(QUESTION)XAttacker / JEx BOT - Are they still effective and working?

[neMMezis]

What's your opinion on the auto-exploit bots like XAttacker, jex and xvuln?
Im experiencing difficulty's with all of them, false positive's and no shell uploads/hits on any vulnearability.
I think it might be because of my dorks or because most o the xploits being used are already patched.

 

What are your experiences guys?

[AssLord]

Okay, I don't have much experience with these auto-exploiters and have really only been vaguely familiar with them up until recently and I'm now starting to look into them a bit more.

So take what I say with a grain of salt:

My take on them is that they do work, but It depends on the quality of the URL lists you feed it.

And the quality of the URL list is dependent upon how precise your dorks are.

Your dorks have to be able to reasonably find outdated websites from a variety of CMSs. This means that the dorks used for SQLi dumper may be entirely different than the ones used for Auto-exploiters.

The keywords you'd be looking for MAY be different and they may contain different parameters.

In manual shelling, you're often looking for very low hanging fruits such as a simple UNION based SQLI or even a login bypass, but these are very old vulnerabilities that are typically only still found on shitty offshore websites

that all get written by the same eastern Asian web-dev firms that still don't know to sanitize user input.

With an auto exploiter, you're more looking for slightly out of date Joomla sites or WordPress as that's what the majority of sites are running nowadays and that's what these auto-exploiters scan for: vulnerabilities in old CMS plugins and misconfigurations that come along with the default install procedures.

[CryptoRanger]

I think they are very useful as you can easily attack many websites But they are more likely to target older, outdated sites. But as they continue to publish new vulnerabilities, it is easy to expand these bots.

[neMMezis]

Okay, I don't have much experience with these auto-exploiters and have really only been vaguely familiar with them up until recently and I'm now starting to look into them a bit more.

So take what I say with a grain of salt:

My take on them is that they do work, but It depends on the quality of the URL lists you feed it.

And the quality of the URL list is dependent upon how precise your dorks are.

Your dorks have to be able to reasonably find outdated websites from a variety of CMSs. This means that the dorks used for SQLi dumper may be entirely different than the ones used for Auto-exploiters.

The keywords you'd be looking for MAY be different and they may contain different parameters.

In manual shelling, you're often looking for very low hanging fruits such as a simple UNION based SQLI or even a login bypass, but these are very old vulnerabilities that are typically only still found on shitty offshore websites

that all get written by the same eastern Asian web-dev firms that still don't know to sanitize user input.

With an auto exploiter, you're more looking for slightly out of date Joomla sites or WordPress as that's what the majority of sites are running nowadays and that's what these auto-exploiters scan for: vulnerabilities in old CMS plugins and misconfigurations that come along with the default install procedures.

Looked like a week into it, dedicated a RDP to a few of them and i can relate to everything you describe.

You raelly have to have good CMS targeted dorks.