TACTICAL CYBER INTELLIGENCE REPORT
Actor Type: II
Serial: TR-18-059-001
Countries: CN, IN
Report Date: 20180215
AutoSploit – Mass Automated Exploitation Tool
AutoSploit attempts to automate the exploitation of remote hosts. Targets are collected automatically by employing the Shodan.io API. The AutoSploit program allows a user to enter a targeted operating platform’s specific search query such as: Apache, IIS, etc, - upon which a list of candidates will be obtained.[1] This exploit tool can be troublesome for networks that do not employ sound cyber security practices.
Installation and Setup
A user can install AutoSploit on a Linux machine by using the following commands:
To configure it:
To get the API key, login to https://shodan.io. If you do not have an account, you must create one. To get API key go to Account Overview:
Working
The usage of this tool is very simple. To use it, browse to the directory and enter: python autosploit.py
The first step is to gather hosts and use the “Gather Hosts” option:
Hosts can be viewed from the file. To exploit the hosts, use the Exploit option and make the necessary settings:
The tool will start automatic exploitation of vulnerable hosts.
Impact
This tool allows script kiddies and amateur hackers to automatically launch attacks on machines and exploit them if they are vulnerable. This greatly increases the risk on public facing machines.
Mitigation and Prevention Strategies
Our customers should perform the following steps in order to prevent such attacks and possible compromise:
- Install the latest patches and always keep the OS and running software up to date (very important)
- Critical servers should always be placed behind a firewall
- Install antivirus and malware protection software on all servers
For questions or comments regarding this report, please contact the lab directly by at 603-606-1246, or feedback@wapacklabs.com
Comments