Information Security Inc.

APT2

Information Security Confidential - Partner Use Only

Contents

2

• About APT2

• Features

• Modules

• Requirements

• Setup

• Installing APT2

• Using APT2

• References

Information Security Confidential - Partner Use Only

About APT2

3

• APT2 is an Automated Penetration Testing Toolkit

Information Security Confidential - Partner Use Only

Features

4

• This tool will perform an NMap scan, or import the results of a scan

from Nexpose, Nessus, or Nmap

• The processed results will be used to launch exploit and

enumeration modules according to the configurable Safe Level and

enumerated service information

Information Security Confidential - Partner Use Only

Modules

5

Information Security Confidential - Partner Use Only

Requirements

6

• convert, dirb, hydra, java, john, ldapsearch, msfconsole, nmap,

nmblookup, phantomjs, responder, rpcclient, secretsdump.py,

smbclient, snmpwalk, sslscan, x11-apps

• Kali Linux users => phantomjs, secretsdump.py

(https://github.com/CoreSecurity/impacket/blob/master/examples/s

ecretsdump.py) and x11-apps

https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

Information Security Confidential - Partner Use Only

Setup

7

• Kali Linux 2017 "2017.2“ 64 bit (https://www.kali.org/downloads/)

• On Kali Linux install python-nmap library: python setup.py install

https://www.kali.org/downloads/

Information Security Confidential - Partner Use Only

Installing APT2

8

• Installing dependencies

Information Security Confidential - Partner Use Only

Installing APT2

9

• Installing dependencies (secretsdump.py)

Information Security Confidential - Partner Use Only

Installing APT2

10

• Clone it

Information Security Confidential - Partner Use Only

Installing APT2

11

• Install python-nmap library

Information Security Confidential - Partner Use Only

Using APT2

12

• APT2 options

Information Security Confidential - Partner Use Only

Using APT2

13

• If getting the following error when starting running APT2

Information Security Confidential - Partner Use Only

Using APT2

14

• Resolve it by configuring Metasploit as below

Information Security Confidential - Partner Use Only

Using APT2

15

• If getting the following error when starting running APT2

“ Module 'apt2_whois' disabled. Dependency required: 'Missing

whois library. To install run: pip install whois‘ “

Information Security Confidential - Partner Use Only

Using APT2

16

• Resolve it by installing “whois” library

Information Security Confidential - Partner Use Only

Using APT2

17

• APT2 ran against a target machine (IP 192.168.10.112)

Information Security Confidential - Partner Use Only

Using APT2

18

• APT2 ran against a target machine (IP 192.168.10.112)

• Generated reports

Information Security Confidential - Partner Use Only

Using APT2

19

• APT2 ran against a target machine (IP 192.168.10.112)

• Generated reports

Information Security Confidential - Partner Use Only

Using APT2

20

• APT2 ran against a target machine (IP 192.168.10.112)

• Generated reports

Information Security Confidential - Partner Use Only

References

21

• GitHub

https://github.com/MooseDojo/apt2

• Kali Linux

https://www.kali.org/downloads/

• Secretsdump.py

https://github.com/CoreSecurity/impacket/blob/master/examples/secretsdump.py

https://github.com/MooseDojo/apt2