Tech Talk: AutoSploit, yay or nay?


(Arsenio Figueroa) #1

Recently a new hacking tool, AutoSploit, was released on GitHub. This tool automates the process of finding vulnerabilities and exploiting them for hackers. The tool uses shodan.io to scope out any target connected to the internet and Metasploit to go through its database of exploits to find one that works. I see this new tool having both benefits and negatives.
Since this tool is open source :), it can be used by SMB IT crews that don’t have the resources to hire whitehatter’s to test their networks and systems. For Enterprise size companies it can save lots of time on vulnerability scan and pen tests. If any vulnerabilities exist, this can lead to faster patches and fixes within their networks. On the other side… Script kiddies will have a field day with this. More attacks like WannaCry could certainly be on the horizon and hacking groups can try and make out with some Bitcoin. This also makes life easier for more seasoned hackers and APTs since the whole process of hunting targets will be automated and exploiting them.
I see this tool being more of a benefit to the world. This will show teach us how to better implement our security for the future and build better products. I know not everyone will agree with me so please share your thoughts! Do you think VectorSec(creator) should have or have not released the tool? (Please be gentle).