies_parsed_at":"2022-08-23T09:01:30.000Z","dependency_job_id":"5c8d6164-1b41-44e7-920d-c75b0fd18333","html_url":"https://github.com/NullArray/AutoSploit","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NullArray%2FAutoSploit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NullArray%2FAutoSploit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NullArray%2FAutoSploit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NullArray%2FAutoSploit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NullArray","download_url":"https://codeload.github.com/NullArray/AutoSploit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248340536,"owners_count":21087465,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["automation","exploit","exploitation","metasploit","offsec","python","security","security-tools"],"created_at":"2024-08-01T09:01:19.356Z","updated_at":"2025-04-11T04:23:07.562Z","avatar_url":"https://github.com/NullArray.png","language":"Python","readme":"\u003ccenter\u003e\u003cimg src=\"https://user-images.githubusercontent.com/14183473/55991044-e9317000-5c6e-11e9-8730-a2e9d5c3ea68.jpg\"\u003e\u003c/image\u003e\u003c/center\u003e\n\u003cbr\u003e\nAs the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started\n\n\n_**Operational Security Consideration:**_\n\n\nReceiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.\n\nThe new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.\n\n# Helpful links\n\n - [Usage](https://github.com/NullArray/AutoSploit#usage)\n - [Installing](https://github.com/NullArray/AutoSploit#Installation)\n - [Dependencies](https://github.com/NullArray/AutoSploit#dependencies)\n - [User Manual](https://github.com/NullArray/AutoSploit/wiki)\n - [Extensive usage breakdown](https://github.com/NullArray/AutoSploit/wiki/Usage#usage-options)\n - [Screenshots](https://github.com/NullArray/AutoSploit/wiki/Examples-and-images)\n - [Reporting bugs/ideas](https://github.com/NullArray/AutoSploit/wiki/Bugs-and-ideas#bugs)\n - [Development guidelines](https://github.com/NullArray/AutoSploit/wiki/Development-information#development-of-autosploit)\n - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements)\n - [Development](https://github.com/NullArray/AutoSploit#active-development)\n - [Discord server](https://discord.gg/9BeeZQk)\n - [README translations](https://github.com/NullArray/AutoSploit#translations)\n\n# Installation\n\nInstalling AutoSploit is very simple, you can find the latest stable release [here](https://github.com/NullArray/AutoSploit/releases/latest). You can also download the master branch as a [zip](https://github.com/NullArray/AutSploit/zipball/master) or [tarball](https://github.com/NullArray/AutSploit/tarball/master) or follow one of the below methods;\n\n\n##### Docker Compose\nUsing Docker Compose is by far the easiest way to get AutoSploit up and running without too much of a hassle.\n```\ngit clone https://github.com/NullArray/AutoSploit.git\ncd Autosploit/Docker\ndocker-compose run --rm autosploit\n```\n\n##### Docker\nJust using Docker.\n```\ngit clone https://github.com/NullArray/AutoSploit.git\ncd Autosploit/Docker\n# If you wish to edit default postgres service details, edit database.yml. Should work out of the box\n# nano database.yml\ndocker network create -d bridge haknet\ndocker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres\ndocker build -t autosploit .\ndocker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit\n```\n\nDev team contributor [Khast3x](https://github.com/khast3x) recently improved Docker operations as well as add more details to the README.md in the `Docker` subdirectory. For more information on deploying AutoSploit with Docker please be sure to click [here](https://github.com/NullArray/AutoSploit/tree/master/Docker) \n\n\n##### Cloning\nOn any Linux system the following should work;\n\n```bash\ngit clone https://github.com/NullArray/AutoSploit\ncd AutoSploit\nchmod +x install.sh\n./install.sh\n```\n\nAutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script.\n\n```bash\nsudo -s \u003c\u003c '_EOF'\npip2 install virtualenv --user\ngit clone https://github.com/NullArray/AutoSploit.git\nvirtualenv \u003cPATH-TO-YOUR-ENV\u003e\nsource \u003cPATH-TO-YOUR-ENV\u003e/bin/activate\ncd \u003cPATH-TO-AUTOSPLOIT\u003e\npip2 install -r requirements.txt\nchmod +x install.sh\n./install.sh\npython autosploit.py\n_EOF\n```\n\n## Usage\n\nStarting the program with `python autosploit.py` will open an AutoSploit terminal session. The options for which are as follows.\n```\n1. Usage And Legal\n2. Gather Hosts\n3. Custom Hosts\n4. Add Single Host\n5. View Gathered Hosts\n6. Exploit Gathered Hosts\n99. Quit\n```\n\nChoosing option `2` will prompt you for a platform specific search query. Enter `IIS` or `Apache` in example and choose a search engine. After doing so the collected hosts will be saved to be used in the `Exploit` component.\n\nAs of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type `python autosploit.py -h` to display all the options available to you. I've posted the options below as well for reference.\n\n```\nusage: python autosploit.py -[c|z|s|a] -[q] QUERY\n [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH\n [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH\n [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT\n\noptional arguments:\n -h, --help show this help message and exit\n\nsearch engines:\n possible search engines to use\n\n -c, --censys use censys.io as the search engine to gather hosts\n -z, --zoomeye use zoomeye.org as the search engine to gather hosts\n -s, --shodan use shodan.io as the search engine to gather hosts\n -a, --all search all available search engines to gather hosts\n\nrequests:\n arguments to edit your requests\n\n --proxy PROTO://IP:PORT\n run behind a proxy while performing the searches\n --random-agent use a random HTTP User-Agent header\n -P USER-AGENT, --personal-agent USER-AGENT\n pass a personal User-Agent to use for HTTP requests\n -q QUERY, --query QUERY\n pass your search query\n\nexploits:\n arguments to edit your exploits\n\n -E PATH, --exploit-file PATH\n provide a text file to convert into JSON and save for\n later use\n -C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT\n set the configuration for MSF (IE -C default 127.0.0.1\n 8080)\n -e, --exploit start exploiting the already gathered hosts\n\nmisc arguments:\n arguments that don't fit anywhere else\n\n --ruby-exec if you need to run the Ruby executable with MSF use\n this\n --msf-path MSF-PATH pass the path to your framework if it is not in your\n ENV PATH\n --whitelist PATH only exploit hosts listed in the whitelist file\n```\n\n\n## Dependencies\n_Note_: All dependencies should be installed using the above installation method, however, if you find they are not:\n\nAutoSploit depends on the following Python2.7 modules.\n\n```\nrequests\npsutil\n```\n\nShould you find you do not have these installed get them with pip like so.\n\n```bash\npip install requests psutil\n```\n\nor\n\n```bash\npip install -r requirements.txt\n```\n\nSince the program invokes functionality from the Metasploit Framework you need to have this installed also. Get it from Rapid7 by clicking [here](https://www.rapid7.com/products/metasploit/).\n\n## Acknowledgements\n\nSpecial thanks to [Ekultek](https://github.com/Ekultek) without whoms contributions to the project, the new version would have been a lot less spectacular.\n\nThanks to [Khast3x](https://github.com/khast3x) for setting up Docker support.\n\nLast but certainly not least. Thanks to all who have submitted Pull Requests, bug reports, useful and productive contributions in general. \n\n### Active Development\n\nIf you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines.\n\nPlease, also, be sure to read our [contribution standards](https://github.com/NullArray/AutoSploit/wiki/Development-information#contribution-standards) before sending pull requests\n\nIf you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord server](https://discord.gg/DZe4zr2).\n\n### Note\n\nIf you happen to encounter a bug please feel free to [Open a Ticket](https://github.com/NullArray/AutoSploit/issues).\n\nThanks in advance.\n\n## Translations\n\n - [FR](https://github.com/NullArray/AutoSploit/blob/master/.github/.translations/README-fr.md)\n - [ZH](https://github.com/NullArray/AutoSploit/blob/master/.github/.translations/README-zh.md)\n - [DE](https://github.com/NullArray/AutoSploit/blob/master/.github/.translations/README-de.md)\n","funding_links":[],"categories":["\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["\u003ca id=\"41ae40ed61ab2b61f2971fea3ec26e7c\"\u003e\u003c/a\u003e漏洞利用"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnullarray%2Fautosploit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnullarray%2Fautosploit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnullarray%2Fautosploit/lists"}