armory: take in a lot of external and discovery data from a lot of tools

by do son · Published · Updated

Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of the related information. It isn’t meant to replace any specific tool. It is meant to take the output from various tools, and use it to feed other tools.

armory

Install

git clone https://github.com/depthsecurity/armory.git
python setup.py install

Next, edit settings.ini and modify the base_path option. This should point to the root path you are using for your current project. You should change this with every project, so you will always be using a clean database. All files generated by modules will be created here, as well as the sqlite3 database. By default, it will be within the current directory-.

Use

Modules

Modules run tools, ingest output, and write it to the database. To see a list of available modules, type:

 armory -lm

Available modules:
DNSRecon
Fierce
GobusterDNS
GobusterDir
Gowitness
HeaderScanner
Hydra
Ingestor
LinkedInt
Nessus
Nmap
NmapCertScan
PowerMeta
SSLScan
SampleModule
SampleToolModule
Sublist3r
TheHarvester
Tko-subs
URLScanner
Whois

To see a list of module options, type:

armory -m <module> -M
Ingestor



    Ingests domains and IPs. Domains get ip info and cidr info, and IPs get

    CIDR info.





usage: Ingestor [-h] [-d IMPORT_DOMAINS] [-i IMPORT_IPS] [-a] [-p] [-sc] [-sb]

                [-Ii] [--force]



optional arguments:

  -h, --help            show this help message and exit

  -d IMPORT_DOMAINS, --import_domains IMPORT_DOMAINS

                        Either domain to import or file containing domains to

                        import. One per line

  -i IMPORT_IPS, --import_ips IMPORT_IPS

                        Either IP/range to import or file containing IPs and

                        ranges, one per line.

  -a, --active          Set scoping on imported data as active

  -p, --passive         Set scoping on imported data as passive

  -sc, --scope_cidrs    Cycle through out of scope networks and decide if you

                        want to add them in scope

  -sb, --scope_base_domains

                        Cycle through out of scope base domains and decide if

                        you want to add them in scope

  -Ii, --import_database_ips

                        Import IPs from database

  --force               Force processing again, even if already processed

 

Reports

Reports are similar to modules, except they are meant to pull data from the database and display it in a usable format. To view all of the available reports:

armory -lr

To view available report options:

armory -r <report> -R

Interactive Shell

There is also an interactive shell which uses IPython as the base and will allow you to run commands or change database values. It can be launched with  armory-shell. By default, the following will be available: Domain, BaseDomains, IPAddresses, CIDRs, Users, Creds, Vulns, Ports, Urls, ScopeCIDRs.

Tutorial

Copyright (C) 2018 depthsecurity

Tags: Armory