Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/esfelurm/autoexploit

Fellow web hacker 👻
https://github.com/esfelurm/autoexploit

auto-exploit auto-exploiter autoexploit autoexploiter cms cracker esfelurm exploiter exploits

Last synced: 10 months ago
JSON representation

Fellow web hacker 👻

Awesome Lists containing this project

README 

          



# AutoExploit



A powerful tool for finding site vulnerabilities with 108 different exploits ☠️






### info/opt



- With this tool, you can use the designated exploits so that you can use those vulnerabilities 🔆

- This tool also has crackers, such as WordPress, Joomla and... 🔆

- This tool has WordPress, Joomla, etc. cms

- It also has tools such as Sqli, cpanel, smtp and... 🔆

- You can easily install this tool even in your Linux or Windows 🔆



## Examples of exploits 



- ⚪ Wp_cloudflare

- ⚪ phpunit

- ⚪ env

- ⚪ osCommerce

- and .......



## Examples of tools 



- 🟢 getSMTP

- 🟢 wso Shell Uploader

- 🟢 cms

- and .......



## Examples of cms 



- 🟡 Wordpress

- 🟡 drupal

- 🟡 joomla

- 🟡 opencart



`It has shells and special payloads for easier access and penetration into targets `



## Support from



🟢 Linux

🟢 Windows

🟡 Termux



#### Commands + implementation tips 



- Create a file in txt format and put the targets inside them

- Then copy the targets file to the AutoExploit folder (or give the target file address to the tool



Then enter the following command 👇🏻



```

git clone https://github.com/esfelurm/AutoExploit

cd AutoExploit

python AutoExploit.py target.txt

```

Now it starts testing the exploits   



`If you don't understand, watch the videos below 👇🏻`

----------------------------------



## educational video Part I



----------------------------------



## educational video Part II



----------------------------------

### Commands used in the video 



    


  1. Install prerequisites
    2. 

    Kali 👇🏻
    


    ```

    sudo apt update && sudo apt upgrade -y

    sudo apt install python3 python3-pip

    sudo apt install git

    pip3 install requests

    git clone https://github.com/esfelurm/AutoExploit

    ```

    Termux 👇🏻
    


    ```

    apt update && apt upgrade

    pkg install git

    pkg install python3

    pip install requests

    git clone https://github.com/esfelurm/AutoExploit

    ```
    


  2. Copy the targets file
    3. 

      

    ```

    cp target.txt AutoExploit

    ```

  3. Enter the tools directory
    4. 


    ```

    cd AutoExploit

    ```

  4. We run the tool 
    5. 


    ```

    python AutoExploit.py target.txt

    ```

  5. If the vulnerability is found and the work is completed, enter the result folder 
    6. 


    ```

    cd result

    ```
    


  6. Now open the files named config and you can see the results 
    7. 




## Attack example :



- Target : https://westlink.com.my



- image :






- Info :



```

APP_NAME="Westlink Group Of Companies"

APP_ENV=local

APP_KEY=base64:MKVU0RsaiKzXpRz+AmGyMu/4rOdNPPEvlyXmm3O+BLA=

APP_DEBUG=false

APP_URL=https://www.westlink.com.my/



LOG_CHANNEL=stack

LOG_LEVEL=debug



DB_CONNECTION=mysql

DB_HOST=110.4.45.32

DB_PORT=3306

DB_DATABASE=westlin1_sec_westlink_lat_v1

DB_USERNAME=westlin1_adm1

DB_PASSWORD=%?xwh%]KYFR-



BROADCAST_DRIVER=log

CACHE_DRIVER=file

QUEUE_CONNECTION=sync

SESSION_DRIVER=file

SESSION_LIFETIME=120



MEMCACHED_HOST=127.0.0.1



REDIS_HOST=127.0.0.1

REDIS_PASSWORD=null

REDIS_PORT=6379



MAIL_MAILER=smtp

MAIL_HOST=mail.westlink.com.my

MAIL_PORT=465

MAIL_USERNAME=sales@westlink.com.my

MAIL_PASSWORD=8dxtc+wgojx6

MAIL_ENCRYPTION=ssl



#MAIL_MAILER=smtp

#MAIL_HOST=smtp.mailtrap.io

#MAIL_PORT=2525

#MAIL_USERNAME=d5d5c2b307fe1f

#MAIL_PASSWORD=4912217d7c6151

#MAIL_ENCRYPTION=tls



MAIL_FROM_ADDRESS=null

MAIL_FROM_NAME="${APP_NAME}"



AWS_ACCESS_KEY_ID=

AWS_SECRET_ACCESS_KEY=

AWS_DEFAULT_REGION=us-east-1

AWS_BUCKET=



PUSHER_APP_ID=

PUSHER_APP_KEY=

PUSHER_APP_SECRET=

PUSHER_APP_CLUSTER=mt1



MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"

MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"



BUSS_ADMIN="/admin_wlx"

BUSS_NAME="Westlink Engineering Sdn. Bhd"

BUSS_PHONE="+607-3539737"

BUSS_EMAIL="info@westlink.com.my"

```



## Run successfully