Saturday, April 27, 2019

Automate Metasploit with Easysploit

I bet you are a lazy person! That's why you are here.

It's okay to be lazy. Most lazy people get creative minds to make tough work easy. Maybe that's why someone lazy made the Easysploit tool for Metasploit Automation. Not so many people like typing lines of commands all time. This tool can be a little solution.

The tool comes with some options to create payload for Windows, Android, MacOS, Linux, and Web. Also, it gives options for some Windows, Vista, XP exploits. But these exploits are not useful because probably most of the people on this universe run latest versions of OS after the Wannacrypt attack.

If you want to use Easysploit the only job left for you is choosing the options and let Easysploit do the rest.

Let's see the tool works or not.

Install Easysploit in Kali Linux

Fire up your Kali Linux Machine, open up the terminal, change the directory to the Desktop and download or clone the tool from Github.

cd Desktop/

Extract the zip and open up the extracted folder. Here you can see a script named installer.sh. That is what we want. This is basically a shell script. Launch the tool with the command-

Bash installer.sh
Automate Metasploit with Easysploit | Easy to Use and Faster

Okay, the script is successfully installed. Type 'easysploit' anywhere in the terminal to launch the tool. Let's test one option. We will choose option 1 to test it on Windows.

Compromising Windows with Easysploit

The process is simple we do all the time with a RAT to create a server. But still, let's have a look at the process.

If you want it to work over WAN, you need a static IP and a router with port forwarding capability.
Automate Metasploit with Easysploit | Easy to Use and Faster

Choose option 1. Now it will create a payload with the name test.exe and save it on the path root/Desktop. And creates a listener automatically without asking. The payload name can be changed in the codes of the shell script.

Now you need to send the payload to the victim and make him click on the payload. Use Social Engineering methods to make him click. After getting a response, you will be connected to the machine. Now use the Metasploit commands to control the compromised machine.

Important Note: The update v3.1 has an issue that it fails to validate the Lhost. But don't leave without checking if the creator resolved the issue or not. We are so sorry that we couldn't show you the process. But as soon the creator resolves the issue we will update our article. 

Conclusion

These tools are really fun. Metasploit needs very long commands and not every student are able to remember them. We can sort out this problem a little by tools like Easysploit.

The tool is really good. Easy to use and clean interface. We should thank the creator of this tool. We found the tool very good. What's your opinion? Rate the tool from 1-10 in the comment box below.

As the tool is in development you may found many issues. Ask in the comment box and we will try our best to give the solution. 

Disclaimer

The tutorial is only for educational purpose. Illegal use of them can lead to punishment. Use them at your own risk. If you are using it for pen-testing, make sure you've taken written permission from the owner.

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon

Submit Your Email Address to get Our Latest EASY TO READ Articles directly in Your Inbox