VASTO is a Virtualization ASsessment TOolkit, a collection of Metasploit modules meant to be used as a testing tool to perform penetration tests or security audit of virtualization solutions. It has been sponsored by Secure Network and includes contributions by fellow hackers.


##### NEWS: on 10/11/2010 VASTO 0.4 has been released.
##### New in VASTO 0.4 are oracle VM exploits and updates on the VMware modules.


#########################################################
# VASTO - Virtualization ASsessment TOolkit
# Readme For Version 0.3
#########################################################

VASTO is a collection of metasploit modules meant to be used
to assess virtualization security.

It has been tested under Metasploit 3.4.2 and Ubuntu Linux,
but should work (maybe with minimal modifications) under
Windows or any platform supported by Metasploit.

The current version, 0.3, was released at Black Hat US 2010.

Modules currently implemented

- abiquo_guest_stealer.rb
Exploits a path traversal in Abiquo up to version 1.5

VASTO is a collection of metasploit modules meant to be used
to assess virtualization security.

It has been tested under Metasploit 3.4.2 and Ubuntu Linux,
but should work (maybe with minimal modifications) under
Windows or any platform supported by Metasploit.

The current version, 0.3, was released at Black Hat US 2010.

Modules currently implemented

- abiquo_guest_stealer.rb
Exploits a path traversal in Abiquo up to version 1.5

- abiquo_poison.rb
Serves evil VM if a MITM is performed.

- eucalyptus_bouncer.rb
Turn Eucalyptus systems in proxy servers.

- eucalyptus_poison.rb
Serves evil VM if a MITM is performed.

- vmware_guest_stealer.rb
Exploits a path traversal in VMware products.

- vmware_login.rb
Brute forcing for VMware

- vmware_session_rider.rb
Local proxy to ride stolen SOAPID sessions with VI Client

- vmware_sfcbd_exec.rb
Command exec (authenticated) on Studio and Data Protection

- vmware_studio_upload.rb
Arbitrary file upload on Studio 2.0 beta

- vmware_updatemanager_traversal.rb
Jetty path traversal

- vmware_version.rb
Fingerprints VMware products

- vmware_vilurker.rb
MITM code execution against VI Client

- vmware_webaccess_portscan.rb
Turn VMware WebAccess into a portscanner (or a proxy)

- vmware_autopwn
Automatizes exploiting the updatemanager traversal to ride a session

- xen_login.rb
Brute forcer for XEN server


******************** CONTRIBUTORS ************************

Claudio Criscione - Padulato, or SelfAppointedMantainer
Paolo Canaletti
Luca Carettoni
drk1wi