Automated Penetration Toolkit can perform an NMap scan and import the scan results from Nexpose, Nessus and other scanning tools. The results are further used to launch exploit and enumeration modules.

All the results are stored to knowledge base of APT2 on localhost machine. The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.

Setup:

On kali Linux install Python-Nmap library: pip installpython-nmap

Configuration:

To configure APT2 to run as you desire, edit the default.cfg file in root directory.

Current options include:

• metasploit

• nmap

• threading

Metasploit RPC API:

APT2 can utuilize your host’s Metasploit RPC interface

NMAP:

Configure NMAP scan settings to include the target, scan type, scan port range, and scan flags. These settings can be configured while the program is running.

Threading:

Configure the number of the threads APT2 will use.

Run:

No Options:

python apt2 or ./apt2 With Configuration File

python apt2 -C <config.txt>

Import Nexpose, Nessus, or NMap XML

python apt2 -f <nmap.xml>

Specify Target Range to Start

python apt2 -f 192.168.1.0/24

Safe Level:

Safe levels indicate how safe a module is to run againsts a target. The scale runs from 1 to 5 with 5 being the safest. The default configuration uses a Safe Level of 4 but can be set with the -s or –safelevel command line flags.

Usage:

apt2.py [-h] [-C <config.txt>] [-f [<input file> [<input file> …]]]

[–target] [–ip <local IP>] [-v] [-s SAFE_LEVEL] [-b] [–listmodules] optional arguments: -h, –help show this help message and exit -v, –verbosity increase output verbosity -s SAFE_LEVEL, –safelevel SAFE_LEVEL set min safe level for modules -b, –bypassmenu bypass menu and run from command line arguments inputs: -C <config.txt> config file -f [<input file> [<input file> …]] one of more input files seperated by spaces –target initial scan target(s) advanced: –ip <local IP> defaults to ip of interface misc: –listmodules list out all current modules

Modules