Requirements ◦ Installation ◦ Usage ◦ Contact
vMass Bot automates the exploitation of remote hosts by trying to find environment files (.env) in the target hosts and extract tools and info insde, then the bot detects the targets host CMS and tries to auto-exploit and upload shell payload using the vMass vulnerability set ( 108 exploits in the current version 1.2, check the full vulnerability list in our Telegram Channel ).
No target list ? No worries, vMass Bot can generate hosts lists from IP ranges, URL list, dotenv low profile dorks and scrapes from (bing, duckduckgo, ..) or you can use IP ranges from various hosting providers for best hit rate while scanning, then generated lists can be checked using the bot to eleminate invalid/dead hosts.
Extracted Tools, can be filtered and tested to only keep working ones (test smtp delivery and twilio api balance), the bot can also use wp hosts with phpmyadmin access to perform auto upload (admin takeover) if the CMS Exploits failed, working tools can be delivered right to your telegram channel inbox by settings up your telegram webhook in the Bot. The whole process from generating hosts and scanning to delivering the results to Telegram, can be automated using the AUTOPILOT option (For more information, check vMass Bot Usage).
- Perl v5.x+ ( For Windows, get Strawberry Perl )
- RDP/VPS ( Optional )
1- Clone vMass Bot
$ git clone https://github.com/c99tn/vMass.git
$ cd vMass
2- Install required Perl Modules -- IMPORTANT Install Modules with Bash Script
$ chmod +x install.sh
$ bash install.sh
OR
Install Perl modules manually
$ perl -MCPAN -e shell
cpan[1]> install Net::IP
install Net::DNS::Resolver
install LWP::UserAgent
install HTTP::Request::Common
install WWW::Mechanize
install Term::ANSIColor
cpan[1]> quit
3- Launch vMass Bot
$ perl vMass.pl
vMass FREE Version only includes Features with 🟩
Command | Description |
---|---|
1 | 🟩 Generate target hosts from given IP Range, you can use more as many ranges as you like (ex: 100.20.0.0/14 ) |
2 | 🟨 Generate target hosts from given dorks or using the bot env dorks, you can specify target hosts region, TLDs and search engines |
3 | 🟩 Generate target hosts from given Website List, PS: URL Lists must me domain.com format only without www or https |
4 | 🟩 Generate target hosts from provided hosting ip range, range is picked randomly, you can change range before starting |
5 | 🟩 Check the targets hosts to filter Live Running IPS from dead ones. |
6 | 🟩 Scan the target hosts for possible .env files, the bot will test all host directories and saves host if env is found |
7 | 🟨 Scan the target hosts for .env and perform auto exploit based on host CMS to upload shell payload (108 exploits) |
8 | 🟨 Under Construction... 🥷 |
9 | 🟩 Extract tools from hosts where env file is found based on tool type |
10 | 🟨 test extracted SMTPs, an email input is required, if the smtp delivers, the smtp info will be in the email body |
11 | 🟨 test extracted TWILIOs APIs validity and balance |
12 | 🟨 try to find phpmyadmin login page path, and perform admin takeover method to upload shell in Wordpress CMS hosts |
13 | 🟨 Transfer all tools to a private telegram channel, telegram webhook is required |
1337 | 🟨 performs all the steps above one after another, you just configure the bot, start it and results will be delivered to your telegram, best use for RDP/VPS and with big target hosts list |
Got a Question ? send me DM on Telegram
vMass Bot was created for educational purposes only, Any actions and/or activities done using this bot is solely your responsibility.