Merge pull request #321 from NullArray/dev-beta

New Years Update.

Happy new year everyone!

Author: NullArray

.github/.translations/README-de.md

@@ -152,7 +152,7 @@ misc arguments:
 Falls du AutoSploit auf einem System mit macOS ausführen willst, musst du das Programm trotz der Kompatibilität mit macOS in einer virtuellen Maschine ausführen, sodass es erfolgreich ausgeführt werden kann. Um dies zu tun, sind folgende Schritte nötig;
 
 ```bash
-sudo -s << '_EOF' 
+sudo -s << '_EOF'
 pip2 install virtualenv --user
 git clone https://github.com/NullArray/AutoSploit.git
 virtualenv <PFAD-ZU-DEINER-ENV>
@@ -173,12 +173,13 @@ AutoSploit benötigt die folgenden Python 2.7 Module:
 ```
 requests
 psutil
+beautifulsoup4
 ```
 
 Wenn dir auffällt, dass du diese nicht installiert hast, kannst du sie über Pip installieren, wie nachfolgend gezeigt.
 
 ```bash
-pip install requests psutil
+pip install requests psutil beautifulsoup4
 ```
 
 oder

.github/.translations/README-fr.md

@@ -3,7 +3,7 @@
 Comme vous pouvez l'imaginer au vu du nom de ce projet, AutoSploit automatise l'exploitation d'hôtes distantes connectées à internet. Les adresses des hôtes à attaquer sont collectées automatiquement grâce à l'aide de Shodan, Censys et Zoomeye. Vous pouvez également utiliser vos propres listes de cibles.
 Les modules Metasploit disponibles ont été sélectionnés afin de faciliter l'obtention d'exécution de code à distance ( Remote Code Execution, ou RCE ), qui permettent ensuite de créer des sessions terminal inversées ( reverse shell ) ou meterpreter ( via metasploit ).
 
-**Ne soyez pas stupides** 
+**Ne soyez pas stupides**
 
 Recevoir les connexions de vos victimes directement sur votre ordinateur n'est pas vraiment une bonne idée. Vous devriez considérer l'option de dépenser quelques euros dans un VPS ( ou VPN ).
 
@@ -127,12 +127,13 @@ AutoSploit exige la présence des modules Python2.7 suivants.
 ```
 requests
 psutil
+beautifulsoup4
 ```
 
 Si vous ne les avez pas, vous pouvez les installer avec les commandes ci-dessous ( dans le dossier d'AutoSploit ):
 
 ```bash
-pip install requests psutil
+pip install requests psutil beautifulsoup4
 ```
 
 ou

Docker/Dockerfile

@@ -1,17 +1,23 @@
 FROM kalilinux/kali-linux-docker
 
-RUN apt update && apt install -y postgresql \
-								 apache2 \
-								 python-pip \
-								 python-dev \
-								 build-essential \
-								 git \
-								 metasploit-framework
+RUN apt update \
+ && apt install -y \
+			apache2 \
+			build-essential \
+			git \
+			metasploit-framework \
+			postgresql \
+			python-dev \
+			python-pip
+
+RUN git clone https://github.com/NullArray/AutoSploit.git \
+ && pip install -r AutoSploit/requirements.txt
 
-RUN git clone https://github.com/NullArray/AutoSploit.git && pip install requests psutil
 COPY database.yml /root/.msf4/database.yml
+
 WORKDIR AutoSploit
+
 EXPOSE 80 443 4444
 
 ENTRYPOINT ["python", "autosploit.py"]
-#ENTRYPOINT ["bash"]
+# ENTRYPOINT ["bash"]

api_calls/censys.py

@@ -24,7 +24,7 @@ def __init__(self, identity=None, token=None, query=None, proxy=None, agent=None
         self.host_file = HOST_FILE
         self.save_mode = save_mode
 
-    def censys(self):
+    def search(self):
         """
         connect to the Censys API and pull all IP addresses from the provided query
         """

api_calls/shodan.py

@@ -25,7 +25,7 @@ def __init__(self, token=None, query=None, proxy=None, agent=None, save_mode=Non
         self.host_file = HOST_FILE
         self.save_mode = save_mode
 
-    def shodan(self):
+    def search(self):
         """
         connect to the API and grab all IP addresses associated with the provided query
         """

api_calls/zoomeye.py

@@ -54,7 +54,7 @@ def __get_auth(self):
         token = json.loads(req.content)
         return token
 
-    def zoomeye(self):
+    def search(self):
         """
         connect to the API and pull all the IP addresses that are associated with the
         given query

autosploit/main.py

@@ -69,9 +69,7 @@ def main():
                     )
                     if choice.lower().startswith("y"):
                         try:
-                            if "darwin" in platform_running.lower():
-                                cmdline("{} darwin".format(START_SERVICES_PATH))
-                            elif "linux" in platform_running.lower():
+                            if "linux" in platform_running.lower():
                                 cmdline("{} linux".format(START_SERVICES_PATH))
                             else:
                                 close("your platform is not supported by AutoSploit at this time", status=2)
@@ -111,16 +109,12 @@ def main():
 
             AutoSploitParser().single_run_args(opts, loaded_tokens, loaded_exploits)
         else:
-            warning(
-                "no arguments have been parsed, defaulting to terminal session. "
-                "press 99 to quit and type `help` to view the help menus"
-            )
             misc_info("checking if there are multiple exploit files")
             loaded_exploits = load_exploits(EXPLOIT_FILES_PATH)
             info("attempting to load API keys")
             loaded_tokens = load_api_keys()
-            terminal = AutoSploitTerminal(loaded_tokens)
-            terminal.terminal_main_display(loaded_exploits)
+            terminal = AutoSploitTerminal(loaded_tokens, loaded_exploits)
+            terminal.terminal_main_display(loaded_tokens)
     except Exception as e:
         import traceback
 

etc/scripts/start_services.sh

@@ -11,21 +11,10 @@ function startPostgreSQLLinux () {
   sudo systemctl start postgresql > /dev/null 2>&1
 }
 
-function startApacheOSX () {
-  sudo apachectl start > /dev/null 2>&1
-}
-
-function startPostgreSQLOSX () {
-  brew services restart postgresql > /dev/null 2>&1
-}
-
 function main () {
   if [ $1 == "linux" ]; then
     startApacheLinux;
     startPostgreSQLLinux;
-  elif [ $1 == "darwin" ]; then
-    startApacheOSX;
-    startPostgreSQLOSX;
   else
     echo "[*] invalid operating system";
   fi

etc/text_files/gen

@@ -0,0 +1,18 @@
+Usage of AutoSploit for attacking targets without prior mutual consent is illegal in pretty much every sense of the word. It is the
+end user's responsibility to obey all applicable local, state, and federal laws. Developers assume no liability and are not responsible
+for any misuse or damage caused by this program or any component thereof. 
+
+Developers do not encourage nor condone any illegal activity;
+
+In OffSec/RedTeam engagements it is important however to mind your operational security. With that in mind, please consider the following:
+
+ - Use AutoSploit on a VPS through a proxy(chain) or Tor
+ - Keep calm and wipe/data-poison the logs or use tools to do so
+ - Never connect from your local IP address
+ - Keep a low profile, AutoSploit is loud
+
+
+In closing, knowledge is not illegal and anybody that tells you learning is wrong is a fool.
+Get as much out of this program as we got from writing it. Remember though, common sense and a sense of ethics go a long way.
+
+Thank you.

lib/banner.py

@@ -1,7 +1,7 @@
 import os
 import random
 
-VERSION = "2.2.3"
+VERSION = "3.0"
 
 
 def banner_1(line_sep="#--", space=" " * 30):

lib/cmdline/cmd.py

@@ -141,7 +141,25 @@ def single_run_args(opt, keys, loaded_modules):
                     "You should take this ethical lesson into consideration "
                     "before you continue with the use of this tool:\n\n{}\n".format(ethic))
         if opt.downloadModules is not None:
-            print "downloading MODULES!"
+            import re
+
+            modules_to_download = opt.downloadModules
+            links_list = "{}/etc/text_files/links.txt".format(lib.settings.CUR_DIR)
+            possibles = open(links_list).readlines()
+            for module in modules_to_download:
+                searcher = re.compile("{}".format(module))
+                for link in possibles:
+                    if searcher.search(link) is not None:
+                        filename = lib.settings.download_modules(link.strip())
+                        download_filename = "{}.json".format(link.split("/")[-1].split(".")[0])
+                        download_path = "{}/etc/json".format(os.getcwd())
+                        current_files = os.listdir(download_path)
+                        if download_filename not in current_files:
+                            full_path = "{}/{}".format(download_path, download_filename)
+                            lib.jsonize.text_file_to_dict(filename, filename=full_path)
+                            lib.output.info("downloaded into: {}".format(download_path))
+                        else:
+                            lib.output.warning("file already downloaded, skipping")
         if opt.exploitList:
             try:
                 lib.output.info("converting {} to JSON format".format(opt.exploitList))
@@ -169,33 +187,33 @@ def single_run_args(opt, keys, loaded_modules):
                 keys["censys"][1], keys["censys"][0],
                 opt.searchQuery, proxy=headers[0], agent=headers[1],
                 save_mode=search_save_mode
-            ).censys()
+            ).search()
         if opt.searchZoomeye:
             lib.output.info(single_search_msg.format("Zoomeye"))
             api_searches[0](
                 opt.searchQuery, proxy=headers[0], agent=headers[1],
                 save_mode=search_save_mode
-            ).zoomeye()
+            ).search()
         if opt.searchShodan:
             lib.output.info(single_search_msg.format("Shodan"))
             api_searches[1](
                 keys["shodan"][0], opt.searchQuery, proxy=headers[0], agent=headers[1],
                 save_mode=search_save_mode
-            ).shodan()
+            ).search()
         if opt.searchAll:
             lib.output.info("searching all search engines in order")
             api_searches[0](
                 opt.searchQuery, proxy=headers[0], agent=headers[1],
                 save_mode=search_save_mode
-            ).zoomeye()
+            ).search()
             api_searches[1](
                 keys["shodan"][0], opt.searchQuery, proxy=headers[0], agent=headers[1],
                 save_mode=search_save_mode
-            ).shodan()
+            ).search()
             api_searches[2](
                 keys["censys"][1], keys["censys"][0], opt.searchQuery, proxy=headers[0], agent=headers[1],
                 save_mode=search_save_mode
-            ).censys()
+            ).search()
         if opt.startExploit:
             hosts = open(lib.settings.HOST_FILE).readlines()
             if opt.whitelist:

lib/creation/issue_creator.py

@@ -1,4 +1,5 @@
 import re
+import os
 import sys
 import json
 import platform
@@ -165,5 +166,9 @@ def request_issue_creation(path, arguments, error_message):
             lib.output.error(
                 "someone has already created this issue here: {}".format(find_url(identifier))
             )
+        try:
+            os.remove(path)
+        except:
+            pass
     else:
         lib.output.info("the issue has been logged to a file in path: '{}'".format(path))

lib/exploitation/exploiter.py

@@ -29,7 +29,7 @@ def whitelist_wash(hosts, whitelist_file):
                     washed_hosts.append(host)
 
         return washed_hosts
-    except Exception:
+    except IOError:
         lib.output.warning("unable to whitewash host list, does the file exist?")
         return hosts
 
@@ -78,7 +78,11 @@ def start_exploit(self, sep="*" * 10):
 
         today_printable = datetime.datetime.today().strftime("%Y-%m-%d_%Hh%Mm%Ss")
         current_run_path = path.join(lib.settings.RC_SCRIPTS_PATH, today_printable)
-        makedirs(current_run_path)
+        try:
+            makedirs(current_run_path)
+        except OSError:
+            current_run_path = path.join(lib.settings.RC_SCRIPTS_PATH, today_printable + "(1)")
+            makedirs(current_run_path)
 
         report_path = path.join(current_run_path, "report.csv")
         with open(report_path, 'w') as f:
@@ -127,14 +131,14 @@ def start_exploit(self, sep="*" * 10):
                     "set rhost {rhost}\n"
                     "set rhosts {rhosts}\n"
                     "run -z\n"
-                    "exit\n"
+                    "exit -y\n"
                 )
 
-                module_name=mod.strip()
-                workspace=self.configuration[0]
-                lhost=self.configuration[1]
-                lport=self.configuration[2]
-                rhost=host.strip()
+                module_name = mod.strip()
+                workspace = self.configuration[0]
+                lhost = self.configuration[1]
+                lport = self.configuration[2]
+                rhost = host.strip()
 
                 current_rc_script_path = path.join(current_host_path, mod.replace("/", '-').strip())
                 with open(current_rc_script_path, 'w') as f:

lib/jsonize.py

@@ -58,7 +58,7 @@ def load_exploits(path, node="exploits"):
             try:
                 selected_file = file_list[int(action) - 1]
                 selected = True
-            except Exception:
+            except Except:
                 lib.output.warning("invalid selection ('{}'), select from below".format(action))
                 selected = False
     else: