Merge pull request #121 from NullArray/v-2.1

Version 2.1 release branch

Author: NullArray

.github/.translations/README-fr.md

@@ -0,0 +1,164 @@
+# AutoSploit
+
+Comme vous pouvez l'imaginer au vu du nom de ce projet, AutoSploit automatise l'exploitation d'hôtes distantes connectées à internet. Les adresses des hôtes à attaquer sont collectées automatiquement grâce à l'aide de Shodan, Censys et Zoomeye. Vous pouvez également utiliser vos propres listes de cibles.
+Les modules Metasploit disponibles ont été sélectionnés afin de faciliter l'obtention d'exécution de code à distance ( Remote Code Execution, ou RCE ), qui permettent ensuite de créer des sessions terminal inversées ( reverse shell ) ou meterpreter ( via metasploit ).
+
+**Ne soyez pas stupides** 
+
+Recevoir les connexions de vos victimes directement sur votre ordinateur n'est pas vraiment une bonne idée. Vous devriez considérer l'option de dépenser quelques euros dans un VPS ( ou VPN ).
+
+La nouvelle version d'AutoSploit permet néanmoins de définir un proxy et un User-Agent personalisé.
+
+# Liens utiles
+
+ - [Utilisation](https://github.com/NullArray/AutoSploit/README-fr.md#Utilisation)
+ - [Installation](https://github.com/NullArray/AutoSploit/README-fr.md#Installation)
+ - [Dépendances](https://github.com/NullArray/AutoSploit/README-fr.md#Dépendances))
+ - [Wiki](https://github.com/NullArray/AutoSploit/wiki)
+   - [Options d'usage extensif](https://github.com/NullArray/AutoSploit/wiki/Usage#usage-options)
+   - [Captures d'écran](https://github.com/NullArray/AutoSploit/wiki/Examples-and-images)
+   - [Rapporter un bug, donner une idée](https://github.com/NullArray/AutoSploit/wiki/Bugs-and-ideas#bugs)
+   - [Lignes directrices du développement](https://github.com/NullArray/AutoSploit/wiki/Development-information#development-of-autosploit)
+ - [Développement](https://github.com/NullArray/AutoSploit/README-fr.md#Développement)
+ - [Serveur discord ( en anglais, mais ne vous découragez pas ! )](https://discord.gg/9BeeZQk)
+
+
+# Installation
+
+Installer AutoSploit est un jeu d'enfant. Vous pouvez trouver la dernière version stable [ici](https://github.com/NullArray/AutoSploit/releases/tag/2.0). Vous pouvez aussi télécharger la branche ``master`` en [zip](https://github.com/NullArray/AutSploit/zipball/master) ou en [tarball](https://github.com/NullArray/AutSploit/tarball/master). Vous pouvez également suivre une des méthodes ci-dessous;
+
+###### Cloner
+
+```bash
+sudo -s << EOF
+git clone https://github.com/NullArray/Autosploit.git
+cd AutoSploit
+pip2 install -r requirements.txt
+python2 autosploit.py
+EOF
+```
+
+###### Docker
+
+```bash
+sudo -s << EOF
+git clone https://github.com/NullArray/AutoSploit.git
+cd AutoSploit/Docker
+docker network create -d bridge haknet
+docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres
+docker build -t autosploit .
+docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit
+EOF
+```
+
+Plus d'informations sur la façon d'utiliser Docker [ici](https://github.com/NullArray/AutoSploit/tree/master/Docker)
+
+## Utilisation
+
+L'ouverture du programme avec `python autosploit.py` devrait ouvrir une session terminal AutoSploit. Les options sont les suivantes ( en anglais ).
+
+```
+1. Usage And Legal
+2. Gather Hosts
+3. Custom Hosts
+4. Add Single Host
+5. View Gathered Hosts
+6. Exploit Gathered Hosts
+99. Quit
+```
+
+Sélectionner l'option `2` vous demandra de choisir quel type d'hôtes rechercher. Vous pouvez par exemple rentrer `IIS` ou `Apache`. Ensuite, on vous demandera quel moteurs de recherches doivent être utilisés lors de la recherche. Si tout fontionne correctement, les hôtes collectées seront sauvegardées et utilisables dans le menu d'exploitation ( `Exploit` )
+
+Depuis la version 2.0, AutoSploit peut être lancé avec des arguments/drapeaux. Pour en savoir plus, exécutez `python autosploit.py -h`.
+Pour référence, voici les options ( en anglais ).
+
+```
+usage: python autosploit.py -[c|z|s|a] -[q] QUERY
+                            [-C] WORKSPACE LHOST LPORT [-e]
+                            [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH
+                            [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT
+
+optional arguments:
+  -h, --help            show this help message and exit
+
+search engines:
+  possible search engines to use
+
+  -c, --censys          use censys.io as the search engine to gather hosts
+  -z, --zoomeye         use zoomeye.org as the search engine to gather hosts
+  -s, --shodan          use shodan.io as the search engine to gather hosts
+  -a, --all             search all available search engines to gather hosts
+
+requests:
+  arguments to edit your requests
+
+  --proxy PROTO://IP:PORT
+                        run behind a proxy while performing the searches
+  --random-agent        use a random HTTP User-Agent header
+  -P USER-AGENT, --personal-agent USER-AGENT
+                        pass a personal User-Agent to use for HTTP requests
+  -q QUERY, --query QUERY
+                        pass your search query
+
+exploits:
+  arguments to edit your exploits
+
+  -E PATH, --exploit-file PATH
+                        provide a text file to convert into JSON and save for
+                        later use
+  -C WORKSPACE LHOST LPORT, --config WORKSPACE LHOST LPORT
+                        set the configuration for MSF (IE -C default 127.0.0.1
+                        8080)
+  -e, --exploit         start exploiting the already gathered hosts
+
+misc arguments:
+  arguments that don't fit anywhere else
+
+  --ruby-exec           if you need to run the Ruby executable with MSF use
+                        this
+  --msf-path MSF-PATH   pass the path to your framework if it is not in your
+                        ENV PATH
+```
+
+# Dépendances
+
+AutoSploit exige la présence des modules Python2.7 suivants.
+
+```
+requests
+psutil
+```
+
+Si vous ne les avez pas, vous pouvez les installer avec les commandes ci-dessous ( dans le dossier d'AutoSploit ):
+
+```bash
+pip install requests psutil
+```
+
+ou
+
+```bash
+pip install -r requirements.txt
+```
+
+Comme le programme invoque des fonctionalités du Metasploit, vous devez l'avoir installé au préalable. Vous pouvez en obtenir une copie depuis le site de Rapid7 en cliquant [ici](https://www.rapid7.com/products/metasploit/).
+
+### Développement
+
+Même si AutoSploit n'est pas vraiment en Béta, il est sujet à des changements dans le futur.
+
+Si vous souhaitez rester à jour au niveau du développement et obtenir avant tout le monde toutes les super nouvelles fonctionalités, utilisez la [branche de développement](https://github.com/NullArray/AutoSploit/tree/dev-beta).
+
+Si vous voulez contribuer au développement de ce projet, lisez [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md). Ce fichier contient nos lignes directrices de contribution.
+
+Aussi, lisez nos [standards de contribution](https://github.com/NullArray/AutoSploit/wiki/Development-information#contribution-standards) avant d'envoyer une pull request.
+
+Si vous souhaitez obtenir de l'aide avec le code, ou juste partager avec les autres membres de la communauté d'AutoSploit, rejoignez-nous sur notre [serveur Discord](https://discord.gg/9BeeZQk). ( Nous ne mordons pas )
+
+## Note
+
+Si vous rencontrez un bug et que vous souhaitez le signaler, [ouvrez un ticket](https://github.com/NullArray/AutoSploit/issues).
+
+Merci d'avance.
+
+Traduction par [jesuiscamille](https://github.com/jesuiscamille). J'ai probablement fait des erreurs de conjugaison/orthographe/traduction. N'hésitez pas à juste [ouvrir un ticket](https://github.com/NullArray/AutoSploit/issues), c'est rapide et ça nous encourage :) !

README-zh.md renamed to .github/.translations/README-zh.md

@@ -4,4 +4,4 @@ api.p
 hosts.txt
 secret.p
 uid.p
-etc/tokens/*
+etc/tokens/*

.gitignore

@@ -2,25 +2,25 @@
 
 All contributions to AutoSploit are not only welcomed, but highly appreciated, please keep in mind the following while making a pull request:
 
- - Each request should make at least one logical change
- - All contributions should be forked from the `dev-beta` branch
- - Each request will need to be reviewed before merged, if anything seems weird we will either fix it or ask you to fix it for us
- - If you have multiple pushes in one request, please squash them together (or we will before we merge)
- - All pull requests that are merged are provided under the same license as the program is, keep the following in mind;
+- Each request should make at least one logical change
+- All contributions should be forked from the `dev-beta` branch
+- Each request will need to be reviewed before merged, if anything seems weird we will either fix it or ask you to fix it for us
+- If you have multiple pushes in one request, please squash them together (or we will before we merge)
+- All pull requests that are merged are provided under the same license as the program is, keep the following in mind;
 
 > By submitting code contributions to AutoSploit via Git pull request or other, checking them into the AutoSploit's source code repository, it is understood (unless you specify otherwise) that you are offering the AutoSploit copyright holders the unlimited, non-exclusive right to reuse, modify, and re-license the code. This is important because the inability to re-license code has caused devastating problems for other software projects (such as KDE and NASM). If you wish to specify special license conditions of your contributions, just say so when you send them.
 
 ## Getting started
 
 To get started making a contribution please do the following:
 
- - Fork the repository using the fork button
- - `git clone https://github.com/<YOUR-NAME>/AutoSploit.git -b dev-beta`
- - Edit the code to your liking
- - After editing `git branch <YOUR-BRANCH-NAME> && git checkout <YOUR-BRANCH-NAME>`
- - Add your commits and comment them
- - `git push --set-upstream origin <YOUR-BRANCH>`
- - Open a [pull request](https://github.com/NullArray/AutoSploit/pulls)
- - Wait for us to check it out
- 
- Thank you.
+- Fork the repository using the fork button
+- `git clone https://github.com/<YOUR-NAME>/AutoSploit.git -b dev-beta`
+- Edit the code to your liking
+- After editing `git branch <YOUR-BRANCH-NAME> && git checkout <YOUR-BRANCH-NAME>`
+- Add your commits and comment them
+- `git push --set-upstream origin <YOUR-BRANCH>`
+- Open a [pull request](https://github.com/NullArray/AutoSploit/pulls)
+- Wait for us to check it out
+
+  Thank you.

CONTRIBUTING.md

@@ -1,7 +1,6 @@
 # AutoSploit
 
-As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well.
-The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started
+As the name might suggest AutoSploit attempts to automate the exploitation of remote hosts. Targets can be collected automatically through Shodan, Censys or Zoomeye. But options to add your custom targets and host lists have been included as well. The available Metasploit modules have been selected to facilitate Remote Code Execution and to attempt to gain Reverse TCP Shells and/or Meterpreter sessions. Workspace, local host and local port for MSF facilitated back connections are configured by filling out the dialog that comes up before the exploit component is started
 
 **Operational Security Consideration**
 
@@ -10,21 +9,57 @@ Receiving back connections on your local machine might not be the best idea from
 The new version of AutoSploit has a feature that allows you to set a proxy before you connect and a custom user-agent.
 
 # Helpful links
+
  - [Usage](https://github.com/NullArray/AutoSploit#usage)
+ - [Installing](https://github.com/NullArray/AutoSploit#Installation)
  - [Dependencies](https://github.com/NullArray/AutoSploit#dependencies)
  - [User Manual](https://github.com/NullArray/AutoSploit/wiki)
+   - [Extensive usage breakdown](https://github.com/NullArray/AutoSploit/wiki/Usage#usage-options)
+   - [Screenshots](https://github.com/NullArray/AutoSploit/wiki/Examples-and-images)
+   - [Reporting bugs/ideas](https://github.com/NullArray/AutoSploit/wiki/Bugs-and-ideas#bugs)
+   - [Development guidelines](https://github.com/NullArray/AutoSploit/wiki/Development-information#development-of-autosploit)
  - [Shoutouts](https://github.com/NullArray/AutoSploit#acknowledgements)
  - [Development](https://github.com/NullArray/AutoSploit#active-development)
  - [Discord server](https://discord.gg/9BeeZQk)
+ - [README translations](https://github.com/NullArray/AutoSploit#translations)
 
-## Usage
+# Installation
 
-Clone the repo. Or deploy via Docker. Details for which can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker) 
+Installing AutoSploit is very simple, you can find the latest stable release [here](https://github.com/NullArray/AutoSploit/releases/tag/2.0). You can also download the master branch as a [zip](https://github.com/NullArray/AutSploit/zipball/master) or [tarball](https://github.com/NullArray/AutSploit/tarball/master) or follow one of the below methods;
 
-`git clone https://github.com/NullArray/AutoSploit.git`
+###### Cloning
 
-Starting the program with `python autosploit.py` will open an AutoSploit terminal session. The options for which are as follows.
+```bash
+sudo -s << EOF
+git clone https://github.com/NullArray/Autosploit.git
+cd AutoSploit
+chmod +x install.sh
+./install.sh
+python2 autosploit.py
+EOF
+```
+
+###### Docker
 
+```bash
+sudo -s << EOF
+git clone https://github.com/NullArray/AutoSploit.git
+cd AutoSploit
+chmod +x install.sh
+./installsh
+cd AutoSploit/Docker
+docker network create -d bridge haknet
+docker run --network haknet --name msfdb -e POSTGRES_PASSWORD=s3cr3t -d postgres
+docker build -t autosploit .
+docker run -it --network haknet -p 80:80 -p 443:443 -p 4444:4444 autosploit
+EOF
+```
+
+More information on running Docker can be found [here](https://github.com/NullArray/AutoSploit/tree/master/Docker)
+
+## Usage
+
+Starting the program with `python autosploit.py` will open an AutoSploit terminal session. The options for which are as follows.
 ```
 1. Usage And Legal
 2. Gather Hosts
@@ -37,12 +72,11 @@ Starting the program with `python autosploit.py` will open an AutoSploit termina
 
 Choosing option `2` will prompt you for a platform specific search query. Enter `IIS` or `Apache` in example and choose a search engine. After doing so the collected hosts will be saved to be used in the `Exploit` component.
 
-As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type `python autosploit.py -h` 
-to display all the options available to you. I've posted the options below as well for reference.
+As of version 2.0 AutoSploit can be started with a number of command line arguments/flags as well. Type `python autosploit.py -h` to display all the options available to you. I've posted the options below as well for reference.
 
 ```
 usage: python autosploit.py -[c|z|s|a] -[q] QUERY
-                            [-C] WORKSPACE LHOST LPORT [-e]
+                            [-C] WORKSPACE LHOST LPORT [-e] [--whitewash] PATH
                             [--ruby-exec] [--msf-path] PATH [-E] EXPLOIT-FILE-PATH
                             [--rand-agent] [--proxy] PROTO://IP:PORT [-P] AGENT
 
@@ -86,10 +120,20 @@ misc arguments:
                         this
   --msf-path MSF-PATH   pass the path to your framework if it is not in your
                         ENV PATH
+  --whitelist PATH      only exploit hosts listed in the whitelist file
 ```
 
+## Installation
+
+```bash
+git clone https://github.com/NullArray/AutoSploit
+cd AutoSploit
+chmod +x install.sh
+./install.sh
+```
 
 ## Dependencies
+_Note_: All dependencies should be installed using the above installation method, however, if you find they are not:
 
 AutoSploit depends on the following Python2.7 modules.
 
@@ -118,21 +162,26 @@ Special thanks to [Ekultek](https://github.com/Ekultek) without whoms contributi
 
 And thanks to [Khast3x](https://github.com/khast3x) for setting up Docker support.
 
-
-
 ### Active Development
 
-While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future. 
+While this isn't exactly a Beta release, AutoSploit 2.0 is an early release nonetheless as such the tool might be subject to changes in the future.
 
-I've been working on the new version of the tool in an open source capacity with the help of a number of developers 
+I've been working on the new version of the tool in an open source capacity with the help of a number of developers
 that have expressed an interest in doing so. If you would like to keep up to date on all the most recent developments be sure to check out the [Development Branch](https://github.com/NullArray/AutoSploit/tree/dev-beta).
 
 If you would like to contribute to the development of this project please be sure to read [CONTRIBUTING.md](https://github.com/NullArray/AutoSploit/blob/master/CONTRIBUTING.md) as it contains our contribution guidelines.
 
-If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord chat](https://discord.gg/9BeeZQk).
+Please, also, be sure to read our [contribution standards](https://github.com/NullArray/AutoSploit/wiki/Development-information#contribution-standards) before sending pull requests
+
+If you need some help understanding the code, or want to chat with some other AutoSploit community members, feel free to join our [Discord server](https://discord.gg/9BeeZQk).
 
 ### Note
 
 If you happen to encounter a bug please feel free to [Open a Ticket](https://github.com/NullArray/AutoSploit/issues).
 
 Thanks in advance.
+
+## Translations
+
+ - [FR](https://github.com/NullArray/AutoSploit/blob/master/.github/.translations/README-fr.md)
+ - [ZH](https://github.com/NullArray/AutoSploit/blob/master/.github/.translations/README-zh.md)

README.md

@@ -67,7 +67,7 @@ def zoomeye(self):
             else:
                 headers = {
                     "Authorization": "JWT {}".format(str(token["access_token"])),
-                    "agent": self.user_agent["User-Agent"]
+                    "User-Agent": self.user_agent["User-Agent"]  # oops
                 }
             params = {"query": self.query, "page": "1", "facet": "ipv4"}
             req = requests.get(

api_calls/zoomeye.py

@@ -2,4 +2,4 @@
 
 
 if __name__ == "__main__":
-    main()
+    main()