|
1 | | -# automated_pentest |
| 1 | +# APT2 - An Automated Penetration Testing Toolkit |
| 2 | + |
| 3 | +``` |
| 4 | + dM. `MMMMMMMb. MMMMMMMMMM |
| 5 | + ,MMb MM `Mb / MM \ |
| 6 | + d'YM. MM MM MM ____ |
| 7 | + ,P `Mb MM MM MM 6MMMMb |
| 8 | + d' YM. MM .M9 MM MM' `Mb |
| 9 | + ,P `Mb MMMMMMM9' MM ,MM |
| 10 | + d' YM. MM MM ,MM' |
| 11 | + ,MMMMMMMMb MM MM ,M' |
| 12 | + d' YM. MM MM ,M' |
| 13 | + _dM_ _dMM_MM_ _MM_MMMMMMMM |
| 14 | +
|
| 15 | +
|
| 16 | + An Automated Penetration Testing Toolkit |
| 17 | +``` |
| 18 | +This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information. |
| 19 | + |
| 20 | +All module results are stored on localhost and are part of APT2's Knowledge Base (KB). The KB is accessible from within the application and allows the user to view the harvested results of an exploit module. |
| 21 | + |
| 22 | +## Setup |
| 23 | + |
| 24 | +On Kali Linux install python-nmap library: `pip install python-nmap` |
| 25 | + |
| 26 | +## Configuration (Optional) |
| 27 | +APT2 uses the *default.cfg* file in the root directory. Edit this file to configure APT2 to run as you desire. |
| 28 | + |
| 29 | +Current options include: |
| 30 | +- metasploit |
| 31 | +- nmap |
| 32 | +- threading |
| 33 | + |
| 34 | +##### Metasploit RPC API (metasploit) |
| 35 | +APT2 can utuilize your host's Metasploit RPC interface (MSGRPC). Additional Information can be found here: https://help.rapid7.com/metasploit/Content/api-rpc/getting-started-api.html |
| 36 | + |
| 37 | +##### NMAP |
| 38 | +Configure NMAP scan settings to include the target, scan type, scan port range, and scan flags. These settings can be configured while the program is running. |
| 39 | + |
| 40 | +##### Threading |
| 41 | +Configure the number of the threads APT2 will use. |
| 42 | + |
| 43 | +## Run: |
| 44 | +#### No Options: |
| 45 | +`python apt2` or `./apt2` |
| 46 | +#### With Configuration File |
| 47 | +`python apt2 -C <config.txt>` |
| 48 | +#### Import Nexpose, Nessus, or NMap XML |
| 49 | +`python apt2 -f <nmap.xml>` |
| 50 | +#### Specify Target Range to Start |
| 51 | +`python apt2 -f 192.168.1.0/24` |
| 52 | + |
| 53 | +## Safe Level |
| 54 | +Safe levels indicate how safe a module is to run againsts a target. The scale runs from 1 to 5 with 5 being the safest. The default configuration uses a Safe Level of 4 but can be set with the `-s` or `--safelevel` command line flags. |
| 55 | + |
| 56 | +## Usage: |
| 57 | +``` |
| 58 | +usage: apt2.py [-h] [-C <config.txt>] [-f [<input file> [<input file> ...]]] |
| 59 | + [--target] [--ip <local IP>] [-v] [-s SAFE_LEVEL] [-b] |
| 60 | + [--listmodules] |
| 61 | +
|
| 62 | +optional arguments: |
| 63 | + -h, --help show this help message and exit |
| 64 | + -v, --verbosity increase output verbosity |
| 65 | + -s SAFE_LEVEL, --safelevel SAFE_LEVEL |
| 66 | + set min safe level for modules |
| 67 | + -b, --bypassmenu bypass menu and run from command line arguments |
| 68 | +
|
| 69 | +inputs: |
| 70 | + -C <config.txt> config file |
| 71 | + -f [<input file> [<input file> ...]] |
| 72 | + one of more input files seperated by spaces |
| 73 | + --target initial scan target(s) |
| 74 | +
|
| 75 | +ADVANCED: |
| 76 | + --ip <local IP> defaults to ip of interface |
| 77 | +
|
| 78 | +misc: |
| 79 | + --listmodules list out all current modules |
| 80 | +
|
| 81 | +``` |
| 82 | + |
| 83 | +## Modules |
| 84 | +``` |
| 85 | +----------------------- |
| 86 | +LIST OF CURRENT MODULES |
| 87 | +----------------------- |
| 88 | +nmaploadxml Load NMap XML File |
| 89 | +hydrasmbpassword Attempt to bruteforce SMB passwords |
| 90 | +nullsessionrpcclient Test for NULL Session |
| 91 | +msf_snmpenumshares Enumerate SMB Shares via LanManager OID Values |
| 92 | +nmapbasescan Standard NMap Scan |
| 93 | +impacketsecretsdump Test for NULL Session |
| 94 | +msf_dumphashes Gather hashes from MSF Sessions |
| 95 | +msf_smbuserenum Get List of Users From SMB |
| 96 | +anonftp Test for Anonymous FTP |
| 97 | +searchnfsshare Search files on NFS Shares |
| 98 | +crackPasswordHashJohnTR Attempt to crack any password hashes |
| 99 | +msf_vncnoneauth Detect VNC Services with the None authentication type |
| 100 | +nmapsslscan NMap SSL Scan |
| 101 | +nmapsmbsigning NMap SMB-Signing Scan |
| 102 | +responder Run Responder and watch for hashes |
| 103 | +msf_openx11 Attempt Login To Open X11 Service |
| 104 | +nmapvncbrute NMap VNC Brute Scan |
| 105 | +msf_gathersessioninfo Get Info about any new sessions |
| 106 | +nmapsmbshares NMap SMB Share Scan |
| 107 | +userenumrpcclient Get List of Users From SMB |
| 108 | +httpscreenshot Get Screen Shot of Web Pages |
| 109 | +httpserverversion Get HTTP Server Version |
| 110 | +nullsessionsmbclient Test for NULL Session |
| 111 | +openx11 Attempt Login To Open X11 Servicei and Get Screenshot |
| 112 | +msf_snmplogin Attempt Login Using Common Community Strings |
| 113 | +msf_snmpenumusers Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values |
| 114 | +httpoptions Get HTTP Options |
| 115 | +nmapnfsshares NMap NFS Share Scan |
| 116 | +msf_javarmi Attempt to Exploit A Java RMI Service |
| 117 | +anonldap Test for Anonymous LDAP Searches |
| 118 | +ssltestsslserver Determine SSL protocols and ciphers |
| 119 | +gethostname Determine the hostname for each IP |
| 120 | +sslsslscan Determine SSL protocols and ciphers |
| 121 | +nmapms08067scan NMap MS08-067 Scan |
| 122 | +msf_ms08_067 Attempt to exploit MS08-067 |
| 123 | +``` |
0 commit comments