APT2 – An Automated Penetration Testing Toolkit

APT2 is a tool that allow user during penetration testing to perform NMap scan and import scan results from Nexpose, Nessus, NMap. The processesd results will be used to launch exploit and enumeration modules according to the configurable Safe Level and enumerated service information.

All module results are stored on localhost and are part of APT2’s Knowledge Base (KB). The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.

APT2 - Pentest Automation Framework

APT2 – Pentest Automation Framework

The framework include a large list of module for attacking and scanning remote systems. some of the modules are :

  1. exploit_hydrasmbpassword – Attempt to bruteforce SMB passwords
  2. exploit_msf_javarmi – Attempt to Exploit A Java RMI Service
  3. exploit_msf_jboss_maindeployer – Attempt to gain shell via Jboss
  4. exploit_msf_psexec_pth – Attempt to authenticate via PSEXEC PTH
  5. post_msf_dumphashes – Gather hashes from MSF Sessions
  6. scan_rpcclient_userenum – Get List of Users From SMB
  7. scan_msf_snmplogin – Attempt Login Using Common Community Strings
  8. scan_msf_vncnoneauth – Detect VNC Services with the None authentication type
  9. scan_nmap_msvulnscan – Nmap MS Vuln Scan
  10. scan_nmap_nfsshares – NMap NFS Share Scan
  11. scan_nmap_smbshares – NMap SMB Share Scan
  12. scan_nmap_smbsigning – NMap SMB-Signing Scan
  13. scan_nmap_smbsigning – NMap SSL Scan
  14. scan_openx11 – Attempt Login To Open X11 Servicei and Get Screenshot

If you have a Rapid7 nexpose or nessus scan report you can just import the result from the scan and feed the tool to directly run the exploitation module.

You can read more and download the tool over here: https://github.com/tatanus/

Notify of
Inline Feedbacks
View all comments