AutoSploit Developer Improves Metasploit Penetration Testing

The Metasploit Framework has existed in some form or another since H.D. Moore first developed the application in 2003. It’s very popular penetration testing software, and Rapid7 saw its potential when they bought the Metasploit Project in 2009. Over 1,600 exploits and nearly 500 payloads have been developed for use in the Framework which target a plethora of operating systems and applications. As of 2018, Metasploit Framework is free and opensource, and Metasploit Pro is paid software with commercial support.

On January 30th, VectorSEC announced on Twitter that they developed AutoSploit, a Python script for Metasploit. It does what it’s named to do: it automates Metasploit sessions. It has been released on GitHub as opensource software under the GPL v3.0 license.

Here’s a description from the README file on GitHub:

“As the name might suggest, AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API… the ‘Exploit’ component of the program will go about the business of attempting to exploit these targets by running a series of Metasploit modules against them. Which Metasploit modules will be employed in this manner is determined by programmatically comparing the name of the module to the initial search query. However, I have added functionality to run all available modules against the targets in a ‘Hail Mary’ type of attack as well…”

AutoSploit sounds like an exciting new tool for network vulnerability testers, so I asked VectorSEC (VS) a few questions about it.

I asked about the development process:

VS: “I am a fan of automation and programming in general. I wanted to see if I could make Metasploit even easier to use so I did. I didn’t exactly keep count of how long it took to develop, but (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Blog. Read the original post at: Cylance Blog