APT2 – AN AUTOMATED PENETRATION TESTING TOOLKIT
This tool will perform an NMap scan, or import the results
of a scan from Nexpose, Nessus, or NMap. The processesd results will be used to
launch exploit and enumeration modules according to the configurable Safe Level
and enumerated service information.
All module results are stored on localhost and are part of
APT2‘s Knowledge Base (KB). The KB is accessible from within the application
and allows the user to view the harvested results of an exploit module.
Current External Program/Script Dependencies
To make full
use of all of APT2's modules, the following external dependencies should be
install on your system:
convert,
dirb, hydra, java, john, ldapsearch, msfconsole, nmap, nmblookup, phantomjs,
responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd
Configuration (Optional)
APT2 uses
the default.cfg file in the root directory. Edit this
file to configure APT2 to run as you desire.
Current
options include:
- metasploit
- nmap
- threading
Metasploit RPC API (metasploit)
APT2 can
utuilize your host's Metasploit RPC interface (MSGRPC). Additional Information
can be found here: https://help.rapid7.com/metasploit/Content/api-rpc/getting-started-api.html
NMAP
Configure
NMAP scan settings to include the target, scan type, scan port range, and scan
flags. These settings can be configured while the program is running.
Threading
Configure
the number of the threads APT2 will use.
Run:
No Options:
apt2
With
Configuration File
apt2 -C
Import
Nexpose, Nessus, or NMap XML
apt2 -f
Specify
Target Range to Start
apt2 --target 192.168.1.0/24
Safe Level
Safe levels indicate how safe a module is to run againsts a
target. The scale runs from 1 to 5 with 5 being the safest. The default
configuration uses a Safe Level of 4 but can be set with the
-s or --safelevel command line flags.
Usage:
usage: apt2.py [-h] [-C ] [-f [ [ ...]]] [--target] [--ip ] [-v] [-s SAFE_LEVEL] [-b] [--listmodules] optional arguments: -h, --help show this help message and exit -v, --verbosity increase output verbosity -s SAFE_LEVEL, --safelevel SAFE_LEVEL set min safe level for modules -b, --bypassmenu bypass menu and run from command line arguments inputs: -C config file -f [ [ ...]] one of more input files seperated by spaces --target initial scan target(s) ADVANCED: --ip defaults to ip of interface misc: --listmodules list out all current modules
Modules
-----------------------LIST OF CURRENT MODULES-----------------------nmaploadxml Load NMap XML Filehydrasmbpassword Attempt to bruteforce SMB passwordsnullsessionrpcclient Test for NULL Sessionmsf_snmpenumshares Enumerate SMB Shares via LanManager OID Valuesnmapbasescan Standard NMap Scanimpacketsecretsdump Test for NULL Sessionmsf_dumphashes Gather hashes from MSF Sessionsmsf_smbuserenum Get List of Users From SMBanonftp Test for Anonymous FTPsearchnfsshare Search files on NFS SharescrackPasswordHashJohnTR Attempt to crack any password hashesmsf_vncnoneauth Detect VNC Services with the None authentication typenmapsslscan NMap SSL Scannmapsmbsigning NMap SMB-Signing Scanresponder Run Responder and watch for hashesmsf_openx11 Attempt Login To Open X11 Servicenmapvncbrute NMap VNC Brute Scanmsf_gathersessioninfo Get Info about any new sessionsnmapsmbshares NMap SMB Share Scanuserenumrpcclient Get List of Users From SMBhttpscreenshot Get Screen Shot of Web Pageshttpserverversion Get HTTP Server Versionnullsessionsmbclient Test for NULL Sessionopenx11 Attempt Login To Open X11 Servicei and Get Screenshotmsf_snmplogin Attempt Login Using Common Community Stringsmsf_snmpenumusers Enumerate Local User Accounts Using LanManager/psProcessUsername OID Valueshttpoptions Get HTTP Optionsnmapnfsshares NMap NFS Share Scanmsf_javarmi Attempt to Exploit A Java RMI Serviceanonldap Test for Anonymous LDAP Searchesssltestsslserver Determine SSL protocols and ciphersgethostname Determine the hostname for each IPsslsslscan Determine SSL protocols and ciphersnmapms08067scan NMap MS08-067 Scanmsf_ms08_067 Attempt to exploit MS08-067
No comments:
Post a Comment