Releases: Omnicrist/exploit_manager
Editor release
Docker release
In addition to v1.0, we added the possibility of running the tool inside a Docker container.
Full release
In this release, you can submit serialized exploits, specifying service name and opponents, and threads will be spawned; you can also configure a custom script for the submission of flags, serialized as shown in examples, stored in the directory and specifyed in conf.json. From the UI, you can see exploits' stats aggregated for service and you can expand them to single opponents; you can also stop/re-run threads from the interface, and you can see stats of "old" threads. Attacker threads are "smart": they stop themselves after a certain threshold of errors, and after a certain time if they don't find NEW flags; their state will be reflected in the interface and you can re-run each one of them again. In this way, the tool is reliable even when a remote service under attack is temporarily not available: the thread will stop itself, you will see that it is stopped, and when you know that the service is online again, you can restore the thread with a click. If you see that many threads are stopping themselves because many opponents have patched a vulnerability, but you found a new vulnerability, you can decide: you can write an exploit for the same service with but with a different name, like service_vulnerability, to have distinct stats; or you can write a new exploit for the same service and submit it. In the second case, the old exploit will be overwritten, and threads related to the opponents you specified for the new exploits will be killed to leave place for new threads.