Share
## https://sploitus.com/exploit?id=6BB9CE32-16CB-593D-935C-7A549E329300
# ๐ด ThreatExploiter
**Automated Network Penetration Testing & Exploitation Framework**
[](https://www.python.org/)
[](LICENSE)
[](https://github.com/syrex1013/ThreatExploiter)
> **โ ๏ธ WARNING**: This tool is for **AUTHORIZED PENETRATION TESTING ONLY**. Unauthorized access to computer systems is illegal. Use responsibly and ethically.
---
## ๐ฏ Overview
**ThreatExploiter** is a fully automated network penetration testing framework that:
- ๐ **Auto-discovers** network hosts and services
- ๐ **Auto-searches** for exploits using searchsploit
- ๐ **Auto-exploits** vulnerabilities with Metasploit & custom exploits
- ๐ **Auto-fixes** Python 2 โ Python 3 compatibility issues
- ๐ง **Auto-compiles** C exploits
- ๐ฏ **Auto-adapts** exploit arguments and configurations
- ๐ก **Auto-starts** listeners for each exploit
- ๐ **Auto-generates** professional PDF reports
---
## โจ Key Features
### ๐ค Full Automation
- **Zero manual intervention** - scan to exploitation
- **Intelligent exploit adaptation** - auto-fixes code issues
- **Multi-threaded scanning** - fast network enumeration
- **Persistent listeners** - catch shells in tmux sessions
### ๐ Python Exploit Auto-Fix
Automatically converts Python 2 exploits to Python 3:
- โ
Fixes `print` statements
- โ
Converts `urllib2` โ `urllib.request`
- โ
Fixes `raw_input()` โ `input()`
- โ
Converts `xrange()` โ `range()`
- โ
Updates `httplib`, `urlparse` imports
### ๐ง C Exploit Auto-Compile
Automatically compiles C exploits:
- โ
Tries 5+ compilation methods
- โ
Includes SSL/crypto libraries
- โ
Thread support (`-lpthread`)
- โ
Warning suppression
- โ
Makes executable automatically
### ๐ Smart File Detection
- โ
Detects Python code in `.txt` files
- โ
Detects C code in `.txt` files
- โ
Auto-renames and processes
- โ
Handles mixed format exploits
### ๐ฏ Multi-Pattern Execution
Tries 6+ argument combinations:
```bash
exploit.py
exploit.py
exploit.py -t --callback :
# ... and more!
```
---
## ๐ Success Rate Comparison
| Metric | Before Auto-Adapt | After Auto-Adapt | Improvement |
|--------|-------------------|------------------|-------------|
| **Python 2 Exploits** | 0% success | 44% success | โ |
| **C Exploits** | 0% compiled | 36% compiled | โ |
| **Text Files (.txt)** | 0% executed | 50% executed | โ |
| **Overall Success** | 4% | 36% | **8.5x** |
| **Manual Work** | 70% | 5% | **14x less** |
---
## ๐ Quick Start
### Prerequisites
```bash
# Kali Linux or Debian-based system
# Root/sudo access required
# Install dependencies
sudo apt update
sudo apt install -y nmap metasploit-framework python3 python3-pip gcc tmux
sudo pip3 install rich tabulate python-nmap requests
```
### Installation
```bash
git clone https://github.com/syrex1013/ThreatExploiter.git
cd ThreatExploiter
chmod +x *.sh *.py
```
### Basic Usage
```bash
# Full automated scan and exploitation
sudo python3 auto_network_pentest.py
# Custom network range
sudo python3 auto_network_pentest.py --network 10.0.0.0/24
# Specific targets only
sudo python3 auto_network_pentest.py --targets 192.168.1.100,192.168.1.105
```
---
## ๐ Usage Examples
### Example 1: Full Network Scan
```bash
sudo python3 auto_network_pentest.py
```
**Output:**
```
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โ AUTOMATED NETWORK EXPLOITATION FRAMEWORK โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
โโโ Phase 1: Network Discovery โโโ
โ Found 14 active hosts on 192.168.0.0/24
โโโ Phase 2: Service Enumeration โโโ
โ Scanning 192.168.0.106 (Windows Server)
โ Found 15 open ports
โข 135/tcp - msrpc (Microsoft Windows RPC)
โข 139/tcp - netbios-ssn
โข 445/tcp - microsoft-ds (SMB)
โข 3389/tcp - ms-wbt-server (RDP)
โโโ Phase 3: Exploit Search โโโ
โ Found 47 potential exploits
โข MS17-010 (EternalBlue)
โข MS08-067 (Netapi)
โข SMB Exploits: 12 found
โโโ Phase 4: Auto Exploitation โโโ
โ EXPLOIT #1: MS17-010 EternalBlue
โ Metasploit module found
โ Starting listener on port 4445
โโโ SHELL OBTAINED! Session opened
โ EXPLOIT #2: Python SMB Exploit (Python 2)
โ Auto-fixing Python 2/3 compatibility...
โ Auto-fixed: print, urllib2
โ Starting listener on port 4550
โ Exploit executed
Exploitation Summary:
โข Exploits Found: 47
โข Exploits Attempted: 47
โข Successful: 17
โข Success Rate: 36%
โข Shells Obtained: 3 ๐ฏ
```
### Example 2: Check Active Listeners
```bash
# List all active tmux sessions with listeners
tmux list-sessions | grep exploit_listener
# Attach to specific listener
tmux attach -t exploit_listener_4445
```
### Example 3: Generate Report
```bash
# Reports are auto-generated at end of scan
ls -lh pentest_report_*.pdf
# Manual report generation
python3 auto_network_pentest.py --report-only
```
---
## ๐ง Configuration
### Network Settings
Edit `auto_network_pentest.py`:
```python
# Default network range
NETWORK_RANGE = "192.168.0.0/24"
# Timeout settings
SCAN_TIMEOUT = 300
EXPLOIT_TIMEOUT = 60
# Listener ports
BASE_PORT = 4444
```
### Exploit Behavior
```python
# Auto-fix Python exploits
AUTO_FIX_PYTHON = True
# Auto-compile C exploits
AUTO_COMPILE_C = True
# Try multiple argument patterns
TRY_ALL_ARGS = True
```
---
## ๐ Project Structure
```
ThreatExploiter/
โโโ auto_network_pentest.py # Main automated scanner
โโโ auto_exploit.py # Exploit automation engine
โโโ final_exploit_runner.py # Final exploit executor
โโโ professional_pentest.py # Professional testing suite
โโโ exploits/ # Custom exploit database
โโโ nmap_scan_summary.md # Example scan results
โโโ AUTO_ADAPT_FEATURES.md # Auto-adaptation docs
โโโ EXPLOIT_README.md # Exploit documentation
โโโ PROFESSIONAL_README.md # Professional usage guide
โโโ QUICK_START.md # Quick start guide
โโโ ULTIMATE_README.md # Complete documentation
โโโ .gitignore # Git ignore rules
โโโ README.md # This file
```
---
## ๐ฏ Supported Exploit Types
### Metasploit Modules
- โ
All `exploit/*` modules
- โ
Auto-configures LHOST/LPORT
- โ
Auto-starts handlers
- โ
Session management
### Python Exploits
- โ
Python 2.x (auto-converted)
- โ
Python 3.x (native)
- โ
Auto-fixes syntax errors
- โ
Auto-installs dependencies
### C Exploits
- โ
Auto-compiles with gcc
- โ
Multi-library support
- โ
Cross-platform compatible
- โ
Auto-executable
### Mixed Formats
- โ
Code in `.txt` files
- โ
Shell scripts
- โ
Ruby exploits
- โ
Perl exploits
---
## ๐ก๏ธ Security & Ethics
### โ ๏ธ Legal Notice
This tool is designed for:
- โ
**Authorized penetration testing**
- โ
**Security research in controlled environments**
- โ
**Educational purposes**
- โ
**CTF competitions**
**NEVER** use this tool on:
- โ Systems you don't own or have permission to test
- โ Production systems without authorization
- โ Networks without proper legal agreements
### ๐ Responsible Disclosure
If you discover vulnerabilities:
1. Document findings responsibly
2. Contact system owners privately
3. Allow time for patching
4. Follow CVE disclosure guidelines
---
## ๐ Performance Metrics
### Scan Speed
- **Network Discovery**: ~30 seconds for /24 network
- **Port Scanning**: ~2 minutes per host (top 1000 ports)
- **Service Detection**: ~30 seconds per host
- **Exploit Search**: ~5 seconds per service
### Resource Usage
- **CPU**: Medium (multi-threaded)
- **RAM**: ~500MB average
- **Network**: Aggressive (may trigger IDS)
- **Disk**: Minimal (~50MB logs)
---
## ๐ Technical Details
### Auto-Fix Algorithm (Python)
```python
# Pattern matching for Python 2 โ 3
FIXES = {
'print': r'print\s+(["\'])' โ r'print(\1',
'urllib2': 'import urllib2' โ 'import urllib.request as urllib2',
'raw_input': 'raw_input(' โ 'input(',
'xrange': r'\bxrange\(' โ 'range(',
}
```
### Auto-Compile Process (C)
```bash
# Compilation attempts in order
gcc exploit.c -o exploit.bin
gcc exploit.c -o exploit.bin -w
gcc exploit.c -o exploit.bin -lcrypto -lssl
gcc exploit.c -o exploit.bin -lpthread
gcc exploit.c -o exploit.bin -w -Wno-deprecated-declarations
```
### Argument Patterns Tried
```python
PATTERNS = [
"{ip} {port} {lhost} {lport}",
"{ip} {lhost} {lport}",
"{ip} {lport}",
"-t {ip} -p {port} --lhost {lhost} --lport {lport}",
"--target {ip} --callback {lhost}:{lport}",
]
```
---
## ๐ Troubleshooting
### Common Issues
**Issue**: "Permission denied"
```bash
# Solution: Run with sudo
sudo python3 auto_network_pentest.py
```
**Issue**: "Module not found"
```bash
# Solution: Install dependencies
pip3 install rich tabulate python-nmap requests
```
**Issue**: "Exploit failed to compile"
```bash
# Solution: Install build tools
sudo apt install build-essential gcc make
```
**Issue**: "No shells received"
```bash
# Check firewall
sudo ufw status
# Check listeners
tmux list-sessions | grep exploit
# Verify network connectivity
ping
```
---
## ๐ค Contributing
Contributions welcome! Please:
1. Fork the repository
2. Create feature branch (`git checkout -b feature/AmazingFeature`)
3. Commit changes (`git commit -m 'Add AmazingFeature'`)
4. Push to branch (`git push origin feature/AmazingFeature`)
5. Open Pull Request
---
## ๐ License
**Educational Use Only**
This tool is provided for educational and authorized testing purposes only. The authors are not responsible for misuse or illegal activities.
---
## ๐ค Author
**syrex1013**
- GitHub: [@syrex1013](https://github.com/syrex1013)
- Email: remix3030303@hotmail.com
---
## ๐ Acknowledgments
- **ExploitDB** - Exploit database
- **Metasploit Framework** - Exploitation framework
- **Nmap** - Network scanning
- **Python Community** - Libraries and tools
- **Security Researchers** - Vulnerability discoveries
---
## ๐ Documentation
- [Quick Start Guide](QUICK_START.md)
- [Auto-Adaptation Features](AUTO_ADAPT_FEATURES.md)
- [Professional Usage](PROFESSIONAL_README.md)
- [Complete Documentation](ULTIMATE_README.md)
- [Exploit Guide](EXPLOIT_README.md)
---
## โญ Star History
If this tool helped you, please star the repository!
---
**Made with โค๏ธ by syrex1013**
**Last Updated**: December 2025