Script kiddies have been a nuisance in the cybersecurity world for years, with the emergence of automated attack tools that perform tasks such as “Denial of Service attacks” (DDoS). Most script kiddies cause minor setbacks, but rarely ever get to the point of harming critical systems. However, Automated attack tools are not designed for use by script kiddies, they are designed to be used by security practitioners to quickly get through tasks so they can find and document vulnerabilities sooner rather than later.
A few days ago a cybersecurity practitioner, VectorSEC released one of these automated attack tool called AutoSploit. This tool, however, raises the stakes by combining the power of Shodan and Metasploit modules. Shodan is a search engine that collects information on internet connected devices. The information provided ranges from IP addresses to the city and country the device is located in. While Metasploit is a program that can find and exploit vulnerabilities based on open source modules.
After installing AutoSploit, Shodan, and Blessings as detailed in the GitHub page, the user is greeted with a simple CLI options menu that takes you through how to use this powerful tool. After using the ‘Gather Hosts’ search, the user can then automate the process of running Metasploit modules against the search by using the ‘Exploit’ option.
The ease of use of this tool has understandably caused some concern in the security community, out of fear that AutoSploit will be used by script kiddies, and they will cause much more than a minor nuisance.
However, Vector has not been discouraged by this backlash, as Vector states on his social media “I believe in sharing knowledge, tools, and value open source software development.”. Vector has also been supporting his program after release by periodically updating and adding more features.
My take is that this tool would have been created one way or another it was just a matter of time. furthermore, with the release of this powerful tool, hopefully, we can see some powerful defensive actions taken soon.