AutoPwn

How to use AutoPwn in Exploit Pack

Exploit Pack has a feature called AutoPwn that can be used to automagically select the exploit needed like its name claims "Pwn" the target. While we always recommend using a more manual approach sometimes it becomes useful if you want to quickly try a few exploits, for instance. Always be aware of the risks of automated attacks. ‌

Also, have in mind that the filter to iterate over the XML files to select the exploits is pre-configured by ports, references or services running and it will first launch Nmap against the target to obtain these values. You must configure Nmap properly first, otherwise, AutoPwn will not work.

‌In this example we are running AutoPwn against our local environment:

Once you set up the properties for AutoPwn you can go ahead and click on "Execute", this will activate the whole process. First, it will launch Nmap against the selected target. After that, it will iterate over your exploit tree searching for a match for the attack type selected. If there is one, it will automatically launch it against the target, as shown in the following screenshot:

Disclaimer: Exploit Pack is a security testing software. It contains functionalities that could potentially damage or result in unexpected behaviour in some applications. We recommend using Exploit Pack only against non-production environments. Please read all documentation before using Exploit Pack, and do not use Exploit Pack against any systems for which you are not authorized by the system owner.