Merge pull request #142 from NullArray/dev-beta

Release 2.2

.gitignore

@@ -5,3 +5,5 @@ hosts.txt
 secret.p
 uid.p
 etc/tokens/*
+autosploit_out/*
+venv/*

README.md

@@ -55,6 +55,32 @@ docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit
 EOF
 ```
 
+On any Linux system the following should work;
+
+```bash
+git clone https://github.com/NullArray/AutoSploit
+cd AutoSploit
+chmod +x install.sh
+./install.sh
+```
+
+If you want to run AutoSploit on a macOS system, AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. To do this, do the following;
+
+```bash
+sudo -s << '_EOF'
+pip2 install virtualenv --user
+git clone https://github.com/NullArray/AutoSploit.git
+virtualenv <PATH-TO-YOUR-ENV>
+source <PATH-TO-YOUR-ENV>/bin/activate
+cd <PATH-TO-AUTOSPLOIT>
+pip2 install -r requirements.txt
+chmod +x install.sh
+./install.sh
+python autosploit.py
+_EOF
+```
+
+
 More information on running Docker can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker)
 
 ## Usage
@@ -123,17 +149,6 @@ misc arguments:
   --whitelist PATH      only exploit hosts listed in the whitelist file
 ```
 
-## Installation
-
-On any Linux system the following should work;
-
-```bash
-git clone https://github.com/NullArray/AutoSploit
-cd AutoSploit
-chmod +x install.sh
-./install.sh
-```
-
 If you want to run AutoSploit on a macOS system, AutoSploit is compatible with macOS, however, you have to be inside a virtual environment for it to run successfully. To do this, do the following;
 
 ```bash

Vagrant/Vagrantfile

@@ -0,0 +1,28 @@
+# Use as a strating point to spin up a box in lightsail.
+# the vagrant-lightsail plugin is required
+# You probably also need to:
+# - Configure the ssh keys path
+# - Install and configure the aws-cli package
+
+Vagrant.configure('2') do |config|
+	config.vm.synced_folder ".", "/vagrant", type: "rsync",
+		rsync__exclude: ".git/",
+		rsync__auto: true
+
+	config.ssh.private_key_path		= '/path/to/id_rsa'
+	config.ssh.username				= 'ubuntu'
+	config.vm.box					= 'lightsail'
+	config.vm.box_url				= 'https://github.com/thejandroman/vagrant-lightsail/raw/master/box/lightsail.box'
+	config.vm.hostname				= 'autosploit-launcher'
+
+	config.vm.provider :lightsail do |provider, override|
+		provider.port_info		 	= [{ from_port: 0, to_port: 65535, protocol:
+		'all' }]
+		provider.keypair_name		= 'id_rsa'
+		provider.bundle_id			= 'small_1_0'
+	end
+
+	config.vm.provision "bootstrap", type: "shell", run: "once" do |s|
+		s.path	= "./bootstrap/bootstrap.sh"
+	end
+end

Vagrant/bootstrap/bootstrap.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+echo "Yolosploit configurator 2.42"
+sudo apt-get --yes update
+sudo apt-get --yes upgrade
+
+echo "Installing metasploit. BE PATIENT (5 min max?)"
+wget --quiet https://downloads.metasploit.com/data/releases/metasploit-latest-linux-x64-installer.run
+chmod +x metasploit-latest-linux-x64-installer.run
+sudo ./metasploit-latest-linux-x64-installer.run --unattendedmodeui none --prefix /opt/msf --mode unattended
+
+echo "Installing python2"
+sudo apt-get --yes install python python-pip python-virtualenv git
+
+sudo apt-get --yes install fish
+sudo chsh -s /usr/bin/fish ubuntu
+
+cd ~
+git clone https://github.com/NullArray/AutoSploit

api_calls/censys.py

@@ -15,13 +15,14 @@ class CensysAPIHook(object):
     Censys API hook
     """
 
-    def __init__(self, identity=None, token=None, query=None, proxy=None, agent=None, **kwargs):
+    def __init__(self, identity=None, token=None, query=None, proxy=None, agent=None, save_mode=None, **kwargs):
         self.id = identity
         self.token = token
         self.query = query
         self.proxy = proxy
         self.user_agent = agent
         self.host_file = HOST_FILE
+        self.save_mode = save_mode
 
     def censys(self):
         """
@@ -38,7 +39,7 @@ def censys(self):
             json_data = req.json()
             for item in json_data["results"]:
                 discovered_censys_hosts.add(str(item["ip"]))
-            write_to_file(discovered_censys_hosts, self.host_file)
+            write_to_file(discovered_censys_hosts, self.host_file, mode=self.save_mode)
             return True
         except Exception as e:
             raise AutoSploitAPIConnectionError(str(e))

api_calls/shodan.py

@@ -17,12 +17,13 @@ class ShodanAPIHook(object):
     Shodan API hook, saves us from having to install another dependency
     """
 
-    def __init__(self, token=None, query=None, proxy=None, agent=None, **kwargs):
+    def __init__(self, token=None, query=None, proxy=None, agent=None, save_mode=None, **kwargs):
         self.token = token
         self.query = query
         self.proxy = proxy
         self.user_agent = agent
         self.host_file = HOST_FILE
+        self.save_mode = save_mode
 
     def shodan(self):
         """
@@ -38,7 +39,7 @@ def shodan(self):
             json_data = json.loads(req.content)
             for match in json_data["matches"]:
                 discovered_shodan_hosts.add(match["ip_str"])
-            write_to_file(discovered_shodan_hosts, self.host_file)
+            write_to_file(discovered_shodan_hosts, self.host_file, mode=self.save_mode)
             return True
         except Exception as e:
             raise AutoSploitAPIConnectionError(str(e))

api_calls/zoomeye.py

@@ -20,13 +20,14 @@ class ZoomEyeAPIHook(object):
     so we're going to use some 'lifted' credentials to login for us
     """
 
-    def __init__(self, query=None, proxy=None, agent=None, **kwargs):
+    def __init__(self, query=None, proxy=None, agent=None, save_mode=None, **kwargs):
         self.query = query
         self.host_file = HOST_FILE
         self.proxy = proxy
         self.user_agent = agent
         self.user_file = "{}/etc/text_files/users.lst".format(os.getcwd())
         self.pass_file = "{}/etc/text_files/passes.lst".format(os.getcwd())
+        self.save_mode = save_mode
 
     @staticmethod
     def __decode(filepath):
@@ -81,7 +82,7 @@ def zoomeye(self):
                         discovered_zoomeye_hosts.add(ip)
                 else:
                     discovered_zoomeye_hosts.add(str(item["ip"][0]))
-            write_to_file(discovered_zoomeye_hosts, self.host_file)
+            write_to_file(discovered_zoomeye_hosts, self.host_file, mode=self.save_mode)
             return True
         except Exception as e:
             raise AutoSploitAPIConnectionError(str(e))

autosploit.py

@@ -1,5 +1,9 @@
 from autosploit.main import main
+from lib.output import error
 
 
 if __name__ == "__main__":
-    main()
+    try:
+        main()
+    except KeyboardInterrupt:
+        error("user aborted session")

autosploit/main.py

@@ -1,4 +1,6 @@
+import os
 import sys
+import ctypes
 import psutil
 import platform
 
@@ -19,11 +21,23 @@
     EXPLOIT_FILES_PATH,
     START_SERVICES_PATH
 )
-from lib.jsonize import load_exploits
+from lib.jsonize import (
+    load_exploits,
+    load_exploit_file
+)
 
 
 def main():
 
+    try:
+        is_admin = os.getuid() == 0
+    except AttributeError:
+        # we'll make it cross platform because it seems like a cool idea
+        is_admin = ctypes.windll.shell32.IsUserAnAdmin() != 0
+
+    if not is_admin:
+        close("must have admin privileges to run")
+
     opts = AutoSploitParser().optparser()
 
     logo()
@@ -73,8 +87,16 @@ def main():
         info("attempting to load API keys")
         loaded_tokens = load_api_keys()
         AutoSploitParser().parse_provided(opts)
-        misc_info("checking if there are multiple exploit files")
-        loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
+
+        if not opts.exploitFile:
+            misc_info("checking if there are multiple exploit files")
+            loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
+        else:
+            loaded_exploits = load_exploit_file(opts.exploitFile)
+            misc_info("Loaded {} exploits from {}.".format(
+                len(loaded_exploits),
+                opts.exploitFile))
+
         AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits)
     else:
         warning("no arguments have been parsed, defaulting to terminal session. press 99 to quit and help to get help")

dryrun_autosploit.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+
+if [[ $# -lt 1 ]]; then
+    echo "Syntax:"
+    echo -e "\t./dryrun_autosploit.sh <search_query> [whitelist]"
+	exit 1
+fi
+
+echo -e "[!] Make sure you are not on your localhost while running this script, press enter to continue";
+read
+
+WHITELIST=$2
+SEARCH_QUERY=$1
+LPORT=4444
+
+LHOST=`dig +short @resolver1.opendns.com myip.opendns.com`
+TIMESTAMP=`date +%s`
+
+
+if [ ! $WHITELIST ]; then
+  echo "executing: python autosploit.py -s -c -q \"${SEARCH_QUERY}\" --overwrite -C \"msf_autorun_${TIMESTAMP}\" $LHOST $LPORT --exploit-file-to-use etc/json/default_modules.json --dry-run -e"
+
+  python autosploit.py -s -c -q "${SEARCH_QUERY}" --overwrite -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT --exploit-file-to-use etc/json/default_modules.json --dry-run -e
+else
+  echo "executing: python autosploit.py -s -c -q \"${SEARCH_QUERY}\" --overwrite --whitelist $WHITELIST -e -C \"msf_autorun_${TIMESTAMP}\" $LHOST $LPORT --exploit-file-to-use etc/json/default_modules.json --dry-run -e"
+
+  python autosploit.py -s -c -q "${SEARCH_QUERY}" --overwrite --whitelist $WHITELIST -e -C "msf_autorun_${TIMESTAMP}" $LHOST $LPORT --exploit-file-to-use etc/json/default_modules.json --dry-run -e
+fi;

etc/json/default_fuzzers.json

@@ -0,0 +1,25 @@
+{
+  "exploits": [
+    "auxiliary/fuzzers/dns/dns_fuzzer",
+    "auxiliary/fuzzers/ftp/client_ftp",
+    "auxiliary/fuzzers/ftp/ftp_pre_post",
+    "auxiliary/fuzzers/http/http_form_field",
+    "auxiliary/fuzzers/http/http_get_uri_long",
+    "auxiliary/fuzzers/http/http_get_uri_strings",
+    "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer",
+    "auxiliary/fuzzers/smb/smb2_negotiate_corrupt",
+    "auxiliary/fuzzers/smb/smb_create_pipe",
+    "auxiliary/fuzzers/smb/smb_create_pipe_corrupt",
+    "auxiliary/fuzzers/smb/smb_negotiate_corrupt ",
+    "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt",
+    "auxiliary/fuzzers/smb/smb_tree_connect",
+    "auxiliary/fuzzers/smb/smb_tree_connect_corrupt",
+    "auxiliary/fuzzers/smtp/smtp_fuzzer",
+    "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt",
+    "auxiliary/fuzzers/ssh/ssh_version_15",
+    "auxiliary/fuzzers/ssh/ssh_version_2",
+    "auxiliary/fuzzers/ssh/ssh_version_corrupt",
+    "auxiliary/fuzzers/tds/tds_login_corrupt",
+    "auxiliary/fuzzers/tds/tds_login_username"
+  ]
+}

etc/json/default_modules.json

@@ -263,27 +263,6 @@
      "exploit/windows/smb/ipass_pipe_exec",
      "exploit/windows/smb/smb_relay",
      "auxiliary/sqli/oracle/jvm_os_code_10g",
-     "auxiliary/sqli/oracle/jvm_os_code_11g",
-     "auxiliary/fuzzers/dns/dns_fuzzer",
-     "auxiliary/fuzzers/ftp/client_ftp",
-     "auxiliary/fuzzers/ftp/ftp_pre_post",
-     "auxiliary/fuzzers/http/http_form_field",
-     "auxiliary/fuzzers/http/http_get_uri_long",
-     "auxiliary/fuzzers/http/http_get_uri_strings",
-     "auxiliary/fuzzers/ntp/ntp_protocol_fuzzer",
-     "auxiliary/fuzzers/smb/smb2_negotiate_corrupt",
-     "auxiliary/fuzzers/smb/smb_create_pipe",
-     "auxiliary/fuzzers/smb/smb_create_pipe_corrupt",
-     "auxiliary/fuzzers/smb/smb_negotiate_corrupt ",
-     "auxiliary/fuzzers/smb/smb_ntlm1_login_corrupt",
-     "auxiliary/fuzzers/smb/smb_tree_connect",
-     "auxiliary/fuzzers/smb/smb_tree_connect_corrupt",
-     "auxiliary/fuzzers/smtp/smtp_fuzzer",
-     "auxiliary/fuzzers/ssh/ssh_kexinit_corrupt",
-     "auxiliary/fuzzers/ssh/ssh_version_15",
-     "auxiliary/fuzzers/ssh/ssh_version_2",
-     "auxiliary/fuzzers/ssh/ssh_version_corrupt",
-     "auxiliary/fuzzers/tds/tds_login_corrupt",
-     "auxiliary/fuzzers/tds/tds_login_username"
+     "auxiliary/sqli/oracle/jvm_os_code_11g"
   ]
 }

etc/scripts/start_services.sh

@@ -1,11 +1,11 @@
 #!/bin/bash
 
 function startApacheLinux () {
-  sudo service apache2 start > /dev/null 2>&1
+  sudo systemctl start apache2 > /dev/null 2>&1
 }
 
 function startPostgreSQLLinux () {
-  sudo service postgresql start > /dev/null 2>&1
+  sudo systemctl start postgresql > /dev/null 2>&1
 }
 
 function startApacheOSX () {
@@ -24,8 +24,8 @@ function main () {
     startApacheOSX;
     startPostgreSQLOSX;
   else
-    echo "[*} invalid operating system";
+    echo "[*] invalid operating system";
   fi
 }
 
-main $@;
+main $@;