Comments (54)
Lol, i suppose i am. Not quite sure whether this is a good or a bad thing yet.
from autosploit.
People are ridiculous. How about instead of bashing the creator of it, they say thanks for showing us where we have issues
I'm gonna help you develop this thing into a security experts fucking nightmare because they deserve it.
from autosploit.
Lol thanks. Version 2 is going to be a team effort. Feel free to contribute if you'd like 👍
from autosploit.
You also made it on securitybuzz, congratulations man, you're famous
from autosploit.
Interestingly Rapid7 had something to say about this as well. I thought their assessment was reasonable.
On Random Shell Generators by Rapid7
Also, i like that they updated the article to include the fact that i intend to have functionality to load a single host or custom list in the new version. The reason why i am adding it is to make the tool more precise and enhance it's utility no matter the engagement, Shodan lookup will remain as an option as well though.
from autosploit.
Merged for V2.1 release guys.
from autosploit.
Thank you for looking that information up @Aegis and yeah lol, i was pretty surprised someone from the White House was even commenting on this. AutoSploit really went viral.
Also, @Ekultek i think it should work fine through proxychains yeah. Haven't personally tested it, and it might be possible to add proxy support natively, if that's not a bit overkill.
from autosploit.
It’s really easy to use tor, check my Mjolnir repo ( it’s a DoS tool :p)
from autosploit.
Hey @Ekultek got a way of contacting you via IM? Or something similar, i'd like to discuss some things with you. Perhaps add you as a collaborator with push/write access to the AutoSploit repo as well. Since you have been contributing so much. I'd love to get in touch, if you'd be interested.
from autosploit.
@Ekultek I've sent you message and i am looking forward to your reply. 👍
from autosploit.
@NullArray HE LIVES!
from autosploit.
Almost at 3000 stars exactly! Pretty good milestone. :)
from autosploit.
Lol, yeah man, you did good with this one
from autosploit.
No for real, someone that was in attendance reached out to me 👍
from autosploit.
from autosploit.
The way in which the hosts are gathered is through Shodan. Using shodan.io to find internet connected devices is not illegal so i don't know why you would want to proxy the connection to the search engine.
from autosploit.
from autosploit.
FWIW after reading the reply here I located a passage in a book where Shodan's founder notes it's "not an anonymous service" and expresses approval of law enforcement action; one of the authors has worked extensively in government. This code is not illegal in itself and I'm not for such activity but SOCKS5 and/or Tor support would not be that hard.
Also congrats on earning the attention of the White House. :)
from autosploit.
AutoSploit is also mentioned over here - Digi.no is a Norwegian tech publishing news site. They raise concern that more users would be able to perform attacks. Great work, would be fun to test drive it. Keep up the good work.
from autosploit.
Gotta respect this man for seeing the real problem:
On the other hand, Chris Roberts, chief security architect at Acalvio states:
” The kids are not more dangerous. They already were dangerous. We’ve simply given them a newer, simpler, shinier way to exploit everything that’s broken. Maybe we should fix the ROOT problem”.
from autosploit.
@NullArray Rapid7 is usually pretty good at these kinds of things. I have massive respect for their teams and their company.
from autosploit.
@NullArray yo, just got home, yeah do you have discord?
from autosploit.
Nah i don't have discord but if you have a way for me to send you a private message i will send you my XMPP, addy so we can speak directly.
from autosploit.
send an email there and i'll direct you to my secure email
from autosploit.
For sure, i'll hit you up in a bit.
from autosploit.
@NullArray alright man, talk to ya soon.
from autosploit.
@NullArray I received it and replied from my secure email.
from autosploit.
At this point you could open up a Discord server to chat with contributors
from autosploit.
@NatoBoram I’m not against that at all.
from autosploit.
@NatoBoram discord server setup here's the invite https://discord.gg/9BeeZQk
from autosploit.
Hey, i've been away for a while, so i am out of the loop. Will catch up around Monday when i have some time on my hands.
from autosploit.
So since this is basically the general 'off-topic' discussion thread with regards to this project, i just wanted to let people know that if they need to contact me through any other media than Github please feel free to DM me on twitter at https://twitter.com/Real__Vector
Alternatively i respond to PMs over at GreySec Security Forums
Oh and since i had a corrupted filesystem on one of the boxes i use, i haven't been around on the discord server either, since i happened to use that box for discord. Haven't gotten around to fixing it yet so i figured i would post some alternatives.
from autosploit.
Look at what I started, a general discussion. You’re welcome world
from autosploit.
A general discussion with regards to the project of course. Feel free to change the label if you can think of a more suitable one. Just figured i would label the conversation here as off topic and non-technical for the most part.
from autosploit.
This thread has been dead for far to long. Someone talk
from autosploit.
Well, I have read the tread, guys, and it seems that this tool is very powerfull. And I like it because I am a scrypt kidddy, can I use it to sneak into my ex's computer? haha
from autosploit.
@N1kRolexx I mean if thats' what you want to do. It's not that it's powerful it's that it brings to light a whole new playbook
from autosploit.
@Ekultek Yep, I know. Just a joke, I'm not that interested in my ex :) Anyway the tool is very powerful, It can gather a huge amount of hosts, then you load your exploit pack and here it goes. A thousands (maybe) of exploited devices. However I'm not interested in this :)
I'm interested in bypassing https. Do you know maybe some ways of making this possible?
from autosploit.
@N1kRolexx Use port 80 instead of port 443. HTTPS bypassed.
from autosploit.
@Ekultek Ahah, nice joke)))) (no)
from autosploit.
@N1kRolexx I’m serious, find a website that allows connections to port 80, redirect to HTTP use Burp. If you’re talking about deciphering the SSL itself, you’ll need the certificate key
from autosploit.
I was just thinking how awesome it is that through collaboration with multiple devs and contributions small or big, AutoSploit has really evolved into something amazing. I love the fact that this has become an Open Source endeavor in the truest sense of the word, and i would like to thank everyone who has been involved with the project thus far,
You guys are great (n_n")
from autosploit.
Haha, you’re the best man
from autosploit.
I hear AutoSploit got mentioned at Thotcon, if you're reading this Thotcon attendees, hi!
from autosploit.
Bullshit?
from autosploit.
Made a drastic change to the system call for starting services see b998ad8
from autosploit.
@Ekultek Opened a Pandora's box with a Metasploit wrapper? Oh, I don't think so
from autosploit.
@TheSecondSun it’s a little more advanced then a metasploit wrapper. I can see how people could get confused though. Have you even actually used it?
from autosploit.
@Ekultek Not really, thus I definitely will give it a try in my homelab :) But in my opinion, this tool is a bit too noisy and aids only with blind exploitation against blackbox environments exposed in the web. Correct me if I am wrong
from autosploit.
@TheSecondSun i use it as a pentest automation tool when I have other things to do, it has the ability to pass your own IP addresses into it and use those instead of blind exploitation.
from autosploit.
@Ekultek does it also implement scanning capabilities?
from autosploit.
@TheSecondSun it’s specifically geared towards exploitation. There has been talk about implementing a full pentest framework
from autosploit.
Hello everyone, I'll be working on all the bug fixes tomorrow. So there should be a fix here soon
from autosploit.
@Duplicitious as in run one exploit against a host?
from autosploit.
Related Issues (20)
- Unhandled Exception (1d091555b)
- docker , cd: no such file or directory
- Docker , ERROR: Service 'autosploit' failed to build : Cannot mkdir: /opt/metasploit-framework is not a directory
- Unhandled Exception (87f54699a)
- Anyone care to get the API working again?
- Unhandled Exception (15515d351)
- Unhandled Exception (611832f5e)
- Unhandled Exception (9ad11344c)
- Unhandled Exception (f78b0b48a)
- Unhandled Exception (e59bd010f)
- Modules Suggestion
- Unhandled Exception (28d2b674b)
- Add support to backtrack linux
- needs updating to work with newer pip ie kali 2022.4 compatible
- Not working python and docker
- Unhandled Exception (54d536e8d)
- Unhandled Exception (a0404ca4d)
- Can't seem to start autosploit -> Syntax error HOT 2
- Unhandled Exception (ca9701ee9)
- rewrite in python 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autosploit.