https://github.com/pentest-a2p2v/pentest-a2p2v-core

Core A2P2V functionality (command line based)
https://github.com/pentest-a2p2v/pentest-a2p2v-core

Last synced: 3 months ago
JSON representation

Core A2P2V functionality (command line based)

• Host: GitHub
• URL: https://github.com/pentest-a2p2v/pentest-a2p2v-core
• Owner: pentest-a2p2v
• License: apache-2.0
• Created: 2021-04-21T00:31:46.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2024-05-14T15:55:13.000Z (6 months ago)
• Last Synced: 2024-06-06T23:39:10.103Z (5 months ago)
• Language: Python
• Homepage:
• Size: 549 KB
• Stars: 67
• Watchers: 3
• Forks: 5
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-hacking-lists - pentest-a2p2v/pentest-a2p2v-core - Core A2P2V functionality (command line based) (Python)

README

        
# README

Automated Attack Path Planning and Validation (A2P2V) is a planning and cyber-attack tool that provides the capability for users to determine a set of ranked attack sequences given a specific attacker goal.  The aim of the tool is to simplify process so that non-security experts can generate clear, actionable intelligence from basic inputs using as much automation as possible and generating easy to interpret reporting. 

The system uses known network topology and system vulnerability information to determine all sets of attack sequences to obtain the attacker goal and outputs the required steps (as Metasploit commands) for the selected sequence. 

The input to the system includes: 

- **Initial conditions**: modeling the knowledge and current access of the attacker 

- **Attacker goal**: indicating a change in state (e.g. change temperature on an ICS system) or remote access to a specific target host 

- **Vulnerability information**: results of Nessus or Nmap scans or data custom (CVS) input format 

- **Network topology**: a custom XML format describing host information and network connectivity 

- **Capability details**: a custom XML format describing a set of known services and exploits specified using a PAP (Pre-condition, Action and Post-condition) model. 

## Prerequisites

A2P2V has the following prerequisites beyond what is installed via requirements.txt during setup:

- python >= 3.6

- (If executing attacks) Metasploit RPC daemon running.  (Default configuration uses port 55552, username msf, password welcome1)

- python-tk installed

To install python tk on Ubuntu (assuming python 3.9):

    sudo apt install python3.9-tk

To start the Metasploit RPC daemon, we recommend running in a docker container, using the provided script:

    $ cd scripts/

    $ ./run_msfrpcd.sh

## Installation

Installing in a virtualenv is recommended.

First create a venvs directory:

    mkdir $HOME/.venvs/

Create the virtual environment:

    python3 -m venv ~/.venvs/a2p2v

Activate the virtual environment:

    source ~/.venvs/a2p2v/bin/activate 

Install:

    pip install -r requirements.txt

    pip install .

## Preparation (load capability definitions)

The first time that the tool is run, the capabilities definitions needs to be imported. For example, to load the provided default capabilities definitions:

```

a2p2v --cpdb [path_of_yml_file]

```

## Getting started: Planning mode

The system is run in planning mode using the following command line arguments:

```

$ a2p2v --plan

```

The following selections are shown:

```

TREE#|SCORE|HOPS                               |FINAL CAPABILITY OPTIONS                          |GOALS

-----|-----|-----------------------------------|--------------------------------------------------|---------------

    0| 6.24|GW(1)>HMI(4)>OPC(4)>PLC(1)         |action=WRITE_REGISTERS                            |change_temp

-----|-----|-----------------------------------|--------------------------------------------------|---------------

    1| 6.24|GW(1)>HMI(4)>EWS10(4)>PLC(1)       |action=WRITE_REGISTERS                            |change_temp

------------------------------------------------------------------------------------------------------------------

Select an attack tree to execute (or any other value to exit): 

```

A detailed report and corresponding set of attack trees can be found in the **reports/** directory.

## Getting started: single host target

The tool can also be run against a single target, assuming network connectivity to the target.

The system is run in single host mode by specifying a target in the command line arguments:

```

a2p2v --target USER1

```

The list of all known exploits are shown in the selection.  You can choose a specific

exploit to use, or all of them.

```

TREE#|SCORE|CAPABILITY

-----|-----|--------------------------------------------------

    0|  8.4|exploit/windows/smb/ms17_010_eternalblue

-----|-----|--------------------------------------------------

    1|  8.4|exploit/windows/smb/ms17_010_psexec

-----|-----|--------------------------------------------------

    2|  8.4|exploit/windows/smb/ms10_061_spoolss

-----|-----|--------------------------------------------------

    3|  8.2|exploit/windows/rdp/cve_2019_0708_bluekeep_rce

----------------------------------------------------------------

Select a capability to execute, 'a' for all, or any other value to skip: a

```

The corresponding report is similar to that generated for the system use case.

## License

```

Copyright (C) 2018-2023 Toshiba Corporation and Peraton Labs, Inc.

Licensed under the Apache License, Version 2.0 (the "License");

you may not use this file except in compliance with the License.

You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software

distributed under the License is distributed on an "AS IS" BASIS,

WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

See the License for the specific language governing permissions and

limitations under the License.

```

The file `lab_config/capabilities_metasploit.yml` is based on the modules information of Metasploit Framework.

This file contains no information about the attack module other than the BSD license.

The license of the Metasploit Framework is shown below.

- Metasploit Framework: BSD-3-clause License https://github.com/rapid7/metasploit-framework/blob/master/LICENSE

```

Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/

Source: https://www.metasploit.com/

Files: *

Copyright: 2006-2020, Rapid7, Inc.

License: BSD-3-clause

# The Metasploit Framework is provided under the 3-clause BSD license provided

# at the end of this file.

#

# The copyright on this package is held by Rapid7, Inc.

#

The Original Code and all software distributed under the License are

distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER

EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,

INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,

FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.

Please see the License for the specific language governing rights and

limitations under the License."

```