Merge branch 'dev-beta' into dev-beta

Author: ehlewis

Docker/README.md

@@ -1,5 +1,4 @@
-Docker deployment instructions
-=====
+# Docker deployment instructions
 
 ## tl;dr
 
@@ -24,19 +23,19 @@ docker build -t autosploit .
 docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit
 ```
 
-
 ## Abstract
 
-* Launching `Autosploit` as a Docker container makes it very easy to use the tool in a hosted cloud environment (AWS, Azure, ...)
-* Separate `postgres` database into individual service for data persistence and potential async updating of the database
-* Create a small bridge network ``haknet`` so the service discovery is automatic
-* Launch `postgres` and `Autosploit` container, both linked by `haknet`
-* Autosploit will automatically launch preconfigured `msfconsole` to the external `postgres` container through `haknet` transparent network
-* Total image size of Kali + Metasploit + Autosploit : 1.75GB
+- Launching `Autosploit` as a Docker container makes it very easy to use the tool in a hosted cloud environment (AWS, Azure, ...)
+- Separate `postgres` database into individual service for data persistence and potential async updating of the database
+- Create a small bridge network `haknet` so the service discovery is automatic
+- Launch `postgres` and `Autosploit` container, both linked by `haknet`
+- Autosploit will automatically launch preconfigured `msfconsole` to the external `postgres` container through `haknet` transparent network
+- Total image size of Kali + Metasploit + Autosploit : 1.75GB
 
 ## Deploy
 
-##### Step 1 - Create bridge network
+### Step 1 - Create bridge network
+
 This will enable the Metasploit Framework to talk to the `postgres` database using its hostname, making it abstract.
 
 A Tor Socks Proxy can also be added to perform transparent proxy when launching exploits (not for reverse shells though, obviously).
@@ -45,22 +44,23 @@ A Tor Socks Proxy can also be added to perform transparent proxy when launching
 docker network create -d bridge haknet
 ```
 
-##### Step 2 - Launch services
+### Step 2 - Launch services
 
 All automagically linked
 
-
-###### Step 2.1 - Launch postgres
+#### Step 2.1 - Launch postgres
 
 Launch a vanilla `postgres` service, linked to `haknet`
+
 ```bash
 docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres
 ```
-###### Step 2.2 - Launch Autosploit
+
+#### Step 2.2 - Launch Autosploit
 
 Launch `Autosploit`.
 
-This Dockerfile will copy the default database config to ```~/.msf4/database.yml```. You can edit the configuration file `database.yml` to your liking before building.
+This Dockerfile will copy the default database config to `~/.msf4/database.yml`. You can edit the configuration file `database.yml` to your liking before building.
 
 Please be aware that the first build will take some time (~10mn)
 

Docker/database.yml

@@ -1,12 +1,12 @@
 development: &pgsql
-  adapter: postgresql
-  database: postgres
-  username: postgres
-  password: s3cr3t
-  host: msfdb
-  port: 5432
-  pool: 200
-timeout: 5
+  adapter:   postgresql
+  database:  postgres
+  username:  postgres
+  password:  s3cr3t
+  host:      msfdb
+  port:      5432
+  pool:      200
+timeout:     5
 
-production: &production
-  <<: *pgsql
+production:  &production
+  <<:        *pgsql

Docker/docker-compose.yml

@@ -1,9 +1,9 @@
-version: '3'
+version:         '3'
 
 services:
   autosploit:
     build:
-      context: .
+      context:   .
     ports:
       - 80:80
       - 443:433
@@ -13,7 +13,7 @@ services:
     depends_on:
       - postgres
   postgres:
-    image: postgres
+    image:       postgres
     environment:
       - POSTGRES_PASSWORD=s3cr3t
     networks:
@@ -23,8 +23,7 @@ services:
 
 networks:
   haknet:
-    driver: bridge
+    driver:      bridge
 
 volumes:
   db:
-

README.md

@@ -1,6 +1,6 @@
 # AutoSploit
 
-As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; `Apache`, `IIS`, etc, upon which a list of candidates will be retrieved.                           
+As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically as well by employing the Shodan.io API. The program allows the user to enter their platform specific search query such as; `Apache`, `IIS`, etc, upon which a list of candidates will be retrieved.
 
 After this operation has been completed the 'Exploit' component of the program will go about the business of attempting to exploit these targets by running a series of Metasploit modules against them. Which Metasploit modules will be employed in this manner is determined by programmatically comparing the name of the module to the initial search query. However, I have added functionality to run all available modules against the targets in a 'Hail Mary' type of attack as well.
 
@@ -17,41 +17,54 @@ Clone the repo. Or deploy via Docker. Details for which can be found [here](http
 `git clone https://github.com/NullArray/AutoSploit.git`
 
 After which it can be started from the terminal with `python autosploit.py`. After which you can select one of five actions. Please see the option summary below.
+
 ```
 +------------------+----------------------------------------------------+
 |     Option       |                   Summary                          |
 +------------------+----------------------------------------------------+
-|1. Usage          | Display this informational message.                |
-|2. Gather Hosts   | Query Shodan for a list of platform specific IPs.  |
-|3. View Hosts     | Print gathered IPs/RHOSTS.                         |
-|4. Exploit        | Configure MSF and Start exploiting gathered targets|
-|5. Quit           | Exits AutoSploit.                                  |
+|1\. Usage          | Display this informational message.                |
+|2\. Gather Hosts   | Query Shodan for a list of platform specific IPs.  |
+|3\. View Hosts     | Print gathered IPs/RHOSTS.                         |
+|4\. Exploit        | Configure MSF and Start exploiting gathered targets|
+|5\. Quit           | Exits AutoSploit.                                  |
 +------------------+----------------------------------------------------+
 ```
+
 ## Available Modules
+
 The Metasploit modules available with this tool are selected for RCE. You can find them in the `modules.txt` file that is included in this repo. Should you wish to add more or other modules please do so in the following format.
+
 ```
-use exploit/linux/http/netgear_wnr2000_rce;exploit -j; 
+use exploit/linux/http/netgear_wnr2000_rce;exploit -j;
 ```
+
 With each new module on it's own line.
 
 ## Dependencies
+
 AutoSploit depends on the following Python2.7 modules.
+
 ```
 shodan
 blessings
 ```
+
 Should you find you do not have these installed get them with pip like so.
+
+```bash
+pip install shodan blessings
 ```
-pip install shodan
-pip install blessings
+
+or
+
+```bash
+pip install -r requirements.txt
 ```
-Since the program invokes functionality from the Metasploit Framework you need to have this installed also. 
-Get it from Rapid7 by clicking [here](https://www.rapid7.com/products/metasploit/).
+
+Since the program invokes functionality from the Metasploit Framework you need to have this installed also. Get it from Rapid7 by clicking [here](https://www.rapid7.com/products/metasploit/).
 
 ### Note
+
 While this isn't exactly a Beta release it is an early release nonetheless as such the tool might be subject to changes in the future. If you happen to encounter a bug or would like to contribute to the tool's improvement please feel free to [Open a Ticket](https://github.com/NullArray/AutoSploit/issues) or [Submit a Pull Request](https://github.com/NullArray/AutoSploit/pulls)
 
 Thanks.
-
-