Автоматическое тестирование на проникновение с помощью набора APT2 Toolkit |

Автоматическое тестирование на проникновение с помощью набора APT2 Toolkit

Обзоры

APT2 это Automated Penetration Testing Toolkit

Этот инструмент выполнит сканирование NMap или импортирует результаты сканирования из Nexpose, Nessus или NMap.

Результаты processd будут использоваться для запуска модулей эксплоита и перечисления в соответствии с настраиваемым безопасным уровнем и перечислимой служебной информацией.

Все результаты модуля хранятся на локальном хосте и являются частью базы знаний APT2 (KB).

KB доступен из приложения и позволяет пользователю просматривать собранные результаты модуля эксплойта.

APT2 Help

root@kali:~# apt2 -h
usage: apt2 [-h] [-C ] [-f [<\input file> [<\input file> ...]]]
            [--target] [--ip ] [-v] [-s SAFE_LEVEL]
            [-x EXCLUDE_TYPES] [-b] [--listmodules]

optional arguments:
  -h, --help            show this help message and exit
  -v, --verbosity       increase output verbosity
  -s SAFE_LEVEL, --safelevel SAFE_LEVEL
                        set min safe level for modules. 0 is unsafe and 5 is
                        very safe. Default is 4
  -x EXCLUDE_TYPES, --exclude EXCLUDE_TYPES
                        specify a comma seperatec list of module types to
                        exclude from running
  -b, --bypassmenu      bypass menu and run from command line arguments

inputs:
  -C        config file
  -f [<\input file> [<\input file> ...]]
                        one of more input files seperated by spaces
  --target              initial scan target(s)

advanced:
  --ip        defaults to 192.168.103.227

misc:
  --listmodules         list out all current modules and exit
root@kali:~#
root@kali:~#
root@kali:~# apt2 --listmodules | grep '|' | sort | grep -v 'Module.*Type.*Description'
[*] | anonftp                   | action |      4 | Test for Anonymous FTP                                                                    |
[*] | anonldap                  | action |      5 | Test for Anonymous LDAP Searches                                                          |
[*] | apt2_ipwhois              | action |      5 | run ipwhois                                                                               |
[*] | apt2_shodan               | action |      5 | run shodan                                                                                |
[*] | apt2_whois                | action |      5 | run whois                                                                                 |
[*] | crackPasswordHashJohnTR   | action |      5 | Attempt to crack any password hashes                                                      |
[*] | dictload                  | input  |      None  | Load DICT Input File                                                                      |
[*] | gethostname               | action |      5 | Determine the hostname for each IP                                                        |
[*] | httpoptions               | action |      5 | Get HTTP Options                                                                          |
[*] | httpscreenshot            | action |      5 | Get Screen Shot of Web Pages                                                              |
[*] | httpserverversion         | action |      5 | Get HTTP Server Version                                                                   |
[*] | hydrasmbpassword          | action |      2 | Attempt to bruteforce SMB passwords                                                       |
[*] | impacketsecretsdump       | action |      5 | Test for NULL Session                                                                     |
[*] | msf_dumphashes            | action |      4 | Gather hashes from MSF Sessions                                                           |
[*] | msf_gathersessioninfo     | action |      4 | Get Info about any new sessions                                                           |
[*] | msf_javarmi               | action |      5 | Attempt to Exploit A Java RMI Service                                                     |
[*] | msf_jboss_maindeployer    | action |      3 | Attempt to gain shell via Jboss                                                           |
[*] | msf_jboss_vulnscan        | action |      4 | Attempt to determine if a jboss instance has default creds                                |
[*] | msf_ms08_067              | action |      4 | Attempt to exploit MS08-067                                                               |
[*] | msf_openx11               | action |      5 | Attempt Login To Open X11 Service                                                         |
[*] | msf_psexec_pth            | action |      4 | Attempt to authenticate via PSEXEC PTH                                                    |
[*] | msf_smbuserenum           | action |      5 | Get List of Users From SMB                                                                |
[*] | msf_snmpenumshares        | action |      5 | Enumerate SMB Shares via LanManager OID Values                                            |
[*] | msf_snmpenumusers         | action |      5 | Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values               |
[*] | msf_snmplogin             | action |      5 | Attempt Login Using Common Community Strings                                              |
[*] | msf_tomcat_mgr_login      | action |      4 | Attempt to determine if a tomcat instance has default creds                               |
[*] | msf_tomcat_mgr_upload     | action |      3 | Attempt to gain shell via Tomcat                                                          |
[*] | msf_vncnoneauth           | action |      5 | Detect VNC Services with the None authentication type                                     |
[*] | nmaploadxml               | input  |      None  | Load NMap XML File                                                                        |
[*] | nmapms08067scan           | action |      4 | NMap MS08-067 Scan                                                                        |
[*] | nmapnfsshares             | action |      5 | NMap NFS Share Scan                                                                       |
[*] | nmapsmbshares             | action |      5 | NMap SMB Share Scan                                                                       |
[*] | nmapsmbsigning            | action |      5 | NMap SMB-Signing Scan                                                                     |
[*] | nmapsslscan               | action |      5 | NMap SSL Scan                                                                             |
[*] | nmapvncbrute              | action |      5 | NMap VNC Brute Scan                                                                       |
[*] | nullsessionrpcclient      | action |      5 | Test for NULL Session                                                                     |
[*] | nullsessionsmbclient      | action |      5 | Test for NULL Session                                                                     |
[*] | openx11                   | action |      5 | Attempt Login To Open X11 Servicei and Get Screenshot                                     |
[*] | reportgen                 | report |      None  | Generate HTML Report                                                                      |
[*] | responder                 | action |      3 | Run Responder and watch for hashes                                                        |
[*] | searchftp                 | action |      4 | Search files on FTP                                                                       |
[*] | searchnfsshare            | action |      4 | Search files on NFS Shares                                                                |
[*] | searchsmbshare            | action |      4 | Search files on SMB Shares                                                                |
[*] | snmpwalk                  | action |      5 | Run snmpwalk using found community string                                                 |
[*] | sslsslscan                | action |      5 | Determine SSL protocols and ciphers                                                       |
[*] | ssltestsslserver          | action |      5 | Determine SSL protocols and ciphers                                                       |
[*] | userenumrpcclient         | action |      5 | Get List of Users From SMB                                                                |
root@kali:~#

Пример использования APT2

root@kali:~# msfdb start
[+] Starting database
root@kali:~#
root@kali:~# msfconsole -q -x 'load msgrpc User=msf Pass=msfpass ServerPort=55552'
/usr/share/metasploit-framework/lib/msf/core/opt.rb:55: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated
[*] MSGRPC Service:  127.0.0.1:55552
[*] MSGRPC Username: msf
[*] MSGRPC Password: msfpass
[*] Successfully loaded plugin: msgrpc
msf >


root@kali:~# apt2 -s 0 -b --target 192.168.103.128
[*]
[*]       dM.    `MMMMMMMb. MMMMMMMMMM      
[*]      ,MMb     MM    `Mb /   MM   \      
[*]      d'YM.    MM     MM     MM   ____  
[*]     ,P `Mb    MM     MM     MM  6MMMMb  
[*]     d'  YM.   MM    .M9     MM MM'  `Mb
[*]    ,P   `Mb   MMMMMMM9'     MM      ,MM
[*]    d'    YM.  MM            MM     ,MM'
[*]   ,MMMMMMMMb  MM            MM   ,M'    
[*]   d'      YM. MM            MM ,M'      
[*] _dM_     _dMM_MM_          _MM_MMMMMMMM
[*]
[*]
[*] An Automated Penetration Testing Toolkit
[*] Written by: Adam Compton & Austin Lane
[*] Verion: 1.0.0
[!] Module 'apt2_shodan' disabled:
[!]      API key is missing
[!] Module 'searchnfsshare' disabled:
[!]      Module Manually Disabled !!!
[*] Input Modules Loaded:   2
[*] Action Modules Loaded:  43
[*] Report Modules Loaded:  1
[*]
[*] The KnowledgeBase will be auto saved to : /root/.apt2/proofs/KB-egghavrdqa.save
[*] Local IP is set to : 192.168.103.227
[*]       If you would rather use a different IP, then specify it via the [--ip ] argument.
[*] Scan file saved to [/root/.apt2/proofs/NMAP-nmapScan192.168.103.128-fvqoswtplf]
[*] Use the following controls while scans are running:
[*] Starting responder...
[*] - p - pause/resume event queueing
[!] VULN [NULLSession] Found on [192.168.103.128]
[*] Current # of Active Threads = [10]
[*]     ==> Responder, GetHostname, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, NmapMS08067Scan, NmapSMBSigning, NmapSMBShareScan, MSFSMBUserEnum
[*] Current # of Active Threads = [10]
[*]     ==> Responder, GetHostname, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, NmapMS08067Scan, NmapSMBSigning, NmapSMBShareScan, MSFSMBUserEnum
[*] Current # of Active Threads = [9]
[*]     ==> Responder, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, NmapMS08067Scan, NmapSMBSigning, NmapSMBShareScan, MSFSMBUserEnum
[*] Scan file saved to [/root/.apt2/proofs/NMAP-192.168.103.128_MS08067SCAN-ughssbeike]
[*] Scan file saved to [/root/.apt2/proofs/NMAP-192.168.103.128_SMBSINGINGSCAN-mcjojhzjny]
[*] Scan file saved to [/root/.apt2/proofs/NMAP-192.168.103.128_SMBSHARESCAN-idhndqdplo]
[*] Current # of Active Threads = [6]
[*]     ==> Responder, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFSMBUserEnum
[*] Current # of Active Threads = [6]
[*]     ==> Responder, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFSMBUserEnum
[*] Current # of Active Threads = [6]
[*]     ==> Responder, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFSMBUserEnum
[*] Current # of Active Threads = [1]
[*]     ==> Responder
[*] Current # of Active Threads = [1]
[*]     ==> Responder
[*] Current # of Active Threads = [1]
[*]     ==> Responder
[*] Generating Reports
[*] Report file located at /root/.apt2/reports/reportGenHTML_shfrqjwgxs.html
[*]
[*] Good Bye!
root@kali:~#
root@kali:~#
root@kali:~# tree  /root/.apt2/
/root/.apt2/
├── logs
│   └── processlog.txt
├── proofs
│   ├── httpOptions_192.168.103.128_80_vnkzicnlst
│   ├── HTTPServerVersion_192.168.103.128_443_tzeexsuztp
│   ├── HTTPServerVersion_192.168.103.128_80_awllaokxlc
│   ├── KB-egghavrdqa.save
│   ├── MSFJbossVulnscan_192.168.103.128_bcchobmmzp
│   ├── MSFJbossVulnscan_192.168.103.128_mbpdgqtezt
│   ├── MSFSMBUserEnum_192.168.103.128_krcyxrdotc
│   ├── MSFTomcatMgrLogin_192.168.103.128_pqvkxxjweb
│   ├── MSFTomcatMgrLogin_192.168.103.128_stccicqbwu
│   ├── NMAP-192.168.103.128_MS08067SCAN-ughssbeike.gnmap
│   ├── NMAP-192.168.103.128_MS08067SCAN-ughssbeike.nmap
│   ├── NMAP-192.168.103.128_MS08067SCAN-ughssbeike.xml
│   ├── NMAP-192.168.103.128_SMBSHARESCAN-idhndqdplo.gnmap
│   ├── NMAP-192.168.103.128_SMBSHARESCAN-idhndqdplo.nmap
│   ├── NMAP-192.168.103.128_SMBSHARESCAN-idhndqdplo.xml
│   ├── NMAP-192.168.103.128_SMBSINGINGSCAN-mcjojhzjny.gnmap
│   ├── NMAP-192.168.103.128_SMBSINGINGSCAN-mcjojhzjny.nmap
│   ├── NMAP-192.168.103.128_SMBSINGINGSCAN-mcjojhzjny.xml
│   ├── NMAP-nmapScan192.168.103.128-fvqoswtplf.gnmap
│   ├── NMAP-nmapScan192.168.103.128-fvqoswtplf.nmap
│   ├── NMAP-nmapScan192.168.103.128-fvqoswtplf.xml
│   ├── nmblookup_192.168.103.128_fkiytphaty
│   ├── nmblookup_192.168.103.128_jhklrjsumn
│   ├── nmblookup_192.168.103.128_pcbiyotbkm
│   ├── NULLSessionRpcClient_192.168.103.128_lfidievfys
│   ├── NULLSessionSmbClient_192.168.103.128_kgixcdjuse
│   ├── Responder_rlxujzjrqo
│   ├── Responder_tgtekbrxou
│   └── UserEnumRpcClient_192.168.103.128_nehnpiwedo
├── reports
│   └── reportGenHTML_shfrqjwgxs.html
└── tmp

4 directories, 31 files
root@kali:~#
root@kali:~#
root@kali:~# firefox /root/.apt2/reports/reportGenHTML_shfrqjwgxs.html

 

Пожалуйста, не спамьте и никого не оскорбляйте. Это поле для комментариев, а не спамбокс. Рекламные ссылки не индексируются!
Добавить комментарий