Metasploit Vulnerability Automation through Tor

[✨ Megiddo]

I put together an automated Metasploit script for Kali,

First you need to install Tor.

sudo apt update && sudo apt install tor -y[/align]
[align=left]sudo systemctl start tor[/align]
[align=left]sudo systemctl enable tor[/align]
[align=left]

Then check if Tor is Running

systemctl status tor

Now you need to edit the "proxychains.conf" file:

sudo nano /etc/proxychains.conf

this is all the code in my file

strict_chain[/align]<br>[align=left]proxy_dns[/align]
[align=left]remote_dns_subnet 224[/align]
[align=left]tcp_read_time_out 15000[/align]
[align=left]tcp_connect_time_out 8000[/align]
[align=left][ProxyList][/align]<br>[align=left]
socks5 127.0.0.1 9050

Now we will put the script together.

nano msf_tor_check.sh

Paste the following script inside and save.

#!/bin/bash[/align]
[align=left]# Function to check if Tor is running[/align]
[align=left]check_tor_status() {[/align]
[align=left] echo "[+] Checking if Tor is fully connected..."[/align]
[align=left] while true; do[/align]
[align=left] if curl --socks5-hostname 127.0.0.1:9050 -s https://check.torproject.org | grep -q "Congratulations. This browser is configured to use Tor"; then[/align]
[align=left] echo "[✓] Tor is connected successfully!"[/align]
[align=left] break[/align]
[align=left] else[/align]
[align=left] echo "[-] Tor is still connecting..."[/align]
[align=left] sleep 5[/align]
[align=left] fi[/align]
[align=left] done[/align]
[align=left]}[/align]
[align=left]# Start Tor[/align]
[align=left]echo "[+] Starting Tor service..."[/align]
[align=left]sudo systemctl start tor[/align]
[align=left]sleep 5 # Give Tor time to start[/align]
[align=left]# Show Tor logs in real-time[/align]
[align=left]sudo journalctl -fu tor.service &[/align]
[align=left]# Check Tor connection[/align]
[align=left]check_tor_status[/align]
[align=left]# Ask for the target website[/align]
[align=left]read -p "[?] Enter the target website (e.g., example.com): " TARGET[/align]
[align=left]# Confirm before scanning[/align]
[align=left]read -p "[?] Do you want to proceed with scanning $TARGET? (y/n): " choice[/align]
[align=left]if [[ "$choice" =~ ^[Nn]$ ]]; then[/align]
[align=left] echo "[-] Exiting script."[/align]
[align=left] exit 0[/align]
[align=left]fi[/align]
[align=left]# Run Metasploit Scans through ProxyChains[/align]
[align=left]echo "[+] Launching Metasploit through ProxyChains..."[/align]
[align=left]proxychains msfconsole -q -x "[/align]
[align=left]use auxiliary/scanner/http/http_version;[/align]
[align=left]set RHOSTS $TARGET;[/align]
[align=left]run;[/align]
[align=left]use auxiliary/scanner/http/dir_scanner;[/align]
[align=left]set RHOSTS $TARGET;[/align]
[align=left]run;[/align]
[align=left]use auxiliary/scanner/http/sql_injection;[/align]
[align=left]set RHOSTS $TARGET;[/align]
[align=left]run;[/align]
[align=left]use auxiliary/scanner/http/lfi;[/align]
[align=left]set RHOSTS $TARGET;[/align]
[align=left]run;[/align]
[align=left]use auxiliary/scanner/http/rfi_scanner;[/align]
[align=left]set RHOSTS $TARGET;[/align]
[align=left]run;[/align]
[align=left]use auxiliary/scanner/http/wordpress_scanner;[/align]
[align=left]set RHOSTS $TARGET;[/align]
[align=left]run;[/align]
[align=left]use auxiliary/scanner/http/struts_dmi_rest_exec;[/align]
[align=left]set RHOSTS $TARGET;[/align]
[align=left]run;[/align]
[align=left]use auxiliary/scanner/portscan/tcp;[/align]
[align=left]set RHOSTS $TARGET;[/align]
[align=left]set THREADS 10;[/align]
[align=left]run;[/align]
[align=left]use auxiliary/scanner/http/nikto;[/align]
[align=left]set RHOSTS $TARGET;[/align]
[align=left]run;[/align]
[align=left]exit;[/align]
[align=left]"[/align]
[align=left]echo "[+] Scanning completed!"[/align]
[align=left]

Make it executable

chmod +x msf_tor_check.sh

Run it

./auto_msf_tor_scan.sh

Features
Starts Tor and waits for a confirmed connection.
Asks for the website you want to scan.
Confirms before starting the scan.
Runs all the best Metasploit vulnerability scans mentioned earlier via ProxyChains (to ensure anonymity).
Exits Metasploit after scanning and prints a completion message.
Its worth noticing though, cloudflare and other protections will pick up on aggressive scans.