CyberWisdom Safe Harbor Commentary on AutoSploit Tool
AutoSploit Tool Explained
AutoSploit brings together several different hacks of tools and workflows into one package. Often, a hacker may need to find a server or other target; check if the target is vulnerable to any possible exploits; and then launch a successful attack.
On the other hand, AutoSploit combines Internet device search engines Shodan and Metasploit, a well-known penetration testing tool to perform vulnerability attacks.
“Basically you started the tool and then typed in a search query like” apache “,” Vector tells the board in Twitter to refer to the popular Web server software. Later, the tool uses the Shodan API to find computers that are described as “apache” on Shodan.
“After that, load and sort the list of Metasploit modules based on your search query, and once you have chosen the right module, it will start to run them sequentially on the list of targets you’ve got,” they added.
It can be said that this tool reduces hacker barriers to entry because hackers may not have the ability to immediately target a large number of machines. This has given AutoSploit some criticism in the area of information security.
“There’s no need to release this, and the connection with Shodan makes the issue even more prominent,” said Richard Bejtlich, a longtime security expert, who posted Twitter tweets on Twitter.
“There is no good reason to develop a public system on a large scale within the playboy, and it’s not wise to do just because you can do something that will end in tears,” he added. However, vectors are not alarmed.
He added: “I saw these comments too. What I mean is that the same criticism can be applied to anyone who releases their assault tools.
“I personally think that the information should be free, I am an open source fan, why?”
Hacking isn’t always hard. Some lower-tier hackers use programs to automatically churn through breached login details to break into other accounts, and some penetration testing tools are designed to streamline processes so hackers can get to the more interesting stuff as quickly as possible. Enter AutoSploit, a program which takes that idea of efficient hacking, but severely ramps up the potential for damage by automating pretty much everything, including the process of finding a vulnerable target to attack. “As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts,” the tool’s Github page reads. Pseudonymous security researcher and AutoSploit creator Vector shared the tool on Twitter on Wednesday. In short, AutoSploit simply brings together several different tools and workflows for hackers into one package. Usually, a hacker might have to find a server or other target; check whether the target is vulnerable to whatever exploit they may have; and then deliver the attack successfully. AutoSploit on the other hand, combines Shodan, a sort-of search engine for internet-connected devices, and Metasploit, a well-known penetration testing tool for executing of exploits. “Basically you start the tool, and enter a search query, something like ‘apache’,” Vector told Motherboard in a… Engaging post, Read More…
thumbnail courtesy of motherboard.vice.com
New click-to-hack tool: One script to exploit them all and in the darkness TCP bind them
Auto-pwn code glues device search engine Shodan to Metasploit weapons cache Python code has emerged that automatically searches for vulnerable devices online using Shodan.io – and then uses Metasploit’s database of exploits to potentially hijack the computers and gadgets.…… New click-to-hack tool: One script to exploit them all and in the darkness TCP bind them
If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post »