top of page
OTW

Metasploit Basics, Part 18: Marrying the Power of Shodan with Metasploit

Updated: Dec 31, 2022


Welcome back my rookie hackers!

Every so often, I run across a new hacking tool that really gets me excited. Autosploit is one of those!

Autosploit combines the power of two of my favorite tools, Shodan and Metasploit! AutoSploit uses Shodan to find specific targets based upon their banners and then Metasploit to automate the use of powerful exploits. This enables you to search the entire Internet for specific target types and then use the appropriate Metasploit module against that target.

Step #: Download and Install AutoSploit

The first step is to download AutoSploit. You get can get it from github.com and clone it to our system. I'm using Kali as my operating system.

Next, let's navigate to our new AutoSploit directory.

We now need to install the dependencies, in this case shodan and blessings from pip.

kali > pip install shodan

kali > pip install blessings

Step #2 Start AutoSploit

Now, we are ready to run AutoSploit. Simply precede the python script, autosploit, with the word python and Voila!, autosploit pops open with its signature "Nuclear Option" splash screen.

kali > python autosploit.py

If the services that AutoSploit requires (Apache and postgresql) are not running, it will prompt you to start them.

Enter "Y".

You will then be asked whether you want to use the default modules (1) or the default fuzzers (2).

Select default modules or "2".

AutoSploit now prompts you for your API keys from Shodan and Censys. We will only be using Shodan here. Retrieve your API from Shodan and enter it here.

Step #3 Retrieving Your Shodan API

You can get your API key from Shodan by creating an account and then clicking on My Account.

This will open a screen displaying your API. This is the number you will need for AutoSploit to function properly.

Copy and paste that API key into AutoSploit when prompted. Now you are ready to use AutoSploit!

Step #4 Gathering Hosts from Shodan

After entering the API key, let's take a look at AutoSploit's help screen

As we can see, AutoSploit offers us 5 choices. Let's gather hosts first and enter 2.

Next, AutoSploit will prompt you for the search query that will be entered into Shodan, Zoomeye or Censys.

Here I have entered the old Microsoft web server IIS5. You should enter whatever type of system you are looking for. Remember, Shodan grabs and indexes banners, so make certain that you enter here something that appears in the target's banner. For more info on Shodan, check on my article here on Shodan and my article on Shodan with SCADA here.

Next, AutoSploit will prompt you for a proxy, then your personal user agent and finally the API you want to use. I chose the defaults (hit Enter) for the first two and then selected 1 to use the Shodan API for my search.

Before gathering your hosts, AutoSploit prompts you for whether you want to append or overwrite your file. I selected overwrite, but if you were creating a file from multiple Shodan requests, you will probably want to use append to keep growing your fie.

Now, that AutoSploit utilized Shodan to find potential targets, we can display the potential targets by entering 5.

As you can see above, AutoSploit displays for us all the hosts it has found that contain the search query word or phrase in their banner that we specified above. These are all saved in a file /root/autosploit/hosts.txt.

Step #5: Exploit the Hosts with Metasploit

The final step is to configure and use Metasploit to exploit those targets identified by Shodan. We first need to specify for Metasploit;

1. Our workspace in the postgresql database (I named it IIS5)

2. Our local host or LHOST

3. The port we want to communicate on

Now, AutoSploit will attempt to exploit the hosts it has identified from their banner with the appropriate exploit from Metasploit!

Conclusion

Autosploit is slick tool that combines the power of two very powerful tools, Shodan and Metasploit. This makes it much easier, quicker and simpler for the white hat hacker to find vulnerable targets around the world and apply the appropriate exploit from Metasploit to penetrate the target!


2,295 views
bottom of page