Vice reports on a new automated toolkit to streamline and aggregate multiple tools into a single application to make finding and breaching vulnerable devices far easier:
In short, AutoSploit simply brings together several different tools and workflows for hackers into one package. Usually, a hacker might have to find a server or other target; check whether the target is vulnerable to whatever exploit they may have; and then deliver the attack successfully.
AutoSploit on the other hand, combines Shodan, a sort-of search engine for internet-connected devices, and Metasploit, a well-known penetration testing tool for executing of exploits.
“Basically you start the tool, and enter a search query, something like ‘apache’,” Vector told Motherboard in a Twitter message, referring to the popular web server software. “After that the tool uses the Shodan API to find boxes [computers] that are described as being ‘apache’ on Shodan.”
“After that a list of Metasploit modules is loaded and sorted based on your search query; once the appropriate modules are selected it will start running them in sequence on the list of targets you acquired,” they added.
This surely is a novel effort. I give the developer credit for cobbling together multiple tools in an easy-to-use package.
While it is an interesting idea to combine these disparate tools into a single package, lowering the barrier to entry to breach networks, this arguably will have a negligible impact. Even a basic cyber security control implementation should be able to withstand this effort. Likely, the people leveraging AutoSploit will have very little experience in breaching networks and will create enough noise, or make enough mistakes, to be caught by security tools or analysts.