Not hate mail. about autosploit HOT 54 OPEN

Lol, i suppose i am. Not quite sure whether this is a good or a bad thing yet.

from autosploit.

People are ridiculous. How about instead of bashing the creator of it, they say thanks for showing us where we have issues I'm gonna help you develop this thing into a security experts fucking nightmare because they deserve it.

from autosploit.

Lol thanks. Version 2 is going to be a team effort. Feel free to contribute if you'd like 👍

from autosploit.

You also made it on securitybuzz, congratulations man, you're famous

from autosploit.

Interestingly Rapid7 had something to say about this as well. I thought their assessment was reasonable.

On Random Shell Generators by Rapid7

Also, i like that they updated the article to include the fact that i intend to have functionality to load a single host or custom list in the new version. The reason why i am adding it is to make the tool more precise and enhance it's utility no matter the engagement, Shodan lookup will remain as an option as well though.

from autosploit.

Merged for V2.1 release guys.

from autosploit.

Thank you for looking that information up @Aegis and yeah lol, i was pretty surprised someone from the White House was even commenting on this. AutoSploit really went viral.

Also, @Ekultek i think it should work fine through proxychains yeah. Haven't personally tested it, and it might be possible to add proxy support natively, if that's not a bit overkill.

from autosploit.

It’s really easy to use tor, check my Mjolnir repo ( it’s a DoS tool :p)

from autosploit.

Hey @Ekultek got a way of contacting you via IM? Or something similar, i'd like to discuss some things with you. Perhaps add you as a collaborator with push/write access to the AutoSploit repo as well. Since you have been contributing so much. I'd love to get in touch, if you'd be interested.

from autosploit.

@Ekultek I've sent you message and i am looking forward to your reply. 👍

from autosploit.

@NullArray HE LIVES!

from autosploit.

Almost at 3000 stars exactly! Pretty good milestone. :)

from autosploit.

Lol, yeah man, you did good with this one

from autosploit.

No for real, someone that was in attendance reached out to me 👍

from autosploit.

from autosploit.

The way in which the hosts are gathered is through Shodan. Using shodan.io to find internet connected devices is not illegal so i don't know why you would want to proxy the connection to the search engine.

from autosploit.

from autosploit.

FWIW after reading the reply here I located a passage in a book where Shodan's founder notes it's "not an anonymous service" and expresses approval of law enforcement action; one of the authors has worked extensively in government. This code is not illegal in itself and I'm not for such activity but SOCKS5 and/or Tor support would not be that hard.

Also congrats on earning the attention of the White House. :)

from autosploit.

AutoSploit is also mentioned over here - Digi.no is a Norwegian tech publishing news site. They raise concern that more users would be able to perform attacks. Great work, would be fun to test drive it. Keep up the good work.

from autosploit.

Gotta respect this man for seeing the real problem:

On the other hand, Chris Roberts, chief security architect at Acalvio states:

” The kids are not more dangerous. They already were dangerous. We’ve simply given them a newer, simpler, shinier way to exploit everything that’s broken. Maybe we should fix the ROOT problem”.

from autosploit.

@NullArray Rapid7 is usually pretty good at these kinds of things. I have massive respect for their teams and their company.

from autosploit.

@NullArray yo, just got home, yeah do you have discord?

from autosploit.

Nah i don't have discord but if you have a way for me to send you a private message i will send you my XMPP, addy so we can speak directly.

from autosploit.

[email protected]

send an email there and i'll direct you to my secure email

from autosploit.

For sure, i'll hit you up in a bit.

from autosploit.

@NullArray alright man, talk to ya soon.

from autosploit.

@NullArray I received it and replied from my secure email.

from autosploit.

At this point you could open up a Discord server to chat with contributors

from autosploit.

@NatoBoram I’m not against that at all.

from autosploit.

@NatoBoram discord server setup here's the invite https://discord.gg/9BeeZQk

from autosploit.

Hey, i've been away for a while, so i am out of the loop. Will catch up around Monday when i have some time on my hands.

from autosploit.

So since this is basically the general 'off-topic' discussion thread with regards to this project, i just wanted to let people know that if they need to contact me through any other media than Github please feel free to DM me on twitter at https://twitter.com/Real__Vector

Alternatively i respond to PMs over at GreySec Security Forums

Oh and since i had a corrupted filesystem on one of the boxes i use, i haven't been around on the discord server either, since i happened to use that box for discord. Haven't gotten around to fixing it yet so i figured i would post some alternatives.

from autosploit.

Look at what I started, a general discussion. You’re welcome world

from autosploit.

A general discussion with regards to the project of course. Feel free to change the label if you can think of a more suitable one. Just figured i would label the conversation here as off topic and non-technical for the most part.

from autosploit.

This thread has been dead for far to long. Someone talk

from autosploit.

Well, I have read the tread, guys, and it seems that this tool is very powerfull. And I like it because I am a scrypt kidddy, can I use it to sneak into my ex's computer? haha

from autosploit.

@N1kRolexx I mean if thats' what you want to do. It's not that it's powerful it's that it brings to light a whole new playbook

from autosploit.

@Ekultek Yep, I know. Just a joke, I'm not that interested in my ex :) Anyway the tool is very powerful, It can gather a huge amount of hosts, then you load your exploit pack and here it goes. A thousands (maybe) of exploited devices. However I'm not interested in this :)
I'm interested in bypassing https. Do you know maybe some ways of making this possible?

from autosploit.

@N1kRolexx Use port 80 instead of port 443. HTTPS bypassed.

from autosploit.

@Ekultek Ahah, nice joke)))) (no)

from autosploit.

@N1kRolexx I’m serious, find a website that allows connections to port 80, redirect to HTTP use Burp. If you’re talking about deciphering the SSL itself, you’ll need the certificate key

from autosploit.

I was just thinking how awesome it is that through collaboration with multiple devs and contributions small or big, AutoSploit has really evolved into something amazing. I love the fact that this has become an Open Source endeavor in the truest sense of the word, and i would like to thank everyone who has been involved with the project thus far,

You guys are great (n_n")

from autosploit.

Haha, you’re the best man

from autosploit.

I hear AutoSploit got mentioned at Thotcon, if you're reading this Thotcon attendees, hi!

from autosploit.

Bullshit?

from autosploit.

Made a drastic change to the system call for starting services see b998ad8

from autosploit.

@Ekultek Opened a Pandora's box with a Metasploit wrapper? Oh, I don't think so

from autosploit.

@TheSecondSun it’s a little more advanced then a metasploit wrapper. I can see how people could get confused though. Have you even actually used it?

from autosploit.

@Ekultek Not really, thus I definitely will give it a try in my homelab :) But in my opinion, this tool is a bit too noisy and aids only with blind exploitation against blackbox environments exposed in the web. Correct me if I am wrong

from autosploit.

@TheSecondSun i use it as a pentest automation tool when I have other things to do, it has the ability to pass your own IP addresses into it and use those instead of blind exploitation.

from autosploit.

@Ekultek does it also implement scanning capabilities?

from autosploit.

@TheSecondSun it’s specifically geared towards exploitation. There has been talk about implementing a full pentest framework

from autosploit.

Hello everyone, I'll be working on all the bug fixes tomorrow. So there should be a fix here soon

from autosploit.

@Duplicitious as in run one exploit against a host?

from autosploit.