此工具将执行NMap扫描,或从Nexpose,Nessus或NMap导入扫描的结果。processesd结果将用于根据可配置的安全级别和枚举的服务信息启动漏洞利用和枚举模块。
所有模块结果存储在localhost上,并且是APT2知识库(KB)的一部分。KB可从应用程序中访问,并允许用户查看漏洞利用模块的收集结果。
安装
在Kali Linux上安装python-nmap库:
- pip install python-nmap
- pip安装pysmb
- pip install yattag
- pip安装scapy
- pip install ftputil
- pip install msgpack-python
为了充分利用所有的APT2模块,下面的外部依赖应该安装在你的系统上:convert,dirb,hydra,java,john,ldapsearch,msfconsole,nmap,nmblookup,phantomjs,responder,rpcclient,secretsdump.py,smbclient ,snmpwalk,sslscan,xwd
配置
APT2 在根目录中使用default.cfg文件。编辑此文件以配置APT2根据需要运行。
当前选项包括:
metasploit
nmap
线程
Metasploit RPC API(metasploit)
APT2可以利用您的主机的Metasploit RPC接口(MSGRPC)。其他信息可以在这里找到
https://help.rapid7.com/metasploit/Content/api-rpc/getting-started-api.htmlhttps://help.rapid7.com/metasploit/Content/api-rpc/getting-started-api.htmlhttps://help.rapid7.com/metasploit/Content/api-rpc/getting-started-api.html
NMAP
配置NMAP扫描设置以包括目标,扫描类型,扫描端口范围和扫描标志。这些设置可以在程序运行时配置。
线程
配置APT2将使用的线程数。
运行方式
无选项:python apt2 or ./apt2配置文件python apt2 -f <nmap.xml>导入Nexpose,Nessus或NMap XMLpython apt2 -f <nmap.xml>指定要开始的目标范围python apt2 -f 192.168.1.0/24无选项: python apt2 or ./apt2 配置文件 python apt2 -f <nmap.xml> 导入Nexpose,Nessus或NMap XML python apt2 -f <nmap.xml> 指定要开始的目标范围 python apt2 -f 192.168.1.0/24无选项: python apt2 or ./apt2 配置文件 python apt2 -f <nmap.xml> 导入Nexpose,Nessus或NMap XML python apt2 -f <nmap.xml> 指定要开始的目标范围 python apt2 -f 192.168.1.0/24
安全级别
安全级别表示模块针对目标运行的安全性。规模从1到5,5是最安全的。默认配置使用安全级别4,但可以使用-s或–safelevel命令行标志设置。
用法
usage: apt2.py [-h] [-C <config.txt>] [-f [<input file> [<input file> ...]]][--target] [--ip <local IP>] [-v] [-s SAFE_LEVEL] [-b][--listmodules]optional arguments:-h, --help show this help message and exit-v, --verbosity increase output verbosity-s SAFE_LEVEL, --safelevel SAFE_LEVELset min safe level for modules-b, --bypassmenu bypass menu and run from command line argumentsinputs:-C <config.txt> config file-f [<input file> [<input file> ...]]one of more input files seperated by spaces--target initial scan target(s)ADVANCED:--ip <local IP> defaults to ip of interfacemisc:--listmodules list out all current modulesusage: apt2.py [-h] [-C <config.txt>] [-f [<input file> [<input file> ...]]] [--target] [--ip <local IP>] [-v] [-s SAFE_LEVEL] [-b] [--listmodules] optional arguments: -h, --help show this help message and exit -v, --verbosity increase output verbosity -s SAFE_LEVEL, --safelevel SAFE_LEVEL set min safe level for modules -b, --bypassmenu bypass menu and run from command line arguments inputs: -C <config.txt> config file -f [<input file> [<input file> ...]] one of more input files seperated by spaces --target initial scan target(s) ADVANCED: --ip <local IP> defaults to ip of interface misc: --listmodules list out all current modulesusage: apt2.py [-h] [-C <config.txt>] [-f [<input file> [<input file> ...]]] [--target] [--ip <local IP>] [-v] [-s SAFE_LEVEL] [-b] [--listmodules] optional arguments: -h, --help show this help message and exit -v, --verbosity increase output verbosity -s SAFE_LEVEL, --safelevel SAFE_LEVEL set min safe level for modules -b, --bypassmenu bypass menu and run from command line arguments inputs: -C <config.txt> config file -f [<input file> [<input file> ...]] one of more input files seperated by spaces --target initial scan target(s) ADVANCED: --ip <local IP> defaults to ip of interface misc: --listmodules list out all current modules
模块
-----------------------LIST OF CURRENT MODULES-----------------------nmaploadxml Load NMap XML Filehydrasmbpassword Attempt to bruteforce SMB passwordsnullsessionrpcclient Test for NULL Sessionmsf_snmpenumshares Enumerate SMB Shares via LanManager OID Valuesnmapbasescan Standard NMap Scanimpacketsecretsdump Test for NULL Sessionmsf_dumphashes Gather hashes from MSF Sessionsmsf_smbuserenum Get List of Users From SMBanonftp Test for Anonymous FTPsearchnfsshare Search files on NFS SharescrackPasswordHashJohnTR Attempt to crack any password hashesmsf_vncnoneauth Detect VNC Services with the None authentication typenmapsslscan NMap SSL Scannmapsmbsigning NMap SMB-Signing Scanresponder Run Responder and watch for hashesmsf_openx11 Attempt Login To Open X11 Servicenmapvncbrute NMap VNC Brute Scanmsf_gathersessioninfo Get Info about any new sessionsnmapsmbshares NMap SMB Share Scanuserenumrpcclient Get List of Users From SMBhttpscreenshot Get Screen Shot of Web Pageshttpserverversion Get HTTP Server Versionnullsessionsmbclient Test for NULL Sessionopenx11 Attempt Login To Open X11 Servicei and Get Screenshotmsf_snmplogin Attempt Login Using Common Community Stringsmsf_snmpenumusers Enumerate Local User Accounts Using LanManager/psProcessUsername OID Valueshttpoptions Get HTTP Optionsnmapnfsshares NMap NFS Share Scanmsf_javarmi Attempt to Exploit A Java RMI Serviceanonldap Test for Anonymous LDAP Searchesssltestsslserver Determine SSL protocols and ciphersgethostname Determine the hostname for each <a target="_blank" href="https://i58.icu/tag/ip" title="View all posts in IP">IP</a>sslsslscan Determine SSL protocols and ciphersnmapms08067scan NMap i58-icu Scanmsf_ms08_067 Attempt to exploit i58-icu----------------------- LIST OF CURRENT MODULES ----------------------- nmaploadxml Load NMap XML File hydrasmbpassword Attempt to bruteforce SMB passwords nullsessionrpcclient Test for NULL Session msf_snmpenumshares Enumerate SMB Shares via LanManager OID Values nmapbasescan Standard NMap Scan impacketsecretsdump Test for NULL Session msf_dumphashes Gather hashes from MSF Sessions msf_smbuserenum Get List of Users From SMB anonftp Test for Anonymous FTP searchnfsshare Search files on NFS Shares crackPasswordHashJohnTR Attempt to crack any password hashes msf_vncnoneauth Detect VNC Services with the None authentication type nmapsslscan NMap SSL Scan nmapsmbsigning NMap SMB-Signing Scan responder Run Responder and watch for hashes msf_openx11 Attempt Login To Open X11 Service nmapvncbrute NMap VNC Brute Scan msf_gathersessioninfo Get Info about any new sessions nmapsmbshares NMap SMB Share Scan userenumrpcclient Get List of Users From SMB httpscreenshot Get Screen Shot of Web Pages httpserverversion Get HTTP Server Version nullsessionsmbclient Test for NULL Session openx11 Attempt Login To Open X11 Servicei and Get Screenshot msf_snmplogin Attempt Login Using Common Community Strings msf_snmpenumusers Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values httpoptions Get HTTP Options nmapnfsshares NMap NFS Share Scan msf_javarmi Attempt to Exploit A Java RMI Service anonldap Test for Anonymous LDAP Searches ssltestsslserver Determine SSL protocols and ciphers gethostname Determine the hostname for each <a target="_blank" href="https://i58.icu/tag/ip" title="View all posts in IP">IP</a> sslsslscan Determine SSL protocols and ciphers nmapms08067scan NMap i58-icu Scan msf_ms08_067 Attempt to exploit i58-icu----------------------- LIST OF CURRENT MODULES ----------------------- nmaploadxml Load NMap XML File hydrasmbpassword Attempt to bruteforce SMB passwords nullsessionrpcclient Test for NULL Session msf_snmpenumshares Enumerate SMB Shares via LanManager OID Values nmapbasescan Standard NMap Scan impacketsecretsdump Test for NULL Session msf_dumphashes Gather hashes from MSF Sessions msf_smbuserenum Get List of Users From SMB anonftp Test for Anonymous FTP searchnfsshare Search files on NFS Shares crackPasswordHashJohnTR Attempt to crack any password hashes msf_vncnoneauth Detect VNC Services with the None authentication type nmapsslscan NMap SSL Scan nmapsmbsigning NMap SMB-Signing Scan responder Run Responder and watch for hashes msf_openx11 Attempt Login To Open X11 Service nmapvncbrute NMap VNC Brute Scan msf_gathersessioninfo Get Info about any new sessions nmapsmbshares NMap SMB Share Scan userenumrpcclient Get List of Users From SMB httpscreenshot Get Screen Shot of Web Pages httpserverversion Get HTTP Server Version nullsessionsmbclient Test for NULL Session openx11 Attempt Login To Open X11 Servicei and Get Screenshot msf_snmplogin Attempt Login Using Common Community Strings msf_snmpenumusers Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values httpoptions Get HTTP Options nmapnfsshares NMap NFS Share Scan msf_javarmi Attempt to Exploit A Java RMI Service anonldap Test for Anonymous LDAP Searches ssltestsslserver Determine SSL protocols and ciphers gethostname Determine the hostname for each IP sslsslscan Determine SSL protocols and ciphers nmapms08067scan NMap i58-icu Scan msf_ms08_067 Attempt to exploit i58-icu
感谢您的来访,获取更多精彩文章请收藏本站。

暂无评论内容