APT2 – An Automated Penetration Testing Toolkit
This tool will perform an NMap scan, or import the results of a scan from Nexpose, Nessus, or NMap. The processed results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information.
All module results are stored on localhost and are part of APT2’s Knowledge Base (KB). The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.
NOTE: APT2 is currently only tested on Linux based OSes. If you can confirm that it works on other OSes, please let us know.
On Kali Linux install the python-nmap library:
- pip install python-nmap
- pip install pysmb
- pip install yattag
- pip install scapy
- pip install ftputil
- pip install msgpack-python
To make full use of all of APT2’s modules, the following external dependencies should be installed on your system:
convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap, nmblookup, phantomjs, responder, rpcclient, secretsdump.py, smbclient, snmpwalk, sslscan, xwd
APT2 uses the default.cfg file in the root directory. Edit this file to configure APT2 to run as you desire.
Current options include:
APT2 can utuilize your host’s Metasploit RPC interface (MSGRPC). Additional Information can be found here: https://help.rapid7.com/metasploit/Content/api-rpc/getting-started-api.html
Configure NMAP scan settings to include the target, scan type, scan port range, and scan flags. These settings can be configured while the program is running.
Configure the number of the threads APT2 will use.
python apt2 or
python apt2 -C <config.txt>
python apt2 -f <nmap.xml>
python apt2 -f 192.168.1.0/24
Safe levels indicate how safe a module is to run againsts a target. The scale runs from 1 to 5 with 5 being the safest. The default configuration uses a Safe Level of 4 but can be set with the
--safelevel command line flags.
The demo was given at BlackHat US 2016 Tools Arsenal/Defcon 24 Demo Lab
The demo was given at BlackHat EU 2016 Tools Arsenal
Copyright (c) 2016 Adam Compton & Austin Lane