APT2 is an Automated Penetration Testing Toolkit. This tool volition perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processesd results volition live on used to launch exploit in addition to enumeration modules according to the configurable Safe Level in addition to enumerated service information. All module results are stored on localhost in addition to are business office of APT2’s Knowledge Base (KB). The KB is accessible from inside the application in addition to allows the user to persuasion the harvested results of an exploit module.
APT2 Help
root@kali: # apt2 -h
usage: apt2 [-h] [-C ] [-f [<\input file> [<\input file> ...]]]
[--target] [--ip ] [-v] [-s SAFE_LEVEL]
[-x EXCLUDE_TYPES] [-b] [--listmodules]
optional arguments:
-h, --help exhibit this assistance message in addition to exit
-v, --verbosity growth output verbosity
-s SAFE_LEVEL, --safelevel SAFE_LEVEL
laid upwards instant security score for modules. 0 is dangerous in addition to five is
real safe. Default is 4
-x EXCLUDE_TYPES, --exclude EXCLUDE_TYPES
specify a comma seperatec listing of module types to
exclude from running
-b, --bypassmenu bypass card in addition to run from command business arguments
inputs:
-C config file
-f [<\input file> [<\input file> ...]]
1 of to a greater extent than input files seperated past times spaces
--target initial scan target(s)
advanced:
--ip defaults to 192.168.103.227
misc:
--listmodules listing out all electrical flow modules in addition to exit
root@kali: #
root@kali: #
root@kali: # apt2 --listmodules | grep '|' | course of study | grep -v 'Module.*Type.*Description'
[*] | anonftp | activeness | iv | Test for Anonymous FTP |
[*] | anonldap | activeness | five | Test for Anonymous LDAP Searches |
[*] | apt2_ipwhois | activeness | five | run ipwhois |
[*] | apt2_shodan | activeness | five | run shodan |
[*] | apt2_whois | activeness | five | run whois |
[*] | crackPasswordHashJohnTR | activeness | five | Attempt to scissure whatever password hashes |
[*] | dictload | input | None | Load DICT Input File |
[*] | gethostname | activeness | five | Determine the hostname for each IP |
[*] | httpoptions | activeness | five | Get HTTP Options |
[*] | httpscreenshot | activeness | five | Get Screen Shot of Web Pages |
[*] | httpserverversion | activeness | five | Get HTTP Server Version |
[*] | hydrasmbpassword | activeness | ii | Attempt to bruteforce SMB passwords |
[*] | impacketsecretsdump | activeness | five | Test for NULL Session |
[*] | msf_dumphashes | activeness | iv | Gather hashes from MSF Sessions |
[*] | msf_gathersessioninfo | activeness | iv | Get Info close whatever novel sessions |
[*] | msf_javarmi | activeness | five | Attempt to Exploit H5N1 Java RMI Service |
[*] | msf_jboss_maindeployer | activeness | three | Attempt to gain vanquish via Jboss |
[*] | msf_jboss_vulnscan | activeness | iv | Attempt to gain upwards one's hear if a jboss illustration has default creds |
[*] | msf_ms08_067 | activeness | iv | Attempt to exploit MS08-067 |
[*] | msf_openx11 | activeness | five | Attempt Login To Open X11 Service |
[*] | msf_psexec_pth | activeness | iv | Attempt to authenticate via PSEXEC PTH |
[*] | msf_smbuserenum | activeness | five | Get List of Users From SMB |
[*] | msf_snmpenumshares | activeness | five | Enumerate SMB Shares via LanManager OID Values |
[*] | msf_snmpenumusers | activeness | five | Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values |
[*] | msf_snmplogin | activeness | five | Attempt Login Using Common Community Strings |
[*] | msf_tomcat_mgr_login | activeness | iv | Attempt to gain upwards one's hear if a tomcat illustration has default creds |
[*] | msf_tomcat_mgr_upload | activeness | three | Attempt to gain vanquish via Tomcat |
[*] | msf_vncnoneauth | activeness | five | Detect VNC Services amongst the None authentication type |
[*] | nmaploadxml | input | None | Load NMap XML File |
[*] | nmapms08067scan | activeness | iv | NMap MS08-067 Scan |
[*] | nmapnfsshares | activeness | five | NMap NFS Share Scan |
[*] | nmapsmbshares | activeness | five | NMap SMB Share Scan |
[*] | nmapsmbsigning | activeness | five | NMap SMB-Signing Scan |
[*] | nmapsslscan | activeness | five | NMap SSL Scan |
[*] | nmapvncbrute | activeness | five | NMap VNC Brute Scan |
[*] | nullsessionrpcclient | activeness | five | Test for NULL Session |
[*] | nullsessionsmbclient | activeness | five | Test for NULL Session |
[*] | openx11 | activeness | five | Attempt Login To Open X11 Servicei in addition to Get Screenshot |
[*] | reportgen | written report | None | Generate HTML Report |
[*] | responder | activeness | three | Run Responder in addition to lookout for hashes |
[*] | searchftp | activeness | iv | Search files on FTP |
[*] | searchnfsshare | activeness | iv | Search files on NFS Shares |
[*] | searchsmbshare | activeness | iv | Search files on SMB Shares |
[*] | snmpwalk | activeness | five | Run snmpwalk using constitute community string |
[*] | sslsslscan | activeness | five | Determine SSL protocols in addition to ciphers |
[*] | ssltestsslserver | activeness | five | Determine SSL protocols in addition to ciphers |
[*] | userenumrpcclient | activeness | five | Get List of Users From SMB |
root@kali: #
APT2 Usage Example
root@kali: # msfdb start
[+] Starting database
root@kali: #
root@kali: # msfconsole -q -x 'load msgrpc User=msf Pass=msfpass ServerPort=55552'
/usr/share/metasploit-framework/lib/msf/core/opt.rb:55: warning: constant OpenSSL::SSL::SSLContext::METHODS is deprecated
[*] MSGRPC Service: 127.0.0.1:55552
[*] MSGRPC Username: msf
[*] MSGRPC Password: msfpass
[*] Successfully loaded plugin: msgrpc
msf >
root@kali: # apt2 -s 0 -b --target 192.168.103.128
[*]
[*] dM. `MMMMMMMb. MMMMMMMMMM
[*] ,MMb MM `Mb / MM \
[*] d'YM. MM MM MM ____
[*] ,P `Mb MM MM MM 6MMMMb
[*] d' YM. MM .M9 MM MM' `Mb
[*] ,P `Mb MMMMMMM9' MM ,MM
[*] d' YM. MM MM ,MM'
[*] ,MMMMMMMMb MM MM ,M'
[*] d' YM. MM MM ,M'
[*] _dM_ _dMM_MM_ _MM_MMMMMMMM
[*]
[*]
[*] An Automated Penetration Testing Toolkit
[*] Written by: Adam Compton & Austin Lane
[*] Verion: 1.0.0
[!] Module 'apt2_shodan' disabled:
[!] API substitution is missing
[!] Module 'searchnfsshare' disabled:
[!] Module Manually Disabled !!!
[*] Input Modules Loaded: 2
[*] Action Modules Loaded: 43
[*] Report Modules Loaded: 1
[*]
[*] The KnowledgeBase volition live on automobile saved to : /root/.apt2/proofs/KB-egghavrdqa.save
[*] Local IP is laid upwards to : 192.168.103.227
[*] If you lot would rather role a dissimilar IP, in addition to then specify it via the [--ip ] argument.
[*] Scan file saved to [/root/.apt2/proofs/NMAP-nmapScan192.168.103.128-fvqoswtplf]
[*] Use the next controls piece scans are running:
[*] Starting responder...
[*] - p - pause/resume trial queueing
[!] VULN [NULLSession] Found on [192.168.103.128]
[*] Current # of Active Threads = [10]
[*] ==> Responder, GetHostname, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, NmapMS08067Scan, NmapSMBSigning, NmapSMBShareScan, MSFSMBUserEnum
[*] Current # of Active Threads = [10]
[*] ==> Responder, GetHostname, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, NmapMS08067Scan, NmapSMBSigning, NmapSMBShareScan, MSFSMBUserEnum
[*] Current # of Active Threads = [9]
[*] ==> Responder, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, NmapMS08067Scan, NmapSMBSigning, NmapSMBShareScan, MSFSMBUserEnum
[*] Scan file saved to [/root/.apt2/proofs/NMAP-192.168.103.128_MS08067SCAN-ughssbeike]
[*] Scan file saved to [/root/.apt2/proofs/NMAP-192.168.103.128_SMBSINGINGSCAN-mcjojhzjny]
[*] Scan file saved to [/root/.apt2/proofs/NMAP-192.168.103.128_SMBSHARESCAN-idhndqdplo]
[*] Current # of Active Threads = [6]
[*] ==> Responder, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFSMBUserEnum
[*] Current # of Active Threads = [6]
[*] ==> Responder, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFSMBUserEnum
[*] Current # of Active Threads = [6]
[*] ==> Responder, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFJbossVulnscan, MSFTomcatMgrLogin, MSFSMBUserEnum
[*] Current # of Active Threads = [1]
[*] ==> Responder
[*] Current # of Active Threads = [1]
[*] ==> Responder
[*] Current # of Active Threads = [1]
[*] ==> Responder
[*] Generating Reports
[*] Report file located at /root/.apt2/reports/reportGenHTML_shfrqjwgxs.html
[*]
[*] Good Bye!
root@kali: #
root@kali: #
root@kali: # tree /root/.apt2/
/root/.apt2/
├── logs
│ └── processlog.txt
├── proofs
│ ├── httpOptions_192.168.103.128_80_vnkzicnlst
│ ├── HTTPServerVersion_192.168.103.128_443_tzeexsuztp
│ ├── HTTPServerVersion_192.168.103.128_80_awllaokxlc
│ ├── KB-egghavrdqa.save
│ ├── MSFJbossVulnscan_192.168.103.128_bcchobmmzp
│ ├── MSFJbossVulnscan_192.168.103.128_mbpdgqtezt
│ ├── MSFSMBUserEnum_192.168.103.128_krcyxrdotc
│ ├── MSFTomcatMgrLogin_192.168.103.128_pqvkxxjweb
│ ├── MSFTomcatMgrLogin_192.168.103.128_stccicqbwu
│ ├── NMAP-192.168.103.128_MS08067SCAN-ughssbeike.gnmap
│ ├── NMAP-192.168.103.128_MS08067SCAN-ughssbeike.nmap
│ ├── NMAP-192.168.103.128_MS08067SCAN-ughssbeike.xml
│ ├── NMAP-192.168.103.128_SMBSHARESCAN-idhndqdplo.gnmap
│ ├── NMAP-192.168.103.128_SMBSHARESCAN-idhndqdplo.nmap
│ ├── NMAP-192.168.103.128_SMBSHARESCAN-idhndqdplo.xml
│ ├── NMAP-192.168.103.128_SMBSINGINGSCAN-mcjojhzjny.gnmap
│ ├── NMAP-192.168.103.128_SMBSINGINGSCAN-mcjojhzjny.nmap
│ ├── NMAP-192.168.103.128_SMBSINGINGSCAN-mcjojhzjny.xml
│ ├── NMAP-nmapScan192.168.103.128-fvqoswtplf.gnmap
│ ├── NMAP-nmapScan192.168.103.128-fvqoswtplf.nmap
│ ├── NMAP-nmapScan192.168.103.128-fvqoswtplf.xml
│ ├── nmblookup_192.168.103.128_fkiytphaty
│ ├── nmblookup_192.168.103.128_jhklrjsumn
│ ├── nmblookup_192.168.103.128_pcbiyotbkm
│ ├── NULLSessionRpcClient_192.168.103.128_lfidievfys
│ ├── NULLSessionSmbClient_192.168.103.128_kgixcdjuse
│ ├── Responder_rlxujzjrqo
│ ├── Responder_tgtekbrxou
│ └── UserEnumRpcClient_192.168.103.128_nehnpiwedo
├── reports
│ └── reportGenHTML_shfrqjwgxs.html
└── tmp
4 directories, 31 files
root@kali: #
root@kali: #
root@kali: # firefox /root/.apt2/reports/reportGenHTML_shfrqjwgxs.html
Source:
Author: Adam Compton & Austin Lane
License: MIT
Buat lebih berguna, kongsi:
