Release 2.2 #142
Merged
Release 2.2 #142
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* API keys token file reading error fix When reading an API key file, tokens are not stripped properly. Non-standard endlines causes an error with shodan/censys/etc APIs * Added a dry-run flag. When running without the terminal and the --dry-run flag, msfconsole will not be run. A report will still be produced. * Sanitized whitelist comparision with host file. All leading and trailing whitespaces should be removed before comparing IPs * Added an --exploit-file-to-use option. Load exploits directly from the specified file, do not prompt for exploit-file selection if this option is specified. * Added --append/--overwrite to search engines. Specifying either will skip the prompt after a search query. --overwrite will start with a blank file but will append futher searches ex: with -s -c --overwrite, both shodan and censys results will be appended to a clean file. * Search all fix for append/overwrite flags. Search results is not prompted anymore * Modified the Exploiter output. Added a tally at the end. Suppressed much of the output during a dry-run. * Bugfix, --exploit-file-to-use Output an error message to the console if the specified exploit file does not exists. * Added short arguments for --append/--overwrite * Closing program if invalid file is passed to --exploit-file-to-use
* Scripts to automate autosploit. ./dryrun_autosploit.sh will search censys/shodan/etc and do a dry-run against discovered hosts that are in the whitelist. VALIDATE THE DRYRUN REPORT BEFORE LAUNCHING THE ACTUAL EXPLOIT RUN ./run_autosploit.sh will run autosploit in exploit mode against previously discovered hosts in the whitelist. * Removed blocking MSF modules from default module list. Added a fuzzers-only json file. In the same idea, Trans2open exploits are taking about 2h+ per host to run. Maybe implement a "long run" feature in the next release? * Added a vagrant config to easily deploy autosploit to aws-lightsail. COMES WITHOUT WARRANTY. Use as a starting point. Tweaks to make it usable for dev: - Setup a synced folder with your autosploit dev in the Vagrantfile Refer to vagrant doc. - Use vagrant rsync-auto Since vagrant file cannot really be shared as-is, some tweakings might be necessary. Try: -Modifying the Vagrantfile according to your ssh keys path -Installing the aws-cli pacakge -Configuring ~/.aws directory * Bugfix and improvements: Successful exploits will start meterpreter in background. Fixed counter for successful exploits/failed exploits bug, counting success/failure occurence, not line outputs. Success/failures now grepping escaped MSF output for success/failures. Grepping for keywords such as "Meterpreter", "Session" for success.
|
Discord Server link not working |
|
@Turkishcod this invite will last for 24 hours. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In 2.2 we have a few bugs resolved
run_autosploit.shdryrun_autosploit.sh