you are now able to download modules, see the etc/text_files/links.txt file for links to the mods

Author: ekultek

autosploit/main.py

@@ -18,6 +18,7 @@
     check_services,
     cmdline,
     close,
+    download_modules_list,
     EXPLOIT_FILES_PATH,
     START_SERVICES_PATH
 )
@@ -40,6 +41,16 @@ def main():
 
     opts = AutoSploitParser().optparser()
 
+    if opts.downloadModules is not None:
+        info("downloading modules")
+        for search in opts.downloadModules:
+            downloaded = download_modules_list(search)
+            info("downloaded {} file(s)".format(len(downloaded)))
+            for f in downloaded:
+                print("=> {}".format(f))
+        info("new exploit paths have been added to JSON files, re-run autosploit to access them")
+        exit(1)
+
     logo()
     info("welcome to autosploit, give us a little bit while we configure")
     misc_info("checking your running platform")
@@ -73,7 +84,7 @@ def main():
                 except psutil.NoSuchProcess:
                     pass
             else:
-                process_start_command = "`sudo systemctl {} start`"
+                process_start_command = "`sudo service {} start`"
                 if "darwin" in platform_running.lower():
                     process_start_command = "`brew services start {}`"
                 close(

etc/text_files/links.txt

@@ -0,0 +1,12 @@
+https://gist.githubusercontent.com/Ekultek/f51e6d61817721aa9341a1f1e66d3602/raw/82dfa8234d2f744c99bc277a1c73efc39770cff6/wordpress_exploits.txt
+https://gist.githubusercontent.com/Ekultek/76202c6fa170d6da501da5ab303f01f0/raw/da5205919f1a47f2ccc9c75ab26e1456ad91d3d4/all_exploits.txt
+https://gist.githubusercontent.com/Ekultek/e04f27632d40bf10da338b61b8416f95/raw/8c949dd2aa8047ded828b1220e13101b6f28d9ab/linux_exploits.txt
+https://gist.githubusercontent.com/Ekultek/d4658fe488f9edafe2b2edc1910e1983/raw/13c21c0ed20b4b10df79b93566fdd111df77f1ed/windows_exploits.txt
+https://gist.githubusercontent.com/Ekultek/219036c05e21d8352b4181cbe3df5f4f/raw/0e907b387fa2b35dc75cb94120172155d8d3eb3e/smb_exploits.txt
+https://gist.githubusercontent.com/Ekultek/066e1c9285f2a60d2b7103b4d1972864/raw/03d06809a3d79d51f19e3d0c77fb9783f961c485/samba_exploits.txt
+https://gist.githubusercontent.com/Ekultek/e9a5c7d37fc58b77bed241d8f2811e8a/raw/789839b93c2c8ce7cc6240cafedfa8e30c2ae4e1/all_rce_exploits.txt
+https://gist.githubusercontent.com/Ekultek/c69a01e688ed1739d9e572722ea37ed5/raw/63ead0225784de9389059745b1c869face015d7c/2018_rce_exploits.txt
+https://gist.githubusercontent.com/Ekultek/6d1d2d0a83715cb0314fead1ff2768a1/raw/b4fb17df1c3c09464741547ccff674262168a015/excellent_exploits.txt
+https://gist.githubusercontent.com/Ekultek/4a06da7d69f8f7f24542f7e978ad67a5/raw/5623ac8b9e4dc8e246e013dc7d7e2b5a31948d78/os_command_exploits.txt
+https://gist.githubusercontent.com/Ekultek/2d7e0d98b37b1d06676d409fe0c5b899/raw/f4fe9b3c400dcf86a8147fd903a6ee13e3fbe5f5/buffer_overflow_exploit.txt
+https://gist.githubusercontent.com/Ekultek/fdac157e66b82fea3075d2149e9aa1d3/raw/c5002d9c9e2918084e16b83fc1a9af06cf26bd05/osx_exploits.txt

lib/banner.py

@@ -1,14 +1,7 @@
 import os
 import random
 
-VERSION = "2.2"
-COLOR_CODEX = {
-    "red": "\033[31m", "bright red": "\033[1m\033[31m",
-    "blue": "\033[36m", "bright blue": "\033[1m\033[36m",
-    "green": "\033[32m", "bright green": "\033[1m\033[32m",
-    "grey": "\033[37m", "white": "\033[1m\033[38m",
-    "end": "\033[0m"
-}
+VERSION = "2.2.1"
 
 
 def banner_1(line_sep="#--", space=" " * 30):
@@ -32,11 +25,9 @@ def banner_2():
 {blue}--+{end}            {red}AutoSploit{end}            {blue}+--{end}
 {blue}--+{end}           NullArray/Eku          {blue}+--{end}
 {blue}--+{end}{minor_space2}             v({red}{vnum}{end}){minor_space}             {blue}+--{end}
-    """.format(
-        vnum=VERSION, blue=COLOR_CODEX["blue"], red=COLOR_CODEX["red"], end=COLOR_CODEX["end"],
-        minor_space=" " * 1 if len(VERSION) == 3 else "",
-        minor_space2=" " * 1 if len(VERSION) == 3 else ""
-    )
+    """.format(vnum=VERSION, blue="\033[36m", red="\033[31m", end="\033[0m",
+               minor_space=" " * 1 if len(VERSION) == 3 else "",
+               minor_space2=" " * 1 if len(VERSION) == 3 else "")
     return banner
 
 
@@ -66,11 +57,11 @@ def banner_3():
                      |  /            |  |
                      \  \__          |   \__
                      /\____=\       /\_____=\{end} v({vnum})'''''.format(
-        green=COLOR_CODEX["bright green"], end=COLOR_CODEX["end"], vnum=VERSION
+        green="\033[1m\033[32m", end="\033[0m", vnum=VERSION
     )
     return banner
 
-    
+
 def banner_4():
     banner = r"""
 {red}    .__.    ,     __.   .     , 	{end}
@@ -90,10 +81,8 @@ def banner_4():
 {blue}-----+       v({red}{vnum}{end}{blue}){spacer}+-----{end}
 {blue}-----------NullArray/Eku----------{end}	  
 {blue}__________________________________{end}
-    """.format(
-        vnum=VERSION, blue=COLOR_CODEX["blue"], red=COLOR_CODEX["red"], end=COLOR_CODEX["end"],
-       spacer=" " * 9 if len(VERSION) == 3 else " " * 7
-    )
+    """.format(vnum=VERSION, blue="\033[36m", red="\033[31m", end="\033[0m",
+               spacer=" " * 9 if len(VERSION) == 3 else " " * 7)
     return banner
 
 
@@ -114,50 +103,7 @@ def banner_5():
    {grey}|       |{end}
    {grey}`-.___.-'{end}
    v({red}{version}{end})
-    """.format(
-        end=COLOR_CODEX["end"], grey=COLOR_CODEX["grey"], white=COLOR_CODEX["white"],
-        version=VERSION, red=COLOR_CODEX["red"]
-    )
-    return banner
-
-
-def banner_6():
-    banner = r"""{red}
-  ________              _____  _____.__  __  .__      
- /  _____/___________ _/ ____\/ ____\__|/  |_|__|     
-/   \  __\_  __ \__  \\   __\\   __\|  \   __\  |     
-\    \_\  \  | \// __ \|  |   |  |  |  ||  | |  |     
- \______  /__|  (____  /__|   |__|  |__||__| |__|     
-        \/           \/{end}{green}                               
-___________.__                                        
-\__    ___/|  |__   ____                              
-  |    |   |  |  \_/ __ \                             
-  |    |   |   Y  \  ___/                             
-  |____|   |___|  /\___  >                            
-                \/     \/{blue}
- __      __            .__       .___                 
-/  \    /  \___________|  |    __| _/                 
-\   \/\/   /  _ \_  __ \  |   / __ |                  
- \        (  <_> )  | \/  |__/ /_/ |                  
-  \__/\  / \____/|__|  |____/\____ |                  
-       \/                         \/{end}{grey}     
- __      __.__  __  .__                               
-/  \    /  \__|/  |_|  |__                            
-\   \/\/   /  \   __\  |  \                           
- \        /|  ||  | |   Y  \                          
-  \__/\  / |__||__| |___|  /                          
-       \/                \/{end}{white}                           
-___________              .__         .__  __          
-\_   _____/__  _________ |  |   ____ |__|/  |_  ______
- |    __)_\  \/  /\____ \|  |  /  _ \|  \   __\/  ___/
- |        \>    < |  |_> >  |_(  <_> )  ||  |  \___ \ 
-/_______  /__/\_ \|   __/|____/\____/|__||__| /____  >
-        \/      \/|__|                             \/ {end}
-{white}v{version}->NullArray/Eku{end}""".format(
-        end=COLOR_CODEX["end"], grey=COLOR_CODEX["grey"], white=COLOR_CODEX["white"],
-        version=VERSION, red=COLOR_CODEX["bright red"], green=COLOR_CODEX["bright green"],
-        blue=COLOR_CODEX["bright blue"]
-    )
+    """.format(end="\033[0m", grey="\033[36m", white="\033[37m", version=VERSION, red="\033[31m")
     return banner
 
 
@@ -166,7 +112,7 @@ def banner_main():
     grab a random banner each run
     """
     banners = [
-        banner_6, banner_5, banner_4,
+        banner_5, banner_4,
         banner_3, banner_2, banner_1
     ]
     if os.getenv("Graffiti", False):

lib/cmdline/cmd.py

@@ -43,8 +43,7 @@ def optparser():
                         help="search all available search engines to gather hosts")
         save_results_args = se.add_mutually_exclusive_group(required=False)
         save_results_args.add_argument("-O", "--overwrite", action="store_true", dest="overwriteHosts",
-                                       help="When specified, start from scratch by overwriting the host "
-                                            "file with new search results.")
+                        help="When specified, start from scratch by overwriting the host file with new search results.")
         save_results_args.add_argument("-A", "--append", action="store_true", dest="appendHosts",
                                        help="When specified, append discovered hosts to the host file.")
 
@@ -78,7 +77,9 @@ def optparser():
         misc.add_argument("--ethics", action="store_true", dest="displayEthics",
                           help=argparse.SUPPRESS)  # easter egg!
         misc.add_argument("--whitelist", metavar="PATH", dest="whitelist",
-                          help="only exploit hosts listed in the whitelist file")
+                             help="only exploit hosts listed in the whitelist file")
+        misc.add_argument("-D", "--download", nargs="+", metavar="SEARCH1 SEARCH2 ...", dest="downloadModules",
+                          help="download new exploit modules with a provided search flag")
         opts = parser.parse_args()
         return opts
 
@@ -139,6 +140,8 @@ def single_run_args(opt, keys, loaded_modules):
                 lib.settings.close(
                     "You should take this ethical lesson into consideration "
                     "before you continue with the use of this tool:\n\n{}\n".format(ethic))
+        if opt.downloadModules is not None:
+            print "downloading MODULES!"
         if opt.exploitList:
             try:
                 lib.output.info("converting {} to JSON format".format(opt.exploitList))

lib/jsonize.py

@@ -48,17 +48,9 @@ def load_exploits(path, node="exploits"):
     """
     retval = []
     file_list = os.listdir(path)
-    exploit_files = []
     if len(file_list) != 1:
+        lib.output.info("total of {} exploit files discovered for use, select one:".format(len(file_list)))
         for i, f in enumerate(file_list, start=1):
-            # we're going to go ahead and make sure that the file is not a directory
-            # this will allow us to create directories and fill them with JSON data
-            # in the future
-            if os.path.isfile(os.path.join(path, f)):
-                exploit_files.append(f)
-        # after we've done that, we'll go ahead and continue with what we where doing
-        lib.output.info("total of {} exploit files discovered for use, select one:".format(len(exploit_files)))
-        for i, f in enumerate(exploit_files, start=1):
             print("{}. '{}'".format(i, f[:-5]))
         action = raw_input(lib.settings.AUTOSPLOIT_PROMPT)
         selected_file = file_list[int(action) - 1]
@@ -77,7 +69,7 @@ def load_exploits(path, node="exploits"):
     return retval
 
 
-def text_file_to_dict(path):
+def text_file_to_dict(path, filename=None):
     """
     take a text file path, and load all of the information into a `dict`
     send that `dict` into a JSON format and save it into a file. it will
@@ -89,7 +81,10 @@ def text_file_to_dict(path):
         for exploit in exploits.readlines():
             # load everything into the dict
             start_dict["exploits"].append(exploit.strip())
-    filename_path = "{}/etc/json/{}.json".format(os.getcwd(), random_file_name())
+    if filename is None:
+        filename_path = "{}/etc/json/{}.json".format(os.getcwd(), random_file_name())
+    else:
+        filename_path = filename
     with open(filename_path, "a+") as exploits:
         # sort and indent to make it look pretty
         _data = json.dumps(start_dict, indent=4, sort_keys=True)

lib/settings.py

@@ -31,8 +31,12 @@
 # one bash script to rule them all takes an argument via the operating system
 START_SERVICES_PATH = "{}/etc/scripts/start_services.sh".format(CUR_DIR)
 
+# rc script path
 RC_SCRIPTS_PATH = "{}/autosploit_out/".format(CUR_DIR)
 
+# links to all the downloadable modules
+MODULE_DOWNLOAD_LINKS = "{}/etc/text_files/links.txt".format(CUR_DIR)
+
 # path to the file that will contain our query
 QUERY_FILE_PATH = tempfile.NamedTemporaryFile(delete=False).name
 
@@ -293,3 +297,50 @@ def configure_requests(proxy=None, agent=None, rand_agent=False):
         }
 
     return proxy_dict, header_dict
+
+
+def download_modules_list(search_string):
+    """
+    download msf exploit module paths
+    """
+    import re
+    import requests
+    import lib.jsonize
+    try:
+        from bs4 import BeautifulSoup
+    except ImportError:
+        close("in order to install modules you will need to install BeautifulSoup: `pip install beautifulsoup4`")
+
+    related = []
+    downloaded_files = []
+
+    with open(MODULE_DOWNLOAD_LINKS) as downloads:
+        for link in downloads.readlines():
+            if search_string == "all":
+                related.append(link.strip())
+            else:
+                searcher = re.compile(search_string, re.I)
+                discovered = searcher.findall(link)
+                if len(discovered) != 0:
+                    related.append(link.strip())
+    lib.output.info("discovered a total of {} relevant file(s)".format(len(related)))
+    for link in related:
+        filepath = "{}/{}".format(EXPLOIT_FILES_PATH, link.split("/")[-1].replace(".txt", ".json"))
+        if not os.path.exists(filepath):
+            req = requests.get(link)
+            random_temp_file_for_download = "/tmp/{}.AS".format(lib.jsonize.random_file_name())
+            raw_content = req.content
+            with open(random_temp_file_for_download, "a+") as tmp:
+                raw_exploits = raw_content.split("\n")
+                length = len(raw_exploits)
+                lib.output.info("downloading a total of {} module paths".format(length))
+                for i, line in enumerate(raw_exploits):
+                    tmp.write(line.split(" ")[3] + os.linesep)
+                tmp.seek(0)
+            lib.jsonize.text_file_to_dict(random_temp_file_for_download, filename=filepath)
+            lib.output.misc_info("removing created tmp file: '{}'".format(random_temp_file_for_download))
+            os.remove(random_temp_file_for_download)
+            downloaded_files.append(filepath)
+        else:
+            lib.output.warning("file: '{}' already exists, skipping".format(filepath))
+    return downloaded_files

lib/term/terminal.py

@@ -1,10 +1,8 @@
 import os
 import sys
-import tempfile
 
 import lib.settings
 import lib.output
-import lib.errors
 import lib.exploitation.exploiter
 import api_calls.shodan
 import api_calls.zoomeye
@@ -242,6 +240,7 @@ def exploit_gathered_hosts(self, loaded_mods, hosts=None):
         except AttributeError:
             lib.output.warning("unable to sort modules by relevance")
 
+
     def custom_host_list(self, mods):
         """
         provided a custom host list that will be used for exploitation
@@ -312,11 +311,11 @@ def __config_headers():
                             with open(lib.settings.QUERY_FILE_PATH, "w") as _query:
                                 _query.write(query)
                         except AttributeError:
+                            import tempfile  # oooops
                             filename = tempfile.NamedTemporaryFile(delete=False).name
                             with open(filename, "w") as _query:
                                 _query.write(query)
                                 lib.settings.QUERY_FILE_PATH = filename
-                        print lib.settings.QUERY_FILE_PATH
                         proxy, agent = __config_headers()
                         # possibly needs to change here (see TODO[2])
                         self.gather_hosts(query, proxy=proxy, agent=agent)