AutoSploit= Shodan/Censys/Zoomeye + Metasploit
工具安装 #p#分页标题#e#
Docker sudo -s << EOF git clone https://github.com/NullArray/AutoSploit.git cd AutoSploit chmod +x install.sh ./installsh cd AutoSploit/Docker docker network create -d bridge haknet docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres docker build -t autosploit . docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit EOF
依赖组件
资源获取
可能大家之前已经使用过AutpSploit这款自动化漏洞利用工具了,但是这款工具现在又进行了大幅度改进。
AutoSploit是什么?AutoSploit是一款采用Python开发的自动化大规模漏洞利用工具,它可以利用Shodan、Censys或Zoomeye搜索引擎来定位攻击目标,用户可以随意选择使用其中任意一个。设置好需要攻击的目标之后,该工具可以启动相关的Metasploit模块来实施攻击。默认配置下,AutoSploit提供了超过三百中预定义的Metasploit模块,用户可以用它们在不同操作系统主机、Web应用程序和入侵检测系统等基础设施上实现代码执行。当然了,用户也可以通过修改etc/json/default_modules.json文件来添加新的模块。
下面给出的是AutoSploit默认自带的MetaSploit模块列表:
exploit/windows/ftp/ms09_053_ftpd_nlst exploit/windows/firewall/blackice_pam_icq exploit/windows/http/amlibweb_webquerydll_app exploit/windows/http/ektron_xslt_exec_ws exploit/windows/http/umbraco_upload_aspx exploit/windows/iis/iis_webdav_scstoragepathfromurl exploit/windows/iis/iis_webdav_upload_asp exploit/windows/iis/ms01_023_printer exploit/windows/iis/ms01_026_dbldecode exploit/windows/iis/ms01_033_idq exploit/windows/iis/ms02_018_htr exploit/windows/iis/ms02_065_msadc exploit/windows/iis/ms03_007_ntdll_webdav exploit/windows/iis/msadc exploit/windows/isapi/ms00_094_pbserver exploit/windows/isapi/ms03_022_nsiislog_post exploit/windows/isapi/ms03_051_fp30reg_chunked exploit/windows/isapi/rsa_webagent_redirect exploit/windows/isapi/w3who_query exploit/windows/scada/advantech_webaccess_dashboard_file_upload exploit/windows/ssl/ms04_011_pct exploit/freebsd/http/watchguard_cmd_exec exploit/linux/http/alienvault_exec exploit/linux/http/alienvault_sqli_exec exploit/linux/http/astium_sqli_upload exploit/linux/http/centreon_sqli_exec exploit/linux/http/centreon_useralias_exec exploit/linux/http/crypttech_cryptolog_login_exec exploit/linux/http/dolibarr_cmd_exec exploit/linux/http/goautodial_3_rce_command_injection exploit/linux/http/kloxo_sqli exploit/linux/http/nagios_xi_chained_rce exploit/linux/http/netgear_wnr2000_rce exploit/linux/http/pandora_fms_sqli exploit/linux/http/riverbed_netprofiler_netexpress_exe exploit/linux/http/wd_mycloud_multiupload_upload exploit/linux/http/zabbix_sqli exploit/linux/misc/qnap_transcode_server exploit/linux/mysql/mysql_yassl_getname exploit/linux/mysql/mysql_yassl_hello exploit/linux/postgres/postgres_payload exploit/linux/samba/is_known_pipename exploit/multi/browser/java_jre17_driver_manager exploit/multi/http/atutor_sqli exploit/multi/http/dexter_casinoloader_exec exploit/multi/http/drupal_drupageddon exploit/multi/http/manage_engine_dc_pmp_sqli exploit/multi/http/manageengine_search_sqli exploit/multi/http/movabletype_upgrade_exec exploit/multi/http/php_volunteer_upload_exe exploit/multi/http/sonicwall_scrutinizer_methoddetail_sqli exploit/multi/http/splunk_mappy_exec exploit/multi/http/testlink_upload_exec exploit/multi/http/zpanel_information_disclosure_rce exploit/multi/misc/legend_bot_exec exploit/multi/mysql/mysql_udf_payload exploit/multi/postgres/postgres_createlang exploit/solaris/sunrpc/ypupdated_exec exploit/unix/ftp/proftpd_133c_backdoor exploit/unix/http/tnftp_savefile exploit/unix/webapp/joomla_contenthistory_sqli_rce exploit/unix/webapp/kimai_sqli exploit/unix/webapp/openemr_sqli_privesc_upload exploit/unix/webapp/seportal_sqli_exec exploit/unix/webapp/vbulletin_vote_sqli_exec exploit/unix/webapp/vicidial_manager_send_cmd_exec exploit/windows/antivirus/symantec_endpoint_manager_rce exploit/windows/http/apache_mod_rewrite_ldap exploit/windows/http/ca_totaldefense_regeneratereports exploit/windows/http/cyclope_ess_sqli exploit/windows/http/hp_mpa_job_acct exploit/windows/http/solarwinds_storage_manager_sql exploit/windows/http/sonicwall_scrutinizer_sql exploit/windows/misc/altiris_ds_sqli exploit/windows/misc/fb_cnct_group exploit/windows/misc/lianja_db_net exploit/windows/misc/manageengine_eventlog_analyzer_rce exploit/windows/mssql/lyris_listmanager_weak_pass exploit/windows/mssql/ms02_039_slammer exploit/windows/mssql/ms09_004_sp_replwritetovarbin exploit/windows/mssql/ms09_004_sp_replwritetovarbin_sqli exploit/windows/mssql/mssql_linkcrawler exploit/windows/mssql/mssql_payload exploit/windows/mssql/mssql_payload_sqli exploit/windows/mysql/mysql_mof exploit/windows/mysql/mysql_start_up exploit/windows/mysql/mysql_yassl_hello exploit/windows/mysql/scrutinizer_upload_exec exploit/windows/postgres/postgres_payload exploit/windows/scada/realwin_on_fcs_login exploit/multi/http/rails_actionpack_inline_exec exploit/multi/http/rails_dynamic_render_code_exec exploit/multi/http/rails_json_yaml_code_exec exploit/multi/http/rails_secret_deserialization exploit/multi/http/rails_web_console_v2_code_exec exploit/multi/http/rails_xml_yaml_code_exec exploit/multi/http/rocket_servergraph_file_requestor_rce exploit/multi/http/phpmoadmin_exec exploit/multi/http/phpmyadmin_3522_backdoor exploit/multi/http/phpmyadmin_preg_replace exploit/multi/http/phpscheduleit_start_date exploit/multi/http/phptax_exec exploit/multi/http/phpwiki_ploticus_exec exploit/multi/http/plone_popen2 exploit/multi/http/pmwiki_pagelist exploit/multi/http/joomla_http_header_rce exploit/multi/http/novell_servicedesk_rce exploit/multi/http/oracle_reports_rce exploit/multi/http/php_utility_belt_rce exploit/multi/http/phpfilemanager_rce exploit/multi/http/processmaker_exec exploit/multi/http/rocket_servergraph_file_requestor_rce exploit/multi/http/spree_search_exec exploit/multi/http/spree_searchlogic_exec exploit/multi/http/struts_code_exec_parameters exploit/multi/http/vtiger_install_rce exploit/multi/http/werkzeug_debug_rce exploit/multi/http/zemra_panel_rce exploit/multi/http/zpanel_information_disclosure_rce exploit/multi/http/joomla_http_header_rce exploit/unix/webapp/joomla_akeeba_unserialize exploit/unix/webapp/joomla_comjce_imgmanager exploit/unix/webapp/joomla_contenthistory_sqli_rce exploit/unix/webapp/joomla_media_upload_exec exploit/multi/http/builderengine_upload_exec exploit/multi/http/caidao_php_backdoor_exec exploit/multi/http/atutor_sqli exploit/multi/http/ajaxplorer_checkinstall_exec exploit/multi/http/apache_activemq_upload_jsp exploit/unix/webapp/wp_lastpost_exec exploit/unix/webapp/wp_mobile_detector_upload_execute exploit/multi/http/axis2_deployer exploit/unix/webapp/wp_foxypress_upload exploit/linux/http/tr064_ntpserver_cmdinject exploit/linux/misc/quest_pmmasterd_bof exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload exploit/unix/webapp/php_xmlrpc_eval exploit/unix/webapp/wp_admin_shell_upload exploit/linux/http/sophos_wpa_sblistpack_exec exploit/linux/local/sophos_wpa_clear_keys exploit/multi/http/zpanel_information_disclosure_rce auxiliary/admin/cisco/cisco_asa_extrabacon auxiliary/admin/cisco/cisco_secure_acs_bypass auxiliary/admin/cisco/vpn_3000_ftp_bypass exploit/bsdi/softcart/mercantec_softcart exploit/freebsd/misc/citrix_netscaler_soap_bof exploit/freebsd/samba/trans2open exploit/linux/ftp/proftp_sreplace exploit/linux/http/dcos_marathon exploit/linux/http/f5_icall_cmd exploit/linux/http/fritzbox_echo_exec exploit/linux/http/gitlist_exec exploit/linux/http/goautodial_3_rce_command_injection exploit/linux/http/ipfire_bashbug_exec exploit/linux/http/ipfire_oinkcode_exec exploit/linux/http/ipfire_proxy_exec exploit/linux/http/kaltura_unserialize_rce exploit/linux/http/lifesize_uvc_ping_rce exploit/linux/http/nagios_xi_chained_rce exploit/linux/http/netgear_dgn1000_setup_unauth_exec exploit/linux/http/netgear_wnr2000_rce exploit/linux/http/nuuo_nvrmini_auth_rce exploit/linux/http/nuuo_nvrmini_unauth_rce exploit/linux/http/op5_config_exec exploit/linux/http/pandora_fms_exec exploit/linux/http/pineapple_preconfig_cmdinject exploit/linux/http/seagate_nas_php_exec_noauth exploit/linux/http/symantec_messaging_gateway_exec exploit/linux/http/trendmicro_imsva_widget_exec exploit/linux/http/trueonline_billion_5200w_rce exploit/linux/http/trueonline_p660hn_v1_rce exploit/linux/http/trueonline_p660hn_v2_rce exploit/linux/http/vcms_upload exploit/linux/misc/lprng_format_string exploit/linux/misc/mongod_native_helper exploit/linux/misc/ueb9_bpserverd exploit/linux/mysql/mysql_yassl_getname exploit/linux/pop3/cyrus_pop3d_popsubfolders exploit/linux/postgres/postgres_payload exploit/linux/pptp/poptop_negative_read exploit/linux/proxy/squid_ntlm_authenticate exploit/linux/samba/lsa_transnames_heap exploit/linux/samba/setinfopolicy_heap exploit/linux/samba/trans2open exploit/multi/elasticsearch/script_mvel_rce exploit/multi/elasticsearch/search_groovy_script exploit/multi/http/atutor_sqli exploit/multi/http/axis2_deployer exploit/multi/http/familycms_less_exe exploit/multi/http/freenas_exec_raw exploit/multi/http/gestioip_exec exploit/multi/http/glassfish_deployer exploit/multi/http/glpi_install_rce exploit/multi/http/joomla_http_header_rce exploit/multi/http/makoserver_cmd_exec exploit/multi/http/novell_servicedesk_rc exploit/multi/http/oracle_reports_rce exploit/multi/http/php_utility_belt_rce exploit/multi/http/phpfilemanager_rce exploit/multi/http/phpmyadmin_3522_backdoor exploit/multi/http/phpwiki_ploticus_exec exploit/multi/http/processmaker_exec exploit/multi/http/rails_actionpack_inline_exec exploit/multi/http/rails_dynamic_render_code_exec exploit/multi/http/rails_secret_deserialization exploit/multi/http/rocket_servergraph_file_requestor_rce exploit/multi/http/simple_backdoors_exec exploit/multi/http/spree_search_exec exploit/multi/http/spree_searchlogic_exec exploit/multi/http/struts2_rest_xstream exploit/multi/http/struts_code_exec exploit/multi/http/struts_code_exec_classloader exploit/multi/http/struts_code_exec_parameters exploit/multi/http/struts_dev_mode exploit/multi/http/sysaid_auth_file_upload exploit/multi/http/tomcat_jsp_upload_bypass exploit/multi/http/vtiger_install_rce exploit/multi/http/werkzeug_debug_rce exploit/multi/http/zemra_panel_rce exploit/multi/http/zpanel_information_disclosure_rce exploit/multi/ids/snort_dce_rpc exploit/multi/misc/batik_svg_java exploit/multi/misc/pbot_exec exploit/multi/misc/veritas_netbackup_cmdexec exploit/multi/mysql/mysql_udf_payload exploit/multi/php/php_unserialize_zval_cookie exploit/unix/http/freepbx_callmenum exploit/unix/http/lifesize_room exploit/unix/http/pfsense_clickjacking exploit/unix/http/pfsense_group_member_exec exploit/unix/http/tnftp_savefile exploit/unix/misc/polycom_hdx_traceroute_exec exploit/unix/webapp/awstats_migrate_exec exploit/unix/webapp/carberp_backdoor_exec exploit/unix/webapp/citrix_access_gateway_exec exploit/unix/webapp/dogfood_spell_exec exploit/unix/webapp/invision_pboard_unserialize_exec exploit/unix/webapp/joomla_contenthistory_sqli_rce exploit/unix/webapp/mybb_backdoor exploit/unix/webapp/opensis_modname_exec exploit/unix/webapp/oscommerce_filemanager exploit/unix/webapp/piwik_superuser_plugin_upload exploit/unix/webapp/tikiwiki_upload_exec exploit/unix/webapp/webtester_exec exploit/unix/webapp/wp_phpmailer_host_header exploit/unix/webapp/wp_total_cache_exec exploit/windows/antivirus/symantec_endpoint_manager_rce exploit/windows/http/ektron_xslt_exec exploit/windows/http/ektron_xslt_exec_ws exploit/windows/http/geutebrueck_gcore_x64_rce_bo exploit/windows/http/hp_autopass_license_traversal exploit/windows/http/manage_engine_opmanager_rce exploit/windows/http/netgear_nms_rce exploit/windows/http/sepm_auth_bypass_rce exploit/windows/http/trendmicro_officescan_widget_exec exploit/windows/iis/iis_webdav_upload_asp exploit/windows/iis/msadc exploit/windows/misc/manageengine_eventlog_analyzer_rce exploit/windows/novell/file_reporter_fsfui_upload exploit/windows/scada/ge_proficy_cimplicity_gefebt exploit/windows/smb/ipass_pipe_exec exploit/windows/smb/smb_relay auxiliary/sqli/oracle/jvm_os_code_10g auxiliary/sqli/oracle/jvm_os_code_11g auxiliary/fuzzers/dns/dns_fuzzer auxiliary/fuzzers/ftp/client_ftp auxiliary/fuzzers/ftp/ftp_pre_post auxiliary/fuzzers/http/http_form_field auxiliary/fuzzers/http/http_get_uri_long auxiliary/fuzzers/http/http_get_uri_strings auxiliary/fuzzers/ntp/ntp_protocol_fuzzer auxiliary/fuzzers/smb/smb2_negotiate_corrupt auxiliary/fuzzers/smb/smb_create_pipe auxiliary/fuzzers/smb/smb_create_pipe_corrupt auxiliary/fuzzers/smb/smb_negotiate_corrupt auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt auxiliary/fuzzers/smb/smb_tree_connect auxiliary/fuzzers/smb/smb_tree_connect_corrupt auxiliary/fuzzers/smtp/smtp_fuzzer auxiliary/fuzzers/ssh/ssh_kexinit_corrupt auxiliary/fuzzers/ssh/ssh_version_15 auxiliary/fuzzers/ssh/ssh_version_2 auxiliary/fuzzers/ssh/ssh_version_corrupt auxiliary/fuzzers/tds/tds_login_corrupt auxiliary/fuzzers/tds/tds_login_username工具安装 #p#分页标题#e#
AutoSploit的安装非常简单,你可以点击【这里】下载最新发布的版本,或者使用下列方法进行下载安装。
项目克隆 sudo -s << EOF git clone https://github.com/NullArray/Autosploit.git cd AutoSploit chmod +x install.sh ./install.sh python2 autosploit.py EOFDocker sudo -s << EOF git clone https://github.com/NullArray/AutoSploit.git cd AutoSploit chmod +x install.sh ./installsh cd AutoSploit/Docker docker network create -d bridge haknet docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres docker build -t autosploit . docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit EOF
依赖组件
AutoSploit目前需要使用下列Python 2.7模块:
requests psutil大家可以使用pip命令完成依赖组件的安装:
pip install requests psutil或者
pip install -r requirements.txt 工具使用 #p#分页标题#e#在命令行中输入命令“python autosploit.py”即可打开AutoSploit终端会话:
usage:python autosploit.py -[c|z|s|a] -[q] QUERY [-C] WORKSPACELHOST LPORT [-e] [--whitewash] PATH [--ruby-exec][--msf-path] PATH [-E] EXPLOIT-FILE-PATH [--rand-agent] [--proxy]PROTO://IP:PORT [-P] AGENT optional arguments: -h, --help show this help message and exit search engines: possible search engines to use -c, --censys use censys.io as the search engine togather hosts -z, --zoomeye use zoomeye.org as the search engineto gather hosts -s, --shodan use shodan.io as the search engine togather hosts -a, --all search all available searchengines to gather hosts requests: arguments to edit your requests --proxy PROTO://IP:PORT run behind a proxywhile performing the searches --random-agent use a random HTTP User-Agent header -P USER-AGENT, --personal-agent USER-AGENT pass a personalUser-Agent to use for HTTP requests -q QUERY, --query QUERY pass your search query exploits: arguments to edit your exploits -E PATH, --exploit-file PATH provide a text file toconvert into JSON and save for later use -C WORKSPACE LHOST LPORT, --config WORKSPACELHOST LPORT set the configurationfor MSF (IE -C default 127.0.0.1 8080) -e, --exploit start exploiting the already gatheredhosts miscarguments: arguments that don't fit anywhere else --ruby-exec if you need to run the Rubyexecutable with MSF use this --msf-path MSF-PATH pass the path to your framework if it is notin your ENV PATH --whitelist PATH only exploit hosts listed in thewhitelist file资源获取
AutoSplit项目地址:【GitHub传送门】
GitHubRelase:【传送门】