Automatic exploitation tools

Introduction

Pentesters and ethical hackers have typically a limited amount of time available for their tasks. Every bit of automation helps and this is where automatic exploitation tools have their use. Some of these tools try to automate every step possible, from retrieving inputs to storing the outputs in a structured way.

Depending on your project or security assessment, it might be worth to check most of the tools in this category. Each tool has its own specific purpose and sometimes multiple tools need to be combined.

Usage

Automatic exploitation tools are typically used for service exploitation and system exploitation.

Users for these tools include pentesters, security professionals.

Tools

arpag (automatic exploiting tool)

penetration testing, security awareness, service exploitation

Tools like arpag can help with automating penetration tests and security assessments. By testing automatically for a set of exploits, the remaining time can be spend in other areas.

AutoSploit (automated host exploitation)

service exploitation, system exploitation

AutoSploit attempts to automate the exploitation of remote hosts for security assessments. Targets can be collected automatically or manually provided. Automatic sources include Censys, Shodan, and Zoomeye.

Infection Monkey (security testing for data centers and networks)

service exploitation, system exploitation

This tool is useful for security assessments to test for weaknesses within the network. By automating the exploitation phase as much as possible, it will help finding any weak targets within the boundaries of the data center.

Leviathan Framework (mass audit toolkit)

penetration testing, security assessment, service exploitation

Leviathan is a security tool to provide a wide range of services including service discovery, brute force, SQL injection detection, and exploit capabilities. The primary reason to use this tool is to do massive scans on many systems at once. For example to include a huge network range, country-wide scan, or even full internet scan.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.