AutoSploit Automated Exploit Tool

AutoSploit is a Python-based automated tool for exploiting vulnerabilities in internet-connected devices using two popular penetration testing tools, Shodan and Metasploit.

Threat ID:: CC-2016
Category:: Exploit
Threat Severity:: Medium
Threat Vector:: Exploit, Insecure network
Published:: 7 February 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

AutoSploit is a Python-based automated tool for exploiting vulnerabilities in internet-connected devices using two popular penetration testing tools, Shodan and Metasploit.

Threat details

Freely available through GitHub, AutoSploit allows a remote attacker to quickly and easily target a wide variety of devices using a comprehensive list of exploits. Presently it appears the goal of most AutoSploit attacks is to gain remote code execution capability, although this is likely to change.

While usage of AutoSploit requires little to no specialist knowledge, however, it appears difficult to target a specific subset of devices. Shodan search strings must match with the filename of the corresponding Metasploit module, failure to do so will result in AutoSploit being unable to execute the module. An alternate mode, called "Hail Mary", runs every exploit included in the framework against the returned results; although the large number of results makes this approach unfeasible for most users.

Remediation advice

Whilst there is no specific remediation advice for AutoSploit, the general guidance for protection against attacks should be sufficient. This includes ensuring:

Remediation steps

Type	Step
	All internet-facing devices and resources are sufficiently hardened. A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails. All operating systems, antivirus and other security products are kept up to date. All day to day computer activities such as email and internet are performed using non-administrative accounts and that permissions are always assigned on the basis of least privilege. Strong password policies are in place and password reuse is discouraged. Network, proxy and firewall logs should be monitored for suspicious activity. Your organisation adopts a holistic all round approach to cyber-security as advocated by the 10 Steps To Cyber Security.

Type

Step

All internet-facing devices and resources are sufficiently hardened.
A robust program of education and awareness training is delivered to users to ensure they don’t open attachments or follow links within unsolicited emails.
All operating systems, antivirus and other security products are kept up to date.
All day to day computer activities such as email and internet are performed using non-administrative accounts and that permissions are always assigned on the basis of least privilege.
Strong password policies are in place and password reuse is discouraged.
Network, proxy and firewall logs should be monitored for suspicious activity.
Your organisation adopts a holistic all round approach to cyber-security as advocated by the 10 Steps To Cyber Security.

Last edited: 17 February 2020 12:38 pm