What is SPARTA?

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenient way. If little time is spent setting up commands and tools, more time can be spent focusing on analysing results.

Features

– Run nmap from SPARTA or import nmap XML output.

– Transparent staged nmap: get results quickly and achieve thorough coverage.

– Configurable context menu for each service. You can configure what to run on discovered services. Any tool that can be run from a terminal, can be run from SPARTA.

– You can run any script or tool on a service across all the hosts in scope, just with a click of the mouse.

– Define automated tasks for services (ie. Run nikto on every HTTP service, or sslscan on every ssl service).

– Default credentials check for most common services. Of course, this can also be configured to run automatically.

– Identify password reuse on the tested infrastructure. If any usernames/passwords are found by Hydra they are stored in internal wordlists which can then be used on other targets in the same network (breaking news: sysadmins reuse passwords).

– Ability to mark hosts that you have already worked on so that you don’t waste time looking at them again.

– Website screenshot taker so that you don’t waste time on less interesting web servers.

Download

Please clone the latest version of SPARTA from github:

git clone https://github.com/secforce/sparta.git

Alternatively, download the latest zip file here.

Requirements

It is recommended that Kali Linux is used as it already has most tools installed, however SPARTA would most likely also work in Debian based systems.

Kali (preferred):

apt-get install python-elixir

Ubuntu 12.04+ (untested)

apt-get install python-elixir python-qt4 xsltproc

Other than these, the following tools are required for SPARTA to have its minimum functionality:

– nmap (for adding hosts)

– hydra (for the brute tab)

– cutycapt (for screenshots)

In Kali Linux these can be installed with:

apt-get install nmap hydra cutycapt

In Kali, to ensure that you have all the tools used by SPARTA’s default configuration use:

apt-get install ldap-utils rwho rsh-client x11-apps finger



Demos

Screenshots

Feedback

We value your feedback as it will help us turn SPARTA into an even more awesome tool!

Also, since we are penetration testers and not developers there’s a chance you will find a few bugs.

For bug reports, feature requests or any other feedback, please use our issue tracker.

License / Disclaimer

SPARTA comes without warranty and is meant to be used by penetration testers during network infrastructure security assessments.

Both its developers and SECFORCE decline all responsibility:

– in case the tool is used for malicious purposes or in any illegal context;

– in case the tool crashes your system or other systems.

Authors

SPARTA was created and developed by:

Antonio Quina (@st3r30byt3)

Leonidas Stavliotis (@lstavliotis)