Automatic exploitation tools
Pentesters and ethical hackers have typically a limited amount of time available for their tasks. Every bit of automation helps and this is where automatic exploitation tools have their use. Some of these tools try to automate every step possible, from retrieving inputs to storing the outputs in a structured way.
Depending on your project or security assessment, it might be worth to check most of the tools in this category. Each tool has its own specific purpose and sometimes multiple tools need to be combined.
Automatic exploitation tools are typically used for service exploitation and system exploitation.
Users for these tools include pentesters and security professionals.
Popular automatic exploitation tools
AutoSploit (automated host exploitation)
service exploitation, system exploitation
AutoSploit attempts to automate the exploitation of remote hosts for security assessments. Targets can be collected automatically or manually provided. Automatic sources include Censys, Shodan, and Zoomeye.
Infection Monkey (security testing for data centers and networks)
password discovery, service exploitation, system exploitation
This tool is useful for security assessments to test for weaknesses within the network. By automating the exploitation phase as much as possible, it will help finding any weak targets within the boundaries of the data center.
Leviathan Framework (mass audit toolkit)
penetration testing, security assessment, service exploitation
Leviathan is a security tool to provide a wide range of services including service discovery, brute force, SQL injection detection, and exploit capabilities. The primary reason to use this tool is to do massive scans on many systems at once. For example to include a huge network range, country-wide scan, or even full internet scan.
Missing a favorite tool in this list? Share a tool suggestion and we will review it.