dM. `MMMMMMMb. MMMMMMMMMM
,MMb MM `Mb / MM
d'YM. MM MM MM ____
,P `Mb MM MM MM 6MMMMb
d' YM. MM .M9 MM MM' `Mb
,P `Mb MMMMMMM9' MM ,MM
d' YM. MM MM ,MM'
,MMMMMMMMb MM MM ,M'
d' YM. MM MM ,M'
_dM_ _dMM_MM_ _MM_MMMMMMMM
An Automated Penetration Testing Toolkit
Alat ini akan melakukan pemindaian NMAP, atau mengimpor hasil pemindaian dari Nexpose, Nessus, atau NMAP. Hasil proses akan digunakan untuk meluncurkan modul eksploitasi dan enumerasi sesuai dengan level aman yang dapat dikonfigurasi dan informasi layanan yang disebutkan.
Semua hasil modul disimpan di LocalHost dan merupakan bagian dari basis pengetahuan APT2 (KB). KB dapat diakses dari dalam aplikasi dan memungkinkan pengguna untuk melihat hasil yang dipanen dari modul eksploitasi.
Catatan: APT2 saat ini hanya diuji pada OS berbasis Linux. Jika Anda dapat mengonfirmasi bahwa itu bekerja pada OS lain, beri tahu kami.
Untuk memanfaatkan sepenuhnya semua modul APT2, dependensi eksternal berikut harus diinstal pada sistem Anda:
Konversi, Dirb, Hydra, Java, Jexboss, John, Ldapsearch, msfconsole, nmap, nmblookup, phantomjs, responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd
APT2 menggunakan file default.cfg di direktori misc. Edit file ini untuk mengonfigurasi APT2 untuk dijalankan sesuai keinginan Anda.
APT2 dapat memanfaatkan antarmuka RPC Metasploit host Anda (MSGRPC). Informasi tambahan dapat ditemukan di sini: https://metasploit.help.rapid7.com/v1.1/docs/rpc-api
Konfigurasikan pengaturan pemindaian NMAP untuk memasukkan target, jenis pemindaian, rentang port pemindaian, dan bendera pemindaian. Pengaturan ini dapat dikonfigurasi saat program sedang berjalan.
Konfigurasikan jumlah utas yang akan digunakan APT2.
python apt2.py
python apt2.py -C <config.txt>
python apt2.py -f <nmap.xml>
python apt2.py --target 192.168.1.0/24
Tingkat yang aman menunjukkan seberapa aman modul untuk menjalankan target. Skala berjalan dari 1 hingga 5 dengan 5 menjadi yang paling aman. Konfigurasi default menggunakan level 4 yang aman tetapi dapat diatur dengan bendera baris perintah -s atau --safelevel .
usage: apt2.py [-h] [-C <config.txt>] [-f [<input file> [<input file> ...]]]
[--target] [--ip <local IP>] [-v] [-s SAFE_LEVEL]
[-x EXCLUDE_TYPES] [--listmodules]
optional arguments:
-h, --help show this help message and exit
-v, --verbosity increase output verbosity
-s SAFE_LEVEL, --safelevel SAFE_LEVEL
set min safe level for modules. 0 is unsafe and 5 is
very safe. Default is 4
-x EXCLUDE_TYPES, --exclude EXCLUDE_TYPES
specify a comma seperatec list of module types to
exclude from running
inputs:
-C <config.txt> config file
-f [<input file> [<input file> ...]]
one of more input files seperated by spaces
--target initial scan target(s)
advanced:
--ip <local IP> defaults to 192.168.100.118
misc:
--listmodules list out all current modules and exit
+--------------------------------+--------+------+-----------------------------------------------------------------------------+
| Module | Type | Safe | Description |
+--------------------------------+--------+------+-----------------------------------------------------------------------------+
| exploit_hydrasmbpassword | action | 2 | Attempt to bruteforce SMB passwords |
| exploit_jexboss | action | 4 | Run JexBoss and look for vulnerabilities |
| exploit_msf_javarmi | action | 5 | Attempt to Exploit A Java RMI Service |
| exploit_msf_jboss_maindeployer | action | 3 | Attempt to gain shell via Jboss |
| exploit_msf_ms08_067 | action | 4 | Attempt to exploit MS08-067 |
| exploit_msf_ms17_010 | action | 4 | Attempt to exploit MS17-010 |
| exploit_msf_psexec_pth | action | 4 | Attempt to authenticate via PSEXEC PTH |
| exploit_msf_tomcat_mgr_login | action | 4 | Attempt to determine if a tomcat instance has default creds |
| exploit_msf_tomcat_mgr_upload | action | 3 | Attempt to gain shell via Tomcat |
| exploit_responder | action | 3 | Run Responder and watch for hashes |
| post_impacketsecretsdump | action | 5 | Dump passwords and hashes |
| post_msf_dumphashes | action | 4 | Gather hashes from MSF Sessions |
| post_msf_gathersessioninfo | action | 4 | Get Info about any new sessions |
| scan_anonftp | action | 4 | Test for Anonymous FTP |
| scan_anonldap | action | 5 | Test for Anonymous LDAP Searches |
| scan_gethostname | action | 5 | Determine the hostname for each IP |
| scan_httpoptions | action | 5 | Get HTTP Options |
| scan_httpscreenshot | action | 5 | Get Screen Shot of Web Pages |
| scan_httpserverversion | action | 5 | Get HTTP Server Version |
| scan_msf_jboss_vulnscan | action | 4 | Attempt to determine if a jboss instance has default creds |
| scan_msf_openx11 | action | 5 | Attempt Login To Open X11 Service |
| scan_msf_smbuserenum | action | 5 | Get List of Users From SMB |
| scan_msf_snmpenumshares | action | 5 | Enumerate SMB Shares via LanManager OID Values |
| scan_msf_snmpenumusers | action | 5 | Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values |
| scan_msf_snmplogin | action | 5 | Attempt Login Using Common Community Strings |
| scan_msf_vncnoneauth | action | 5 | Detect VNC Services with the None authentication type |
| scan_nmap_msvulnscan | action | 4 | Nmap MS Vuln Scan |
| scan_nmap_nfsshares | action | 5 | NMap NFS Share Scan |
| scan_nmap_smbshares | action | 5 | NMap SMB Share Scan |
| scan_nmap_smbsigning | action | 5 | NMap SMB-Signing Scan |
| scan_nmap_sslscan | action | 5 | NMap SSL Scan |
| scan_nmap_vnc_auth_bypass | action | 5 | NMap VNC Auth Bypass |
| scan_nmap_vncbrute | action | 5 | NMap VNC Brute Scan |
| scan_openx11 | action | 5 | Attempt Login To Open X11 Servicei and Get Screenshot |
| scan_rpcclient_nullsession | action | 5 | Test for NULL Session |
| scan_rpcclient_userenum | action | 5 | Get List of Users From SMB |
| scan_searchsmbshare | action | 4 | Search files on SMB Shares |
| scan_smbclient_nullsession | action | 5 | Test for NULL Session |
| scan_snmpwalk | action | 5 | Run snmpwalk using found community string |
| scan_sslscan | action | 5 | Determine SSL protocols and ciphers |
| scan_testsslserver | action | 5 | Determine SSL protocols and ciphers |
| dictload | input | None | Load DICT Input File |
| nmaploadxml | input | None | Load NMap XML File |
| reportgen | report | None | Generate HTML Report |
+--------------------------------+--------+------+-----------------------------------------------------------------------------+
Demo yang diberikan di: Blackhat US 2016 Alat Arsenal/Defcon 24 Demo Lab
Demo yang diberikan di: Blackhat EU 2016 Tools Arsenal
