Gsploit 0.0.1-draft2 – A light multi-stage / multi-vector attack framework

                              _       _ _
| |     (_)        |
__ _ ___ _ __ | | ___  _| |_
/ _` / __| ‘_ | |/ _ | | __|
| (_| __ |_) | | (_) | | |_
__, |___/ .__/|_|___/|_|__|
__/ |   | |
|___/  |_| A light multi-stage / multi-vector attack framework. Gsploit – My Favorite Penetration Testing Framework 🙂
========================================================The current version is not a stable version! Classes, interfaces, variables, and names used within Gsploit can change and/or be removed during the few months.

For any question, request, suggestion, etc., write me on the Pwn-Fu mailing  list To know the latest news about Gsploit, follow me on Twitter (@ptracesecurity) and to learn more about this framework check out our channel on Vimeo or take look at the doc.

Gsploit comes with several cheatsheets and 2 tutorials: “Gsploit Tutorial”  and “Gsploit Internals Tutorial”. The first tutorial explains how to use the Gsploit Console and develop new Gsploit Modules. While, the second tutorial tries to describe the main components of Gsploit (e.g. classes hierarchy,  internal data structures, etc.) and provide all the information necessary to start improving the framework.

NOTE: At the moment, the documentation is still in an early alpha stage and  you may not find all the answers. If so, please feel free to send me an  e-mail to: research {at} ptrace {hyphen} security {dot} com.

Gsploit Draft Version Demo from Gsploit on Vimeo.


Essential: – Python 2.x (/usr/bin/python)

Optional : – Netcat
– sbd
– Nmap
– OpenVAS


Sadly, English is not my mother language, so please be gentle when you  comment my documentation. Thank you.


Credits and Acknowledgments, outside the spectrum of the authors of Gsploit, goes out to the following entities:

– CORE Impact

– Metasploit

–[ CHANGELOG Gsploit 0.0.1-draft2]–

– The ‘exploit’ command has been renamed to ‘execute’.
– Added !command syntax support (try for example !ifconfig or !ipconfig)
– Gsploit has been entirely rewritten with the XML-RPC support
– has been modified in order to use XML-RPC
– has been optimized


Gsploit needs the MySQLdb module. To install this module, use the following
command: apt-get install python-mysqldb

This is the output on BackTrack 5r2

root@bt:~/gsploit# apt-get install python-mysqldb
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following packages were automatically installed and are no longer required:
libdmraid1.0.0.rc16 python-pyicu libdebian-installer4 cryptsetup libecryptfs0 reiserfsprogs rdate bogl-bterm ecryptfs-utils libdebconfclient0 dmraid
Use ‘apt-get autoremove’ to remove them.
Suggested packages:
python-egenix-mxdatetime python-mysqldb-dbg
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 99 not upgraded.
Need to get 76.6kB of archives.
After this operation, 283kB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
Install these packages without verification [y/N]? y
Get:1 revolution/main python-mysqldb 1.2.2-10build1 [76.6kB]
Fetched 76.6kB in 24s (3,120B/s)
Selecting previously deselected package python-mysqldb.
(Reading database … 232113 files and directories currently installed.)
Unpacking python-mysqldb (from …/python-mysqldb_1.2.2-10build1_i386.deb) …
Setting up python-mysqldb (1.2.2-10build1) …

Processing triggers for python-support …
root@bt:~/gsploit# python
Python 2.6.5 (r265:79063, Apr 16 2010, 13:09:56)
[GCC 4.4.3] on linux2
Type “help”, “copyright”, “credits” or “license” for more information.
>>> import MySQLdb

Download SVN Trunk :