OP 14 October, 2022 - 09:52 PM
![[Image: n.png?token=GHSAT0AAAAAABVX6V7OVKN5YN5NXLEK7T6MYYHZ5VA]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fraw.githubusercontent.com%2Fc99tn%2FRandoms%2Fmaster%2Fn.png%3Ftoken%3DGHSAT0AAAAAABVX6V7OVKN5YN5NXLEK7T6MYYHZ5VA)
vMass Bot automates the exploitation of remote hosts by trying to find environment files (.env) in the target hosts and extract tools and info insde, then the bot detects the target host CMS and tries to auto exploit and upload shell payload using the vMass vulnerability set ( 108 exploits in the current version 1.2, check the full vulnerability list in our Telegram Channel ).
No target list ? No worries, vMass Bot can generate hosts lists from IP ranges, URL list, dotenv low profile dorks and scrapes from (bing, duckduckgo, ..) or you can use IP ranges from various hosting providers for best hit rate while scanning, then generated lists can be checked using the bot to eleminate dead hosts.
Extracted Tools, can be filtered and tested to only keep working ones (test smtp delivery and twilio api balance), the bot can also use wp hosts with phpmyadmin access to perform auto upload (admin takeover) if the CMS Exploits failed, working tools can be delivered right to your telegram channel inbox by settings up your telegram webhook in the Bot. The whole process from generating hosts and scanning to delivering the results to Telegram, can be automated using the AUTOPILOT option (For more information, check vMass Bot Usage).
GITHUB LINK FOR THE TOOL - FREE VERSION : https://github.com/c99tn/vMass
GITHUB LINK FOR THE TOOL - FREE VERSION : https://github.com/c99tn/vMass
Virustotal link https://www.virustotal.com/gui/file/3bc815b8a5c71e43ba61a50a5f36cdcf2f5818fb115f28469e7418270b7af4a0
