Given a huge network (or multiple) this thing can do wonders on continuous network auditing. Yet, there should be some security switches, such as complete agent uninstalling, really secure communications with CnC (paranoid mode and above), and no persistent backdoors. Those things can introduce new vulns to the network.

After all, it is only meant to automate the classic identify-> try exploit loop. Good for me.

what does this have that tools like metasploit, nessus, or openvas doesn't do?

most of pentest tools are all about the libraries of tests they can perform.

this to me looks like a glorified nmap unless i'm mistaken.

I would be more careful in pentesting any infrastructure than letting a worm run loose on it.

There is a list of exploits this code is testing. Why not run the tests yourself instead of using each target as a launching point?

Unless you're testing 100k servers and don't have the horsepower to drive the tests, how could this be any faster?

So basically this is a worm?

This is an attack simulation tool. It can be executed from its C&C server but also from other machines in your network. By that you can simulate different scenarios like: what would have happen if my web server is compromised; or what if someone steal credential of a member of the IT team

I am on my way to try it yet. Is a worm _and_ a controller and report collector. The worm can be executed from the controller after software updates for example or periodically, and reports can be read from controller too.

You can run pentests your self on each of your networks, but once you have a couple of networks to be responsible of I think this is a great idea.

what would it take to turn this into a malicious tool?

Like many things, using it maliciously