Autopen is a very modular tool that automates the execution of scans during a penetration test.

Related tags

Networking autopen
Overview

Autopen

Autopen is a very modular tool that automates the execution of scans during a penetration test. A Nmap scan result in the form of an XML file is required as the basis for the modules to be executed. This XML file can be passed as an argument. If no scan result is provided, autopen can perform the Nmap scan by itself.

Using multithreading, several scans are executed simultaneously. The use of different modules can be adapted on the fly by using module names, port numbers or IP addresses as a filter. Autopen is well suited to test a given user password combination on many machines and different services.

The core is the modules.json file, which contains the syntax of the executable commands. Variables can also be stored in this configuration file, which are automatically included in the arguments of Argparse.

Requirements

  • Python 3

Furthermore all modules specified in the configuration file are considered as dependencies.
If a module is not installed, an error is issued and the next module is executed.

Install

The setup script will only read the absolute path of the script location and insert this path into the modules.json file.

bash setup.sh

Configuration

The modules.json file contains all modules that can be executed by autopen.
The modules have the following structure:

[optional ] > 2>&1", "port": "portNumber1, portNumber2, [...]" }, ">
{
    "name": "nameOfModule",
    "riskLevel": "riskLevelAsInteger",
    "syntax": "commandSyntax 
     
       [optional 
      
       ] > 
       
         2>&1",
    "port": "portNumber1, portNumber2, [...]"
},

       
      
     

name, risklevel, port

The configuration can be extended as desired.
However, it should be noted that the modules cannot have the same name.

Each module requires a risk level between 1 to 5.
The higher the level, the higher the probability that the module can cause damage.

It is necessary to specify port numbers for the modules.
If a module is always applicable, a wildcard * can also be stored instead a port number.
In this case, the module will be executed once for each host and each port.

> 2>&1", "port": "445" }, { "name": "netcat", "riskLevel": "1", "syntax": "timeout 60 nc -nv > 2>&1", "port": "*" }, ">
{
    "name": "crackmapexec",
    "riskLevel": "1",
    "syntax": "crackmapexec smb 
       
         > 
        
          2>&1",
    "port": "445"
},
{
    "name": "netcat",
    "riskLevel": "1",
    "syntax": "timeout 60 nc -nv 
          
          
            > 
           
             2>&1", "port": "*" }, 
           
          
         
        
       

syntax - absolute path

If tools are not included in the environment path variables, absolute paths can also be specified.

-u -p > 2>&1", "port": "445" }, ">
{
    "name": "lsassy",
    "riskLevel": "2",
    "syntax": "/usr/bin/lsassy -d 
       
         -u 
        
          -p 
          
          
            > 
           
             2>&1", "port": "445" }, 
           
          
         
        
       

syntax - variables

Strings inside <...> are interpreted as variables.
The syntax must always end with an > 2>&1 so that the output can be written to a file.
Additionally the variable must always be included inside the syntax.

Furthermore it is possible to include custom variables. Custom variables are added to the arguments of Argparse. Camelcase notation sets the abbreviations for the Argparse's arguments.

Modules with custom variables are only executed if all occurring in the syntax are given by the user.
One exceptional variable that does not have to be passed explicitly when autopen is called is the variable . This variable is read from the Nmap scan result.
For example, the following module would add the values domain (-d) and userList (-ul) to the Argparse's arguments.

-U -w 30 -v -t > 2>&1", "port":"25" }, ">
{
    "name": "smtp-enum-user",
    "riskLevel": "1",
    "syntax": "smtp-user-enum -M VRFY -D 
      
        -U 
       
         -w 30 -v -t 
        
          > 
         
           2>&1",
    "port":"25"
},

         
        
       
      

Help

usage: autopen.py [-h] [-e] [-v] -o OUTPUT [-t TIMEOUT] (-ti TARGETIP | -xf XMLFILE) [-rl RISKLEVEL] [-ta THREADAMOUNT] [-em [EXCLUDEMODULES ...]] [-im [INCLUDEMODULES ...]] [-ii [INCLUDEIPS ...]]
                  [-ei [EXCLUDEIPS ...]] [-ip [INCLUDEPORTS ...]] [-ep [EXCLUDEPORTS ...]] [-d DOMAIN] [-dci DOMAINCONTROLERIP] [-p PASSWORD] [-u USER] [-ul USERLIST] [-upf USERPASSFILE]

Automatic Pentesting.
Please dont be evil.

Basic usage:
Print matching modules for a given nmap xml file:
./autopen.py -o /tmp/output -xf nmap-result.xml

Scan targets (top 1000 ports) and execute matching modules:
./autopen.py -o /tmp/output -ti 192.168.0.0/24 -e

Exclude ip addresses:
./autopen.py -o /tmp/output -xf nmap-result.xml -ei 192.168.1.1 192.168.3.4 -e

Only execute modules for given ip address and exclude ports:
./autopen.py -o /tmp/output -xf nmap-result.xml -ii 192.168.1.4 -ep 80 443 -e

Exclude all modules that have one of the given substrings in their name:
./autopen.py -o /tmp/output -xf nmap-result.xml -im smb netcat -e

Only execute modules that contains at least one given substring in ther name:
./autopen.py -o /tmp/output -xf nmap-result.xml -im hydra -e

Execute modules with higher risk level, use more threads and increase timeout:
./autopen.py -o /tmp/output -xf nmap-result.xml -rl 4 -ta 8 -t 900

optional arguments:
  -h, --help            show this help message and exit
  -e, --execute         execute matching commands
  -v, --verbose         print full command
  -o OUTPUT, --output OUTPUT
                        path to output directory
  -t TIMEOUT, --timeout TIMEOUT
                        maximal time that a single thread is allowed to run in seconds (default 600)
  -ti TARGETIP, --targetIp TARGETIP
                        initiate nmap scan for given ip addresses (use nmap ip address notation)
  -xf XMLFILE, --xmlFile XMLFILE
                        full path to xml nmap file
  -rl RISKLEVEL, --riskLevel RISKLEVEL
                        set maximal riskLevel for modules (possible values 1-5, 2 is default)
  -ta THREADAMOUNT, --threadAmount THREADAMOUNT
                        the amount of parallel running threads (default 5)
  -em [EXCLUDEMODULES ...], --exludeModules [EXCLUDEMODULES ...]
                        modules that will be excluded (exclude ovewrites include)
  -im [INCLUDEMODULES ...], --includeModules [INCLUDEMODULES ...]
                        modules that will be included
  -ii [INCLUDEIPS ...], --includeIps [INCLUDEIPS ...]
                        filter by including ipv4 addresses
  -ei [EXCLUDEIPS ...], --excludeIps [EXCLUDEIPS ...]
                        filter by excluding ipv4 addresses
  -ip [INCLUDEPORTS ...], --includePorts [INCLUDEPORTS ...]
                        filter by including port number
  -ep [EXCLUDEPORTS ...], --excludePorts [EXCLUDEPORTS ...]
                        filter by excluding port number
  -d DOMAIN, --domain DOMAIN
  -dci DOMAINCONTROLERIP, --domainControlerIp DOMAINCONTROLERIP
  -p PASSWORD, --password PASSWORD
  -u USER, --user USER
  -ul USERLIST, --userList USERLIST
  -upf USERPASSFILE, --userPassFile USERPASSFILE

Demo

Result Structure

output
├── dirsearch
│   ├── dirsearch-192.168.2.175-80
│   └── dirsearch-192.168.2.175-8080
├── hydra-ftp-default-creds
│   └── hydra-ftp-default-creds-192.168.2.175-21
├── hydra-ssh-default-creds
│   └── hydra-ssh-default-creds-192.168.2.175-22
├── netcat
│   ├── netcat-192.168.2.175-21
│   ├── netcat-192.168.2.175-22
│   ├── netcat-192.168.2.175-80
│   └── netcat-192.168.2.175-8080
├── nmap
│   ├── 192.168.2.175-p-sT.gnmap
│   ├── 192.168.2.175-p-sT.nmap
│   └── 192.168.2.175-p-sT.xml
├── ssh-audit
│   └── ssh-audit-192.168.2.175-22
└── whatweb
    └── whatweb-192.168.2.175-80

Currently included Modules

Sources

You might also like...
Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool.
Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool.

Tor Network Top 100 IPs Tool to get the top 100 of the fastest nodes in the Tor network. Based on Kirzahk tool. Just execute top100ipstor.py to get th

This Tool can help enginners and biggener in network, the tool help you to find of any ip with subnet mask that can calucate them and show you ( Availble IP's , Subnet Mask, Network-ID, Broadcast-ID )
This Tool can help enginners and biggener in network, the tool help you to find of any ip with subnet mask that can calucate them and show you ( Availble IP's , Subnet Mask, Network-ID, Broadcast-ID )

This Tool can help enginners and biggener in network, the tool help you to find of any ip with subnet mask that can calucate them and show you ( Availble IP's , Subnet Mask, Network-ID, Broadcast-ID )

ANalyse is a vehicle network analysis and attack tool.
ANalyse is a vehicle network analysis and attack tool.

CANalyse is a tool built to analyze the log files to find out unique datasets automatically and able to connect to simple user interfaces suc

Tool for quickly gathering information from Shodan.io about the number of IPs which satisfy large number of different queries

TriOp Tool for quickly gathering information from Shodan.io about the number of IPs which satisfy large number of different queries For furt

Passive TCP/IP Fingerprinting Tool. Run this on your server and find out what Operating Systems your clients are *really* using.

Passive TCP/IP Fingerprinting This is a passive TCP/IP fingerprinting tool. Run this on your server and find out what operating systems your clients a

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

A Network tool kit for scanning active IP addresses and open ports
A Network tool kit for scanning active IP addresses and open ports

Network scanner A small project that I wrote on the fly for (IT351) Computer Networks University Course to identify and label the devices in my networ

Vent domain information retrieval tool, which is capable of retrieving customer information

Vent domain information retrieval tool, which is capable of retrieving customer information. This tool has been created for the purpose of complete education, Iam not responsible for any illegal activities.

A fire and forget command-line tool to allow for easy transitions of VPN connections between a pool of AWS machines.

VPN Swapper A fire and forget command-line tool to allow for easy transitions of VPN connections between a pool of AWS machines. Dependencies poetry -

Owner
null
This tool will scans your wi-fi/wlan and show you the connected clients

This tool will scans your wi-fi/wlan and show you the connected clients

VENKAT SAI SAGAR 3 Mar 24, 2022
Simple python script for automated network scans with random name generator(useful for CTF boxes).

?? Automated NMAP script Description Simple python script for automated network scans with random name generator(useful for CTF boxes). Requirements 1

Dhmos Funk 2 Oct 29, 2021
Build custom OSINT tools and APIs (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whois, Metadata & built-in database for more info) with this python package

Build custom OSINT tools and APIs with this python package - It includes different OSINT modules (Ping, Traceroute, Scans, Archives, DNS, Scrape, Whoi

QeeqBox 52 Jan 6, 2023
Repo used to maintain all notes and scripts developed during my DevNet Expert studies

DevNet Expert Studies Exam Date: TBD (Waiting for registration to open) This repository will be used to track my progress and maintain all notes/scrip

Dan 32 Dec 11, 2022
this is demo of tool dosploit for test and dos in network with python

this tool for dos and pentest vul SKILLS: syn flood udp flood $ git clone https://github.com/amicheh/demo_dosploit/ $ cd demo_dosploit $ python3 -m pi

yaser amir chehrazi 5 Sep 22, 2022
This will generate a very basic DHCP config with use of PHPIPAM systems.

phpipam-dhcp-config-generator This will generate a very basic DHCP config with use of PHPIPAM systems. Requirements PHPIPAM Custom Fields domain_name

null 1 Oct 24, 2021
Very simple FTP client, sync folder to FTP server, use python, opensource

ftp-sync-python Opensource, A way to safe your data, avoid lost data by Virus, Randsomware Some functions: Upload a folder automatically to FTP server

null 4 Sep 13, 2022
Very simple and tiny file sharing service written in python

Simple File sharing tool Sharing client usage (You will need to use python3 for linux) main.py --send -f file/path Optionnal flags : pwd : set a passw

null 2 Jul 26, 2022
test whether http(s) proxies actually hide your ip

Proxy anonymity I made this for other projects, to find working proxies. If it gets enough support and if i have time i might make it into a gui Repos

gxzs1337 1 Nov 9, 2021
Test - Python project for Collection Server and API Server

QProjectPython Collection Server 와 API Server 를 위한 Python 프로젝트 입니다. [FastAPI참고]

null 1 Jan 3, 2022