AutoPWN Suite – Automatically Scan For Vulnerabilities & Exploit Systems

autopwn

How does it work?

AutoPWN Suite uses nmap TCP-SYN scan to enumerate the host and detect the version of software running on it. After gathering enough information about the host, AutoPWN Suite automatically generates a list of “keywords” to search NIST vulnerability database.

Demo

AutoPWN Suite has a very user friendly easy to read output.

asciicast

Installation

You can install it using pip. (sudo recommended)

sudo pip install autopwn-suite

OR

You can clone the repo.

git clone https://github.com/GamehunterKaan/AutoPWN-Suite.git

Usage

usage: autopwn.py [-h] [-o OUTPUT] [-t TARGET] [-hf HOSTFILE] [-st SCANTYPE] [-s SPEED] [-a API] [-y] [-m MODE] [-v]

AutoPWN Suite

options:
  -h, --help            show this help message and exit
  -o OUTPUT, --output OUTPUT
                        Output file name. (Default : autopwn.log)
  -t TARGET, --target TARGET
                        Target range to scan. This argument overwrites the hostfile argument. (192.168.0.1 or 192.168.0.0/24)
  -hf HOSTFILE, --hostfile HOSTFILE
                        File containing a list of hosts to scan.
  -st SCANTYPE, --scantype SCANTYPE
                        Scan type. (Ping or ARP)
  -s SPEED, --speed SPEED
                        Scan speed. (0-5) (Default : 3)
  -a API, --api API     Specify API key for vulnerability detection for faster scanning. You can also specify your API key in api.txt file. (Default : None)
  -y, --yesplease       Don't ask for anything. (Full automatic mode)
  -m MODE, --mode MODE  Scan mode. (Evade, Noise, Normal)
  -v, --version         Print version and exit.

TODO

  • Vulnerability detection based on version.
  • Easy to read output.
  • Function to output results to a file.
  • pypi package for easily installing with just pip install autopwn-suite.
  • Automatically install nmap if its not installed.
  • Noise mode. (Does nothing but creating a lot of noise)
  • Function to automatically download exploit related to vulnerability.
  • .deb package for Debian based systems like Kali Linux and Parrot Security.
  • Arch Linux package for Arch based systems like BlackArch and ArchAttack.
  • Separate script for checking local privilege escalation vulnerabilities.
  • Windows and OSX support.
  • Functionality to brute force common services like ssh, vnc, ftp etc.
  • Built in reverse shell handler that automatically stabilizes shell like pwncat.
  • Function to generate reverse shell commands based on IP and port.
  • GUI interface.
  • Meterpreter payload generator with common evasion techniques.
  • Fileless malware unique to AutoPWN Suite.
  • Daemon mode.
  • Option to email the results automatically.
  • Web application analysis.
  • Web application content discovery mode. (dirbusting)
  • Option to use as a module.
  • Config file argument to specify configurations in a separate config file.
  • Argument for passing custom nmap flags.

Download: https://github.com/GamehunterKaan/AutoPWN-Suite

Please follow and like us:

Leave a Reply

Your email address will not be published.