Automated penetration tests with APT2
Penetration tests on a very big network? APT2 can help you!
A penetration test usually begins with a perimetral scan (es. using NMAP), after continues with a testing for services (and their default passwords).
Finally performs testing of known exploits and if gets access starts with lateral movement.
APT2 will help us to perform all this steps.
APT2 is an open source automated toolkit which uses tools like Nmap and Metasploit to perform penetration tests.
It starts by performing an NMap scan and uses the results to test known exploits for the found services.
The APT2 framework consisting of modules, event queues and a knowledge base: all module results are stored on localhost and are part of APT2’s Knowledge Base.
The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.
APT2 modules
nmaploadxml Load NMap XML File
hydrasmbpassword Attempt to bruteforce SMB passwords
nullsessionrpcclient Test for NULL Session
msf_snmpenumshares Enumerate SMB Shares via LanManager OID Values
nmapbasescan Standard NMap Scan
impacketsecretsdump Test for NULL Session
msf_dumphashes Gather hashes from MSF Sessions
msf_smbuserenum Get List of Users From SMB
anonftp Test for Anonymous FTP
searchnfsshare Search files on NFS Shares
crackPasswordHashJohnTR Attempt to crack any password hashes
msf_vncnoneauth Detect VNC Services with the None authentication type
nmapsslscan NMap SSL Scan
nmapsmbsigning NMap SMB-Signing Scan
responder Run Responder and watch for hashes
msf_openx11 Attempt Login To Open X11 Service
nmapvncbrute NMap VNC Brute Scan
msf_gathersessioninfo Get Info about any new sessions
nmapsmbshares NMap SMB Share Scan
userenumrpcclient Get List of Users From SMB
httpscreenshot Get Screen Shot of Web Pages
httpserverversion Get HTTP Server Version
nullsessionsmbclient Test for NULL Session
openx11 Attempt Login To Open X11 Servicei and Get Screenshot
msf_snmplogin Attempt Login Using Common Community Strings
msf_snmpenumusers Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values
httpoptions Get HTTP Options
nmapnfsshares NMap NFS Share Scan
msf_javarmi Attempt to Exploit A Java RMI Service
anonldap Test for Anonymous LDAP Searches
ssltestsslserver Determine SSL protocols and ciphers
gethostname Determine the hostname for each IP
sslsslscan Determine SSL protocols and ciphers
nmapms08067scan NMap MS08-067 Scan
msf_ms08_067 Attempt to exploit MS08-067
Some video demos
Given at: BlackHat EU 2016
[embed]https://www.youtube.com/watch?v=6RJlfc5bVRk[/embed]
[embed]https://www.youtube.com/watch?v=94hk6bNwQfU[/embed]
More technical information and installation
[embed]https://github.com/MooseDojo/apt2[/embed]