Automated vulnerability exploitation framework that integrates with Metasploit to discover CVEs, find exploits, and attempt exploitation automatically. Designed for ethical penetration testing only.
THIS TOOL IS FOR ETHICAL PENETRATION TESTING ONLY.
- Use ONLY with WRITTEN AUTHORIZATION (Rules of Engagement)
- UNAUTHORIZED ACCESS IS ILLEGAL and may result in:
- Criminal prosecution
- Civil liability
- Imprisonment
By using this tool, you agree to:
- Only test systems you own or have written permission to test
- Respect all applicable laws (e.g., Lei 12.737/2012 in Brazil, CFAA in USA)
- Accept full responsibility for your actions
- Automatic CVE Discovery: Automatically finds all CVEs for a given service/version
- Automatic Exploit Discovery: Searches Metasploit database for exploits matching discovered CVEs
- Automated Exploitation: Attempts exploitation for all found vulnerabilities
- Tor Integration: Optional IP obfuscation via Tor network with automatic circuit rotation
- Comprehensive Reporting: Generates detailed reports in Markdown, JSON, or HTML formats
- Target Discovery: Automatic port scanning and service detection
- Post-Exploitation: Automated post-exploitation module execution
- Authorization System: Optional scope verification via config file
- Dry-Run Mode: Test mode without actual exploitation
💡 New to Daedalus? Check out the Quick Start Guide for a step-by-step setup tutorial!
Before installing Daedalus, ensure you have:
- Python 3.8 or higher
- Metasploit Framework (must be installed and configured)
- (Optional) Tor for IP obfuscation
Metasploit Framework must be installed and the database initialized before using Daedalus.
Linux (Debian/Ubuntu):
- Update your system:
sudo apt update && sudo apt upgrade -y- Install prerequisites:
sudo apt install curl wget postgresql -y- Download and run the Metasploit installer:
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall
chmod +x msfinstall
sudo ./msfinstall- Initialize the database:
msfdb initType y and press Enter when prompted.
- Verify installation:
msfconsole -q -x 'db_status; exit'macOS:
- Install Homebrew (if not already installed):
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"- Install Metasploit Framework:
brew install metasploit- Initialize the database:
msfdb init- Verify installation:
msfconsole -q -x 'db_status; exit'Windows:
-
Download the Metasploit Framework installer from: https://www.metasploit.com/download
-
Run the installer and follow the setup wizard
-
Open Metasploit Console from the Start Menu
-
Initialize the database (if not done automatically):
msfdb init- Clone the repository:
git clone https://github.com/digenaldo/daedalus.git
cd daedalus- Install Python dependencies:
pip install -r requirements.txt- Configure Metasploit RPC (automatic setup):
make install-fullThis will:
- Install all Python dependencies
- Generate a secure password automatically
- Create scripts to start/stop the Metasploit RPC server
- Save configuration to
config/msf_config.yaml
- Start the Metasploit RPC server:
make start-msfOr manually:
./scripts/start_msfrpcd.sh- (Optional) Start Tor for IP obfuscation:
torThe framework provides a simplified interface where you only need to specify the target and service/version. The system will automatically:
- Discover all CVEs for that service/version
- Find available exploits in Metasploit
- Attempt exploitation for all found vulnerabilities
- Generate a comprehensive report
# Automatic CVE discovery and exploitation
python daedalus.py --host <target_ip> --service "apache 2.4.41"
# With Tor for IP obfuscation
python daedalus.py --host <target_ip> --service "apache 2.4.41" --use-tor
# Specific CVE
python daedalus.py --host <target_ip> --cve CVE-2024-23897
# Vulnerability type
python daedalus.py --host <target_ip> --vuln-type "rce"
# Dry-run mode (testing without actual exploitation)
python daedalus.py --host <target_ip> --service "apache 2.4.41" --dry-run# Apache 2.4.41 with automatic CVE discovery
python daedalus.py --host 192.168.1.100 --service "apache 2.4.41"
# Jenkins 2.414
python daedalus.py --host 192.168.1.100 --service "jenkins 2.414"
# WordPress 5.8
python daedalus.py --host 192.168.1.100 --service "wordpress 5.8"
# With Tor and custom output format
python daedalus.py \
--host 192.168.1.100 \
--service "apache 2.4.41" \
--use-tor \
--format html \
--output ./my_reports
# Specific CVE
python daedalus.py --host 192.168.1.100 --cve CVE-2024-23897
# Limit exploit attempts
python daedalus.py --host 192.168.1.100 --service "apache 2.4.41" --limit 5--host, -H: Target IP address
--service, -s: Service and version (e.g., "apache 2.4.41")--cve, -c: CVE identifier (e.g., "CVE-2024-23897")--vuln-type, -v: Vulnerability type (e.g., "rce", "sqli", "xss")
--port, -p: Specific port to target--use-tor: Use Tor network for IP obfuscation--tor-control-port: Tor control port (default: 9051)--tor-socks-port: Tor SOCKS port (default: 9050)--limit, -l: Limit number of exploit attempts per CVE--output, -o: Output directory for reports (default: ./reports)--format, -f: Report format: markdown, json, html (default: markdown)--dry-run: Test mode without actual exploitation--verbose, -v: Verbose output--quiet, -q: Quiet mode--config, -C: Configuration file path--auto-scan: Automatically scan target (default: true)--skip-verification: Skip vulnerability verification (not recommended)
--msf-host: Metasploit RPC host (default: 127.0.0.1)--msf-port: Metasploit RPC port (default: 55552)--msf-user: Metasploit RPC username (default: msf)--msf-password: Metasploit RPC password
authorization:
roe_file: "path/to/rules_of_engagement.pdf"
client_name: "Client Name"
test_date: "2024-01-15"
scope:
- "192.168.1.0/24"
- "10.0.0.1"
- "example.com"metasploit:
rpc_host: "127.0.0.1"
rpc_port: 55552
rpc_user: "msf"
rpc_pass: "password"
workspace: "default"
exploitation:
max_attempts: 10
timeout: 300
reliability_threshold: 0.7
auto_post_exploit: true
payloads:
default_type: "reverse_tcp"
lhost: "192.168.1.100"
lport_range: [4444, 5000]
tor:
control_port: 9051
socks_port: 9050
auto_rotate: true
rotate_interval: 5- User Input: Provide target IP and service/version (e.g.,
--host 192.168.1.100 --service "apache 2.4.41") - Authorization Check: Verify target scope (if config file exists)
- Tor Initialization (if
--use-tor): Connect to Tor and verify connection - Target Discovery: Scan target for open ports and services
- CVE Discovery: Query CVE databases (NVD API) for all CVEs affecting the service/version
- Exploit Discovery: Search Metasploit database for exploits matching each discovered CVE
- Exploitation: Attempt exploitation for all found vulnerabilities (with Tor circuit rotation if enabled)
- Session Management: Establish and manage Meterpreter sessions
- Post-Exploitation: Run post-exploitation modules automatically
- Reporting: Generate comprehensive report with all results
Input: --host 192.168.1.100 --service "apache 2.4.41" --use-tor
Step 1: Authorization Check ✓
Step 2: Tor Initialization ✓ (Exit Node: 123.45.67.89)
Step 3: Target Discovery ✓ (Found Apache 2.4.41 on port 80)
Step 4: CVE Discovery ✓ (Found 15 CVEs: CVE-2024-47252, CVE-2024-38475, ...)
Step 5: Exploit Discovery ✓ (Found 8 exploits in Metasploit)
Step 6: Exploitation:
- Attempt 1: exploit/linux/http/apache_mod_cgi_bash_env_exec (CVE-2024-47252) → FAILED
- Rotate Tor circuit → New Exit Node: 234.56.78.90
- Attempt 2: exploit/linux/http/apache_httpd_mod_rewrite_rce (CVE-2024-38475) → SUCCESS
Step 7: Session Established ✓ (Session ID: 1)
Step 8: Post-Exploitation ✓ (Gathered system info, users, network)
Step 9: Report Generated ✓ (report_192.168.1.100_20240115_143022.md)
daedalus/
├── core/
│ ├── __init__.py
│ ├── msf_client.py # Metasploit RPC client wrapper
│ ├── exploit_manager.py # Manage exploit selection and execution
│ ├── cve_discovery.py # CVE database queries
│ ├── vulnerability_scanner.py # Target scanning
│ ├── session_manager.py # Manage active sessions
│ └── authorization.py # Authorization and legal compliance
├── modules/
│ ├── __init__.py
│ ├── post_exploitation.py # Post-exploitation modules
│ └── reporting.py # Report generation
├── config/
│ ├── auth.yaml.example # Authorization config template
│ └── msf_config.yaml.example # Metasploit config template
├── templates/
│ └── exploit_report.md # Report template (Jinja2)
├── logs/
│ └── .gitignore # Log files (sensitive data)
├── tests/
│ ├── test_msf_client.py
│ ├── test_cve_discovery.py
│ └── test_integration.py
├── requirements.txt
├── setup.py
├── README.md
└── LICENSE
The framework generates comprehensive reports including:
- Target Information: IP, ports, services, versions, OS
- CVEs Discovered: All CVEs found for the service/version with CVSS scores
- Exploitation Attempts: Complete log of all exploit attempts with timestamps and results
- Sessions: Active Meterpreter sessions if successful
- Post-Exploitation Results: System information, users, network details
- IP Obfuscation: Method used (Tor or direct) and exit node IP
- Timeline: Complete timeline of all activities
- Recommendations: Security recommendations based on findings
Reports are generated in multiple formats:
- Markdown (default): Human-readable format
- JSON: Machine-readable format for automation
- HTML: Web-friendly format with styling
The framework supports optional Tor integration for IP obfuscation:
- Automatic Circuit Rotation: Rotates Tor circuit after each exploit attempt
- Connection Verification: Verifies Tor connection before starting with multiple checks
- Exit Node Tracking: Logs Tor exit node IP in reports
- Pre-flight Checks: Verifies Tor is running before attempting connection
- Error Handling: Clear error messages if Tor is not available
Before using --use-tor, verify Tor is working:
-
Install Tor (if not installed):
# macOS brew install tor # Linux (Debian/Ubuntu) sudo apt-get install tor # Linux (RHEL/CentOS) sudo yum install tor
-
Start Tor daemon:
tor
-
Verify Tor is running:
# Check if Tor process is running ps aux | grep tor # Check if ports are open netstat -an | grep -E '9050|9051' # Should show: # tcp4 0 0 127.0.0.1.9050 *.* LISTEN (SOCKS port) # tcp4 0 0 127.0.0.1.9051 *.* LISTEN (Control port)
-
Test Tor connection:
# Test SOCKS proxy curl --socks5 127.0.0.1:9050 https://api.ipify.org # Should return an IP address (your Tor exit node IP)
-
Use with Daedalus:
python daedalus.py --host <target> --service "apache 2.4.41" --use-tor
If you use --use-tor but Tor is not available:
- The framework will abort execution with clear error messages
- You'll get detailed troubleshooting steps
- You must either:
- Fix Tor and try again, OR
- Remove
--use-torflag to continue without IP obfuscation
The framework will NOT silently fall back to direct connection when --use-tor is specified - this ensures you're aware if IP obfuscation is not working.
Run tests with pytest:
# Install test dependencies
pip install -r requirements.txt
# Run all tests
pytest
# Run with coverage
pytest --cov=core --cov=modules --cov-report=html
# Run specific test file
pytest tests/test_msf_client.py# Install development dependencies
pip install -r requirements.txt
# Install pre-commit hooks
pre-commit install
# Run type checking
mypy core/ modules/
# Run linting
flake8 core/ modules/- Type Hints: All functions include type hints
- Docstrings: Comprehensive documentation
- Testing: 80%+ code coverage requirement
- Linting: Flake8 and Black formatting
- Pre-commit Hooks: Automated code quality checks
- Scope Verification: Optional target scope verification via config file
- Scope Verification: Targets are verified against authorized scope
- Audit Logging: All actions are logged for audit purposes
- Dry-Run Mode: Test mode available without actual exploitation
- Error Handling: Graceful failure handling with cleanup
- Rate Limiting: Configurable rate limiting for exploit attempts
- Requires Metasploit Framework with RPC server running
- CVE discovery depends on NVD API availability
- Tor integration requires Tor daemon running
- Some exploits may require manual configuration
- Network scanning may be slow for large port ranges
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
This tool is provided for educational and authorized security testing purposes only. The authors and contributors are not responsible for any misuse or damage caused by this tool. Users are solely responsible for ensuring they have proper authorization before using this tool.
For issues, questions, or contributions, please open an issue on GitHub.
Getting Started? See the Quick Start Guide for detailed setup instructions and common use cases.
- Metasploit Framework team
- NVD (National Vulnerability Database)
- Tor Project
- Security research community
Remember: Always use this tool responsibly and only with proper authorization. Unauthorized access to computer systems is illegal and unethical.