ARACNE Cheat Sheet
Überblick
ARACNE (Autonomous Reconnaissance and Attack Coordination for Network Exploitation) ist ein LLM-basierter Agent, der speziell für die Zielerfassung von SSH-Diensten und die autonome Erkundung und Ausnutzung von Linux-Shell-Umgebungen entwickelt wurde. Er kombiniert Reasoning von großen Sprachmodellen mit traditionellen Penetrationstests, um sophisticated Angriffe auf SSH-zugängliche Systeme durchzuführen.
⚠️ Kritische Warnung: Fortschrittliches autonomes Exploitationstool. Nur auf Systemen verwenden, die Ihnen gehören oder für die Sie eine ausdrückliche schriftliche Autorisierung zum Testen haben. Unbefugte Nutzung ist illegal.
Installation
Voraussetzungen
# System requirements
python3 --version # Python 3.9+
pip3 --version
git --version
# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y openssh-client sshpass hydra nmap masscan
# Install additional security tools
sudo apt install -y john hashcat gobuster dirb nikto
sudo apt install -y metasploit-framework exploitdbInstallationsmethoden
# Method 1: Git clone and setup
git clone https://github.com/aracne-ai/aracne.git
cd aracne
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install LLM dependencies
pip install openai anthropic langchain
pip install transformers torch
pip install paramiko fabric pexpect
# Method 2: Docker installation
docker pull aracne/aracne:latest
docker run -it --rm -v $(pwd)/sessions:/app/sessions aracne/aracne:latest
# Method 3: PyPI installation (if available)
pip install aracne-agentKonfigurationseinrichtung
# Create configuration directory
mkdir -p ~/.aracne/config
mkdir -p ~/.aracne/sessions
mkdir -p ~/.aracne/payloads
mkdir -p ~/.aracne/logs
# Initialize configuration
aracne init
# Configure LLM providers
aracne config set openai_api_key "your-openai-key"
aracne config set openai_model "gpt-4"
aracne config set anthropic_api_key "your-anthropic-key"
# Set operational parameters
aracne config set max_session_time 3600
aracne config set autonomous_mode true
aracne config set stealth_mode true
aracne config set evidence_collection trueKernbefehle
Grundlegende Operationen
# Display help and version
aracne --help
aracne --version
aracne modules list
# Quick SSH reconnaissance
aracne recon ssh --target 192.168.1.100
aracne recon ssh --network 192.168.1.0/24
aracne recon ssh --target-list targets.txt
# SSH service analysis
aracne analyze ssh --target 192.168.1.100 --deep
aracne analyze ssh --target 192.168.1.100 --version-detection
aracne analyze ssh --target 192.168.1.100 --configuration-analysis
# System status and health
aracne status
aracne health-check
aracne modules statusZielmanagement
# Add SSH targets
aracne target add --host 192.168.1.100 --port 22
aracne target add --host example.com --port 2222
aracne target add --network 192.168.1.0/24 --ssh-only
# Target information and management
aracne target list --active
aracne target info 192.168.1.100
aracne target remove 192.168.1.100
# Import targets from various sources
aracne target import --nmap ssh_scan.xml
aracne target import --masscan masscan_results.txt
aracne target import --file ssh_targets.txt
# Target prioritization
aracne target prioritize --by vulnerability
aracne target prioritize --by accessibility
aracne target prioritize --custom-scoringSitzungsverwaltung
# Create and manage attack sessions
aracne session create --target 192.168.1.100 --name "target_compromise"
aracne session list --active
aracne session switch target_compromise
# Session configuration
aracne session config --max-duration 2h
aracne session config --stealth-level high
aracne session config --logging-level verbose
# Session control
aracne session start --target 192.168.1.100
aracne session pause target_compromise
aracne session resume target_compromise
aracne session terminate target_compromiseSSH-Reconnaissance und -Analyse
SSH-Dienst-Erkennung
# Comprehensive SSH discovery
aracne discover ssh --network 192.168.1.0/24 --comprehensive
aracne discover ssh --target-list targets.txt --fast
aracne discover ssh --target 192.168.1.100 --deep-analysis
# SSH version and banner analysis
aracne analyze banner --target 192.168.1.100
aracne analyze version --target 192.168.1.100 --vulnerability-check
aracne analyze configuration --target 192.168.1.100 --security-assessment
# SSH algorithm and cipher analysis
aracne analyze algorithms --target 192.168.1.100
aracne analyze ciphers --target 192.168.1.100 --weak-crypto
aracne analyze kex --target 192.168.1.100 --security-analysisSSH-Schwachstellenbewertung
# SSH-specific vulnerability scanning
aracne vuln scan-ssh --target 192.168.1.100 --comprehensive
aracne vuln scan-ssh --target 192.168.1.100 --known-exploits
aracne vuln scan-ssh --network 192.168.1.0/24 --quick
# Configuration vulnerability analysis
aracne vuln config --target 192.168.1.100 --misconfigurations
aracne vuln config --target 192.168.1.100 --weak-settings
aracne vuln config --target 192.168.1.100 --default-configs
# SSH implementation vulnerabilities
aracne vuln implementation --target 192.168.1.100 --version-specific
aracne vuln implementation --target 192.168.1.100 --buffer-overflows
aracne vuln implementation --target 192.168.1.100 --timing-attacksBenutzer-Enumeration
# SSH user enumeration techniques
aracne enum users --target 192.168.1.100 --timing-based
aracne enum users --target 192.168.1.100 --error-based
aracne enum users --target 192.168.1.100 --comprehensive
# Username wordlist generation
aracne generate usernames --target 192.168.1.100 --context-aware
aracne generate usernames --company "Example Corp" --employees
aracne generate usernames --domain example.com --email-based
# User validation and verification
aracne validate users --target 192.168.1.100 --user-list users.txt
aracne validate users --target 192.168.1.100 --probabilistic
aracne validate users --target 192.168.1.100 --stealth-modeAutonome SSH-Exploitation
Credential-basierte Angriffe
# Intelligent brute force attacks
aracne attack brute-force --target 192.168.1.100 --smart
aracne attack brute-force --target 192.168.1.100 --user admin --adaptive
aracne attack brute-force --target 192.168.1.100 --credential-stuffing
# Dictionary attacks with AI optimization
aracne attack dictionary --target 192.168.1.100 --ai-optimized
aracne attack dictionary --target 192.168.1.100 --context-aware
aracne attack dictionary --target 192.168.1.100 --pattern-learning
# Credential spraying
aracne attack spray --network 192.168.1.0/24 --common-passwords
aracne attack spray --target-list targets.txt --seasonal-passwords
aracne attack spray --targets multiple --lockout-awareSchlüsselbasierte Angriffe
# SSH key discovery and analysis
aracne keys discover --target 192.168.1.100 --web-crawling
aracne keys discover --target 192.168.1.100 --git-repositories
aracne keys discover --target 192.168.1.100 --configuration-files
# Private key attacks
aracne keys attack --target 192.168.1.100 --weak-keys
aracne keys attack --target 192.168.1.100 --default-keys
aracne keys attack --target 192.168.1.100 --cracking
# Key injection and manipulation
aracne keys inject --target 192.168.1.100 --authorized-keys
aracne keys manipulate --target 192.168.1.100 --key-replacement
aracne keys backdoor --target 192.168.1.100 --persistent-accessProtokoll-Ebene Exploits
# SSH protocol exploitation
aracne exploit protocol --target 192.168.1.100 --version-specific
aracne exploit protocol --target 192.168.1.100 --implementation-bugs
aracne exploit protocol --target 192.168.1.100 --timing-attacks
# Man-in-the-middle attacks
aracne exploit mitm --target 192.168.1.100 --arp-poisoning
aracne exploit mitm --target 192.168.1.100 --dns-spoofing
aracne exploit mitm --target 192.168.1.100 --certificate-manipulation
# Downgrade attacks
aracne exploit downgrade --target 192.168.1.100 --weak-algorithms
aracne exploit downgrade --target 192.168.1.100 --legacy-protocols
aracne exploit downgrade --target 192.168.1.100 --cipher-downgradeLinux Shell Exploitation
Initialer Zugang und Shell-Etablierung
# Establish initial shell access
aracne shell establish --target 192.168.1.100 --method ssh
aracne shell establish --target 192.168.1.100 --credentials user:pass
aracne shell establish --target 192.168.1.100 --key-file private_key
# Shell upgrade and stabilization
aracne shell upgrade --session session-123 --interactive
aracne shell upgrade --session session-123 --pty
aracne shell upgrade --session session-123 --full-terminal
# Shell persistence mechanisms
aracne shell persist --session session-123 --cron-job
aracne shell persist --session session-123 --systemd-service
aracne shell persist --session session-123 --ssh-keysSystemreconnaissance
# Autonomous system enumeration
aracne recon system --session session-123 --comprehensive
aracne recon system --session session-123 --quick-wins
aracne recon system --session session-123 --stealth-mode
# User and privilege enumeration
aracne recon users --session session-123 --all-users
aracne recon users --session session-123 --privileged-users
aracne recon users --session session-123 --sudo-capabilities
# Network and service discovery
aracne recon network --session session-123 --internal-networks
aracne recon services --session session-123 --running-services
aracne recon processes --session session-123 --interesting-processesPrivilegien-Eskalation
# Autonomous privilege escalation
aracne privesc auto --session session-123 --all-techniques
aracne privesc auto --session session-123 --kernel-exploits
aracne privesc auto --session session-123 --suid-binaries
# Specific escalation techniques
aracne privesc sudo --session session-123 --sudo-abuse
aracne privesc cron --session session-123 --cron-jobs
aracne privesc services --session session-123 --service-abuse
# Custom escalation strategies
aracne privesc custom --session session-123 --ai-guided
aracne privesc search --session session-123 --novel-techniques
aracne privesc exploit --session session-123 --zero-dayLaterale Bewegung
# Network lateral movement
aracne lateral network --session session-123 --ssh-keys
aracne lateral network --session session-123 --credential-reuse
aracne lateral network --session session-123 --trust-relationships
# Service-based lateral movement
aracne lateral services --session session-123 --shared-services
aracne lateral services --session session-123 --database-access
aracne lateral services --session session-123 --file-shares
# Advanced lateral movement
aracne lateral advanced --session session-123 --kerberos
aracne lateral advanced --session session-123 --container-escape
aracne lateral advanced --session session-123 --cloud-metadataKI-gesteuerte Entscheidungsfindung
Autonome Reasoning-Engine
# AI reasoning configuration
reasoning_config = {
"model": "gpt-4",
"temperature": 0.2,
"max_tokens": 4000,
"reasoning_depth": 3,
"confidence_threshold": 0.85,
"exploration_factor": 0.3
}
# Custom reasoning prompts for SSH exploitation
ssh_analysis_prompt = """
Analyze the SSH service and system information:
Target: {target}
SSH Version: {ssh_version}
Available Users: {users}
System Information: {system_info}
Previous Attempts: {previous_attempts}
Determine the best exploitation strategy:
1. Most likely attack vectors
2. Probability of success for each
3. Stealth considerations
4. Risk assessment
5. Next steps recommendation
"""Adaptive Angriffstrategien
# AI-guided attack planning
aracne ai plan-attack --target 192.168.1.100 --objective shell-access
aracne ai plan-attack --session session-123 --objective privilege-escalation
aracne ai plan-attack --target 192.168.1.100 --stealth-priority
# Dynamic strategy adaptation
aracne ai adapt-strategy --session session-123 --defense-detected
aracne ai adapt-strategy --session session-123 --failure-analysis
aracne ai adapt-strategy --session session-123 --new-information
# Learning from interactions
aracne ai learn --session session-123 --command-responses
aracne ai learn --target 192.168.1.100 --defense-mechanisms
aracne ai learn --global --pattern-recognitionIntelligente Befehlsgenerierung
Note: I’ve translated the text as requested, preserving markdown formatting and keeping technical terms in English. The placeholders for sections 3-20 remain untranslated as no specific text was provided for those sections.```bash
AI-generated commands for exploration
aracne ai generate-commands —session session-123 —exploration aracne ai generate-commands —session session-123 —privilege-escalation aracne ai generate-commands —session session-123 —persistence
Context-aware command selection
aracne ai select-commands —session session-123 —current-context aracne ai select-commands —session session-123 —objective-focused aracne ai select-commands —session session-123 —stealth-optimized
Command effectiveness analysis
aracne ai analyze-effectiveness —session session-123 —command-history aracne ai analyze-effectiveness —session session-123 —success-patterns aracne ai analyze-effectiveness —session session-123 —failure-analysis
```bash
# Stealth mode operations
aracne stealth enable --session session-123 --advanced-evasion
aracne stealth timing --session session-123 --random-delays
aracne stealth obfuscation --session session-123 --command-obfuscation
# Anti-forensics techniques
aracne antiforensics enable --session session-123 --log-cleaning
aracne antiforensics timestamps --session session-123 --timestamp-manipulation
aracne antiforensics artifacts --session session-123 --artifact-removal
# Detection evasion
aracne evasion ids --session session-123 --ids-evasion
aracne evasion monitoring --session session-123 --monitoring-detection
aracne evasion behavioral --session session-123 --behavioral-mimicry
```### Tarnung und Umgehung
```bash
# Establish persistent access
aracne persist establish --session session-123 --multiple-methods
aracne persist establish --session session-123 --stealth-persistence
aracne persist establish --session session-123 --redundant-access
# Persistence validation and testing
aracne persist validate --session session-123 --all-methods
aracne persist test --session session-123 --reconnection-test
aracne persist monitor --session session-123 --persistence-health
# Persistence cleanup and removal
aracne persist cleanup --session session-123 --selective-removal
aracne persist remove --session session-123 --complete-cleanup
aracne persist verify-removal --session session-123 --forensic-check
```### Persistenzmechanismen
```bash
# Intelligent data discovery
aracne data discover --session session-123 --sensitive-files
aracne data discover --session session-123 --database-content
aracne data discover --session session-123 --configuration-files
# Data classification and prioritization
aracne data classify --session session-123 --ai-classification
aracne data prioritize --session session-123 --business-value
aracne data assess --session session-123 --sensitivity-analysis
# Secure data exfiltration
aracne data exfiltrate --session session-123 --encrypted-channel
aracne data exfiltrate --session session-123 --steganography
aracne data exfiltrate --session session-123 --covert-channels
```### Datenexfiltration und -sammlung
```bash
# Real-time session monitoring
aracne monitor session --session session-123 --real-time
aracne monitor activity --session session-123 --command-tracking
aracne monitor progress --session session-123 --objective-tracking
# Performance and resource monitoring
aracne monitor performance --session session-123 --resource-usage
aracne monitor network --session session-123 --traffic-analysis
aracne monitor system --session session-123 --system-impact
# Alert and notification system
aracne monitor alerts --session session-123 --critical-events
aracne monitor notifications --session session-123 --progress-updates
aracne monitor warnings --session session-123 --risk-indicators
```## Monitoring und Logging
```bash
# Enable detailed logging
aracne logging enable --session session-123 --comprehensive
aracne logging enable --session session-123 --ai-decisions
aracne logging enable --session session-123 --command-responses
# Log analysis and insights
aracne logging analyze --session session-123 --pattern-analysis
aracne logging analyze --session session-123 --success-factors
aracne logging analyze --session session-123 --failure-analysis
# Log export and reporting
aracne logging export --session session-123 --format json
aracne logging export --session session-123 --timeline-format
aracne logging export --session session-123 --forensic-format
```### Sitzungsüberwachung
```bash
# Define authorized targets and scope
aracne scope define --target 192.168.1.100 --authorized
aracne scope define --network 192.168.1.0/24 --internal-testing
aracne scope validate --target 192.168.1.100 --legal-check
# Documentation and evidence
aracne legal document --session session-123 --authorization-proof
aracne legal evidence --session session-123 --chain-of-custody
aracne legal export --session session-123 --court-ready
# Compliance verification
aracne compliance check --session session-123 --ethical-guidelines
aracne compliance verify --session session-123 --legal-requirements
aracne compliance audit --session session-123 --comprehensive
```### Umfassendes Logging
```bash
# Risk assessment and management
aracne risk assess --session session-123 --comprehensive
aracne risk monitor --session session-123 --real-time
aracne risk mitigate --session session-123 --automatic
# Safety controls and limits
aracne safety enable --session session-123 --all-controls
aracne safety limits --session session-123 --time-limits
aracne safety boundaries --session session-123 --scope-enforcement
# Emergency procedures
aracne emergency stop --session session-123 --immediate
aracne emergency cleanup --session session-123 --evidence-removal
aracne emergency report --session session-123 --incident-documentation
```## Sicherheits- und Ethische Überlegungen
```bash
# Optimize AI model performance
aracne optimize ai --model-selection --performance-focused
aracne optimize ai --token-usage --cost-optimization
aracne optimize ai --response-time --latency-reduction
# Session performance optimization
aracne optimize session --session session-123 --speed-optimization
aracne optimize session --session session-123 --resource-optimization
aracne optimize session --session session-123 --stealth-optimization
# Network and connectivity optimization
aracne optimize network --session session-123 --connection-stability
aracne optimize network --session session-123 --bandwidth-optimization
aracne optimize network --session session-123 --latency-reduction
```### Autorisierung und Rechtliche Konformität
```bash
# Debug mode and verbose logging
aracne --debug session start --target 192.168.1.100
aracne --verbose ai plan-attack --target 192.168.1.100
aracne logs view --level debug --component ai-reasoning
# System diagnostics
aracne diagnose system --comprehensive
aracne diagnose ai-models --connectivity-test
aracne diagnose ssh-client --configuration-check
# Error analysis and resolution
aracne errors analyze --session session-123 --root-cause
aracne errors resolve --error-id 12345 --auto-fix
aracne errors prevent --session session-123 --predictive-analysis
```### Sicherheit und Risikomanagement
```bash
# Session recovery and restoration
aracne recover session --session-id session-123 --full-recovery
aracne recover state --session session-123 --checkpoint-restore
aracne recover connection --session session-123 --reconnect
# Backup and data protection
aracne backup create --session session-123 --incremental
aracne backup restore --backup-id backup-456 --selective
aracne backup verify --backup-id backup-456 --integrity-check
# Data integrity and validation
aracne verify integrity --session session-123 --all-data
aracne verify consistency --session session-123 --cross-validation
aracne verify authenticity --session session-123 --digital-signatures
```## Fehlerbehebung und Optimierung
```python
# integrations/siem_integration.py
import json
import requests
from aracne.core.integration import BaseIntegration
class SIEMIntegration(BaseIntegration):
def __init__(self, siem_url, api_key):
self.siem_url = siem_url
self.api_key = api_key
def send_ssh_attempt(self, attempt_data):
event = {
"timestamp": attempt_data.timestamp,
"source": "aracne",
"event_type": "ssh_attempt",
"target": attempt_data.target,
"username": attempt_data.username,
"success": attempt_data.success,
"method": attempt_data.method
}
self.send_event(event)
def send_privilege_escalation(self, privesc_data):
event = {
"timestamp": privesc_data.timestamp,
"source": "aracne",
"event_type": "privilege_escalation",
"target": privesc_data.target,
"technique": privesc_data.technique,
"success": privesc_data.success,
"privileges_gained": privesc_data.privileges
}
self.send_event(event)
def send_event(self, event):
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.siem_url}/api/events",
headers=headers,
json=event
)
return response.status_code == 200
```### Leistungsoptimierung
```python
# integrations/threat_intel.py
import requests
from aracne.core.threat_intel import ThreatIntelProvider
class ThreatIntelIntegration(ThreatIntelProvider):
def __init__(self, api_key):
self.api_key = api_key
self.base_url = "https://api.threatintel.com"
def get_ssh_vulnerabilities(self, ssh_version):
headers = {"Authorization": f"Bearer {self.api_key}"}
response = requests.get(
f"{self.base_url}/vulnerabilities/ssh/{ssh_version}",
headers=headers
)
if response.status_code == 200:
return response.json()
return []
def get_exploit_techniques(self, target_os, target_version):
headers = {"Authorization": f"Bearer {self.api_key}"}
response = requests.get(
f"{self.base_url}/techniques/{target_os}/{target_version}",
headers=headers
)
if response.status_code == 200:
return response.json()
return []
def report_new_technique(self, technique_data):
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.base_url}/techniques/report",
headers=headers,
json=technique_data
)
return response.status_code == 201
```### Debugging und Diagnostik
```bash
# Reconnaissance before exploitation
aracne recon comprehensive --target 192.168.1.100 --pre-exploitation
aracne analyze target --target 192.168.1.100 --vulnerability-assessment
aracne plan attack --target 192.168.1.100 --risk-assessment
# Gradual escalation approach
aracne attack gentle --target 192.168.1.100 --low-impact
aracne attack moderate --target 192.168.1.100 --measured-approach
aracne attack aggressive --target 192.168.1.100 --high-confidence
# Stealth and operational security
aracne stealth maximum --session session-123 --anti-detection
aracne opsec enable --session session-123 --comprehensive
aracne evasion advanced --session session-123 --adaptive
```### Wiederherstellung und Backup
```bash
# Model selection and tuning
aracne ai optimize --model-selection --task-specific
aracne ai tune --parameters --performance-focused
aracne ai calibrate --confidence-thresholds --accuracy-focused
# Prompt engineering and optimization
aracne ai optimize-prompts --task ssh-exploitation
aracne ai optimize-prompts --task privilege-escalation
aracne ai optimize-prompts --task lateral-movement
# Continuous learning and improvement
aracne ai learn --from-sessions --pattern-recognition
aracne ai update --knowledge-base --latest-techniques
aracne ai validate --accuracy --benchmark-testing
```## Integrationsbeispiele
```bash
# Session management best practices
aracne session plan --target 192.168.1.100 --comprehensive-planning
aracne session execute --plan session-plan --monitored-execution
aracne session review --session session-123 --lessons-learned
# Documentation and reporting
aracne document session --session session-123 --comprehensive
aracne report generate --session session-123 --technical-details
aracne evidence collect --session session-123 --forensic-quality
# Quality assurance and validation
aracne validate findings --session session-123 --cross-verification
aracne verify exploits --session session-123 --proof-of-concept
aracne assess impact --session session-123 --business-context
```### SIEM-Integration
https://aracne.readthedocs.io/##
# Threat Intelligence Integration
https://aracne.readthedocs.io/ssh/#
# Best Practices
https://aracne.readthedocs.io/ai/##
# SSH-Exploitations-Best Practices
https://arxiv.org/search/?query=aracne+ssh##
# KI-Modell-Optimierung
[Autonome Hacksysteme](https://arxiv.org/search/?query=autonomous+hacking)
### Community
- [ARACNE GitHub](https://github.com/aracne-ai/aracne)
- [Sicherheitsforschungs-Forum](https://community.aracne.ai/)
- [AI-Sicherheits-Discord](https://discord.gg/aracne-ai)
### Training
- [Fortgeschrittene SSH-Exploitation](https://academy.aracne.ai/ssh/)
- [KI-gestütztes Penetrationstesting](https://academy.aracne.ai/ai-pentesting/)
- [Linux Post-Exploitation](https://academy.aracne.ai/linux-postex/)
Notes on translations:
- Kept technical terms like "GitHub", "SSH", "Discord" in English
- Preserved markdown formatting
- Maintained original structure and punctuation
- Translated community and training section titles
- Used German equivalents where possible while keeping technical terminology clear