AutoPentest Cheat Sheet

📋 Kopieren Sie alle Befehle PDF generieren

Überblick

AutoPentest ist ein autonomes Penetrationstestsystem, das von GPT-4o und LangChain betrieben wird, das mehrstufige Angriffsketten ohne menschliche Eingriffe ausführen kann. Es kombiniert fortschrittliche KI-Anweisungen mit traditionellen Sicherheitstest-Tools, um umfassende Sicherheitsbewertungen, Schwachstellen-Erkennung und Ausbeutungsversuche durchzuführen.

ZEIT Warning: Autonomes Penetrationstest-Tool. Verwenden Sie nur auf Systemen, die Sie besitzen oder eine ausdrückliche schriftliche Berechtigung zum Testen haben.

Installation

Voraussetzungen

```bash

System requirements

python3 --version # Python 3.9+ pip3 --version git --version docker --version

Required system packages

sudo apt update sudo apt install -y python3-pip python3-venv git curl wget sudo apt install -y nmap masscan gobuster nikto sqlmap metasploit-framework

Install Node.js for some modules

curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - sudo apt install -y nodejs ```_

Installationsmethoden

```bash

Method 1: Git clone and setup

git clone https://github.com/autopentest/autopentest.git cd autopentest python3 -m venv venv source venv/bin/activate pip install -r requirements.txt

Install additional dependencies

pip install langchain openai anthropic pip install python-nmap python-masscan pip install requests beautifulsoup4 selenium

Method 2: Docker installation

docker pull autopentest/autopentest:latest docker run -it --rm -v $(pwd)/results:/app/results autopentest/autopentest:latest

Method 3: PyPI installation (if available)

pip install autopentest ```_

Konfiguration Setup

```bash

Create configuration directory

mkdir -p ~/.autopentest/config mkdir -p ~/.autopentest/modules mkdir -p ~/.autopentest/reports mkdir -p ~/.autopentest/evidence

Initialize configuration

autopentest init

Configure AI models

autopentest config set openai_api_key "your-openai-api-key" autopentest config set openai_model "gpt-4o" autopentest config set anthropic_api_key "your-anthropic-key"

Set operational parameters

autopentest config set max_attack_depth 5 autopentest config set autonomous_mode true autopentest config set evidence_collection true ```_

Kernkommandos

Grundgeschäfte

```bash

Display help and version

autopentest --help autopentest --version autopentest modules list

Quick autonomous scan

autopentest scan --target example.com --autonomous autopentest scan --target 192.168.1.100 --quick

Full autonomous penetration test

autopentest pentest --target example.com --full autopentest pentest --network 192.168.1.0/24 --autonomous

Check system status

autopentest status autopentest health-check ```_

Zielmanagement

```bash

Add and manage targets

autopentest target add --host example.com autopentest target add --network 192.168.1.0/24 autopentest target add --url https://app.example.com

Target information gathering

autopentest target info example.com autopentest target list --active autopentest target remove example.com

Import targets from various sources

autopentest target import --nmap scan.xml autopentest target import --file targets.txt autopentest target import --shodan-query "apache" ```_

Kampagnenmanagement

```bash

Create and manage campaigns

autopentest campaign create --name "client_assessment" autopentest campaign list autopentest campaign switch client_assessment

Campaign configuration

autopentest campaign config --max-duration 24h autopentest campaign config --attack-intensity medium autopentest campaign config --stealth-mode true

Campaign execution

autopentest campaign start --target example.com autopentest campaign status autopentest campaign pause autopentest campaign resume autopentest campaign stop ```_

Autonome Aufklärung

KI-getriebene Informationen sammeln

```bash

Autonomous OSINT collection

autopentest recon osint --target example.com --autonomous autopentest recon osint --company "Example Corp" --deep autopentest recon osint --domain example.com --social-media

Subdomain discovery with AI

autopentest recon subdomains --domain example.com --ai-enhanced autopentest recon subdomains --domain example.com --recursive --depth 3 autopentest recon subdomains --domain example.com --wordlist-generation

Port and service discovery

autopentest recon ports --target example.com --ai-prioritized autopentest recon services --target 192.168.1.100 --fingerprint autopentest recon services --network 192.168.1.0/24 --fast ```_

Technologie-Stacksanalyse

```bash

Web technology identification

autopentest recon tech-stack --url https://example.com autopentest recon tech-stack --target example.com --comprehensive autopentest recon tech-stack --url https://example.com --ai-analysis

Framework and CMS detection

autopentest recon cms --url https://example.com autopentest recon frameworks --target example.com autopentest recon libraries --url https://example.com --version-check

Infrastructure analysis

autopentest recon infrastructure --target example.com autopentest recon cloud-services --domain example.com autopentest recon cdn-analysis --url https://example.com ```_

Angriff auf die Oberfläche

```bash

Comprehensive attack surface discovery

autopentest recon attack-surface --target example.com --full autopentest recon attack-surface --domain example.com --external autopentest recon attack-surface --network 192.168.1.0/24 --internal

Entry point identification

autopentest recon entry-points --target example.com autopentest recon entry-points --url https://example.com --web-focus autopentest recon entry-points --target 192.168.1.100 --network-focus

Asset correlation and mapping

autopentest recon correlate --target example.com autopentest recon map-assets --domain example.com --visual ```_

Autonome Sicherheitsbewertung

AI-Powered Vulnerability Entdeckung

```bash

Autonomous vulnerability scanning

autopentest vuln scan --target example.com --autonomous autopentest vuln scan --url https://example.com --web-focus autopentest vuln scan --target 192.168.1.100 --network-focus

AI-guided vulnerability analysis

autopentest vuln analyze --target example.com --ai-reasoning autopentest vuln analyze --scan-id 12345 --deep-analysis autopentest vuln analyze --vulnerability CVE-2023-1234 --context

Vulnerability prioritization

autopentest vuln prioritize --target example.com --business-impact autopentest vuln prioritize --scan-id 12345 --exploitability autopentest vuln prioritize --vulnerabilities vulns.json --risk-based ```_

Spezialisierte Sicherheitsprüfung

```bash

Web application vulnerabilities

autopentest vuln web --url https://example.com --comprehensive autopentest vuln web --url https://example.com --owasp-top10 autopentest vuln web --url https://example.com --api-focus

Network vulnerabilities

autopentest vuln network --target 192.168.1.100 --comprehensive autopentest vuln network --network 192.168.1.0/24 --lateral-movement autopentest vuln network --target 192.168.1.100 --privilege-escalation

Infrastructure vulnerabilities

autopentest vuln infrastructure --target example.com --cloud-focus autopentest vuln infrastructure --target example.com --container-focus autopentest vuln infrastructure --target example.com --configuration ```_

Sicherheitsbewertung

```bash

Automated vulnerability validation

autopentest vuln validate --vulnerability-id 67890 autopentest vuln validate --scan-id 12345 --auto-verify autopentest vuln validate --target example.com --all-findings

False positive reduction

autopentest vuln filter --scan-id 12345 --ai-filtering autopentest vuln deduplicate --target example.com autopentest vuln confidence-score --vulnerability-id 67890 ```_

Autonome Nutzung

AI-Driven Exploit Auswahl

```bash

Autonomous exploit attempts

autopentest exploit auto --target example.com --safe-mode autopentest exploit auto --vulnerability-id 67890 --careful autopentest exploit auto --scan-id 12345 --non-destructive

Exploit chain generation

autopentest exploit chain --target example.com --objective shell autopentest exploit chain --target 192.168.1.100 --objective privilege-escalation autopentest exploit chain --network 192.168.1.0/24 --objective lateral-movement

Custom exploit development

autopentest exploit develop --vulnerability CVE-2023-1234 autopentest exploit develop --service "Apache 2.4.41" --ai-assisted autopentest exploit develop --target example.com --custom-payload ```_

Payload Generation und Lieferung

```bash

AI-generated payloads

autopentest payload generate --target example.com --type reverse-shell autopentest payload generate --os windows --arch x64 --evasion autopentest payload generate --service ssh --technique key-injection

Payload delivery mechanisms

autopentest payload deliver --target example.com --method web autopentest payload deliver --target 192.168.1.100 --method network autopentest payload deliver --target example.com --method social-engineering

Evasion techniques

autopentest payload obfuscate --payload payload.bin --technique polymorphic autopentest payload encode --payload payload.bin --encoder base64 autopentest payload encrypt --payload payload.bin --key random ```_

Post-Exploitation Aktivitäten

```bash

Autonomous post-exploitation

autopentest post-exploit --session session-123 --autonomous autopentest post-exploit --target example.com --objective data-discovery autopentest post-exploit --session session-123 --persistence

Privilege escalation

autopentest post-exploit privesc --session session-123 --auto autopentest post-exploit privesc --target 192.168.1.100 --technique kernel autopentest post-exploit privesc --session session-123 --service-abuse

Lateral movement

autopentest post-exploit lateral --session session-123 --network 192.168.1.0/24 autopentest post-exploit lateral --session session-123 --credential-reuse autopentest post-exploit lateral --session session-123 --trust-relationships ```_

KI-Ausrichtungsmotor

Entscheidungsrahmen schaffen

```python

AI reasoning configuration

reasoning_config = { "model": "gpt-4o", "temperature": 0.3, "max_tokens": 4000, "reasoning_depth": 5, "confidence_threshold": 0.8, "risk_tolerance": "medium" }

Custom reasoning prompts

attack_planning_prompt = """ Analyze the target system and plan a multi-step attack: Target: {target} Discovered services: {services} Identified vulnerabilities: {vulnerabilities} Objective: {objective}

Provide a step-by-step attack plan with: 1. Risk assessment for each step 2. Probability of success 3. Potential impact 4. Stealth considerations 5. Fallback options """ ```_

Angriffskettenplanung

```bash

AI-powered attack planning

autopentest ai plan-attack --target example.com --objective compromise autopentest ai plan-attack --target example.com --stealth-priority autopentest ai plan-attack --network 192.168.1.0/24 --lateral-focus

Attack path optimization

autopentest ai optimize-path --target example.com --minimize-risk autopentest ai optimize-path --target example.com --maximize-stealth autopentest ai optimize-path --target example.com --fastest-path

Dynamic replanning

autopentest ai replan --session session-123 --new-objective autopentest ai replan --campaign campaign-456 --adapt-defenses autopentest ai replan --target example.com --failure-recovery ```_

Adaptive Verhaltensweisen

```bash

AI adaptation to defenses

autopentest ai adapt --target example.com --defense-detection autopentest ai adapt --session session-123 --evasion-mode autopentest ai adapt --campaign campaign-456 --stealth-increase

Learning from failures

autopentest ai learn --failed-attempt attempt-789 autopentest ai learn --target example.com --defense-analysis autopentest ai learn --campaign campaign-456 --pattern-recognition

Behavioral modification

autopentest ai modify-behavior --target example.com --more-aggressive autopentest ai modify-behavior --session session-123 --more-cautious autopentest ai modify-behavior --campaign campaign-456 --change-tactics ```_

Multi-Step Angriffsketten

Kettendefinition und Ausführung

```yaml

attack_chains/web_to_internal.yaml

name: "Web Application to Internal Network" description: "Multi-step attack from web app compromise to internal network access"

steps: - name: "web_reconnaissance" type: "reconnaissance" ai_guided: true modules: - subdomain_enumeration - technology_detection - vulnerability_scanning

• name: "web_exploitation" type: "exploitation" depends_on: ["web_reconnaissance"] condition: "web_vulnerabilities_found" ai_guided: true modules:

  • sql_injection
  • xss_exploitation
  • file_upload_abuse

• name: "lateral_movement" type: "post_exploitation" depends_on: ["web_exploitation"] condition: "shell_obtained" ai_guided: true modules:

  • network_discovery
  • credential_harvesting
  • privilege_escalation ```_

Kettenausführungsbefehle

```bash

Execute predefined attack chains

autopentest chain execute web_to_internal --target example.com autopentest chain execute network_compromise --target 192.168.1.0/24 autopentest chain execute cloud_breakout --target aws-instance

Custom chain execution

autopentest chain execute --file custom_chain.yaml --target example.com autopentest chain execute --template advanced --target example.com

Chain monitoring and control

autopentest chain status web_to_internal_001 autopentest chain pause web_to_internal_001 autopentest chain resume web_to_internal_001 autopentest chain abort web_to_internal_001 ```_

Dynamische Kettenänderung

```bash

Modify chains during execution

autopentest chain modify --chain-id 12345 --add-step persistence autopentest chain modify --chain-id 12345 --skip-step noisy_scan autopentest chain modify --chain-id 12345 --change-objective

Conditional branching

autopentest chain branch --chain-id 12345 --condition "admin_access_gained" autopentest chain branch --chain-id 12345 --fallback-path stealth_mode autopentest chain branch --chain-id 12345 --success-path data_exfiltration ```_

Sammlung und Dokumentation von Beweisen

Automatisierte Beweise sammeln

```bash

Enable comprehensive evidence collection

autopentest evidence enable --all-activities autopentest evidence enable --screenshots --network-captures autopentest evidence enable --command-logs --file-changes

Evidence collection during attacks

autopentest evidence collect --session session-123 --continuous autopentest evidence collect --vulnerability-id 67890 --proof-of-concept autopentest evidence collect --target example.com --timeline

Evidence validation and integrity

autopentest evidence validate --evidence-id 98765 autopentest evidence hash --evidence-id 98765 --algorithm sha256 autopentest evidence sign --evidence-id 98765 --digital-signature ```_

Forensische Dokumentation

```bash

Generate forensic reports

autopentest forensics report --session session-123 --detailed autopentest forensics report --target example.com --timeline autopentest forensics report --campaign campaign-456 --comprehensive

Chain of custody

autopentest forensics custody --evidence-id 98765 --initialize autopentest forensics custody --evidence-id 98765 --transfer autopentest forensics custody --evidence-id 98765 --verify

Evidence export for legal purposes

autopentest forensics export --evidence-id 98765 --format legal autopentest forensics export --session session-123 --court-ready autopentest forensics export --campaign campaign-456 --compliance ```_

Reporting und Analyse

AI-generierte Berichte

```bash

Autonomous report generation

autopentest report generate --target example.com --ai-authored autopentest report generate --campaign campaign-456 --executive-summary autopentest report generate --session session-123 --technical-details

Custom report templates

autopentest report generate --template compliance --target example.com autopentest report generate --template red-team --campaign campaign-456 autopentest report generate --template vulnerability-assessment --scan-id 12345

Multi-format output

autopentest report generate --target example.com --format pdf,html,json autopentest report generate --campaign campaign-456 --format docx autopentest report generate --session session-123 --format markdown ```_

Risikobewertung und Scoring

```bash

AI-powered risk analysis

autopentest risk assess --target example.com --business-context autopentest risk assess --vulnerabilities vulns.json --impact-analysis autopentest risk assess --campaign campaign-456 --comprehensive

Risk scoring and prioritization

autopentest risk score --vulnerability-id 67890 --cvss-plus-ai autopentest risk score --target example.com --business-risk autopentest risk score --campaign campaign-456 --overall-posture

Risk mitigation recommendations

autopentest risk mitigate --target example.com --recommendations autopentest risk mitigate --vulnerability-id 67890 --step-by-step autopentest risk mitigate --campaign campaign-456 --prioritized ```_

Erweiterte Konfiguration

KI Modellkonfiguration

```yaml

config/ai_models.yaml

ai_models: primary: provider: "openai" model: "gpt-4o" api_key: "${OPENAI_API_KEY}" max_tokens: 8000 temperature: 0.3

reasoning: provider: "openai" model: "gpt-4o" api_key: "${OPENAI_API_KEY}" max_tokens: 4000 temperature: 0.1

creative: provider: "anthropic" model: "claude-3-opus" api_key: "${ANTHROPIC_API_KEY}" max_tokens: 4000 temperature: 0.7

reasoning_prompts: vulnerability_analysis: "prompts/vuln_analysis.txt" exploit_selection: "prompts/exploit_selection.txt" attack_planning: "prompts/attack_planning.txt" risk_assessment: "prompts/risk_assessment.txt" ```_

Autonome Verhaltenseinstellungen

```yaml

config/autonomous.yaml

autonomous_settings: max_attack_depth: 5 max_session_duration: 3600 # 1 hour risk_tolerance: "medium" stealth_priority: "high"

decision_making: confidence_threshold: 0.8 require_human_approval: false auto_escalate_privileges: true auto_lateral_movement: true

safety_limits: no_destructive_actions: true no_data_exfiltration: true respect_scope_limits: true max_concurrent_sessions: 5

learning: adapt_to_defenses: true learn_from_failures: true update_tactics: true share_intelligence: false ```_

Integration Konfiguration

```yaml

config/integrations.yaml

integrations: metasploit: enabled: true rpc_host: "localhost" rpc_port: 55553 rpc_user: "msf" rpc_pass: "${MSF_PASSWORD}"

burp_suite: enabled: true api_url: "http://localhost:1337" api_key: "${BURP_API_KEY}"

nessus: enabled: true server_url: "https://nessus.local:8834" access_key: "${NESSUS_ACCESS_KEY}" secret_key: "${NESSUS_SECRET_KEY}"

siem: enabled: true type: "splunk" endpoint: "https://splunk.local:8089" token: "${SPLUNK_TOKEN}" ```_

Sicherheit und Ethische Überlegungen

Zulassung und Scope Management

```bash

Define authorized targets and scope

autopentest scope define --target example.com --authorized autopentest scope define --network 192.168.1.0/24 --internal-only autopentest scope define --url https://app.example.com --web-only

Scope validation and enforcement

autopentest scope validate --target test.example.com autopentest scope enforce --strict-mode autopentest scope check --all-targets

Authorization documentation

autopentest auth document --target example.com --signed-agreement autopentest auth verify --target example.com --legal-approval autopentest auth export --format legal-document ```_

Sicherheitsmechanismen

```bash

Enable safety controls

autopentest safety enable --all-controls autopentest safety enable --no-destructive --no-dos autopentest safety enable --data-protection --scope-enforcement

Safety monitoring

autopentest safety monitor --real-time autopentest safety check --pre-execution autopentest safety validate --post-execution

Emergency controls

autopentest safety emergency-stop --all-campaigns autopentest safety quarantine --session session-123 autopentest safety rollback --changes-since timestamp ```_

Compliance und Auditing

```bash

Enable comprehensive auditing

autopentest audit enable --all-activities autopentest audit enable --decision-logging --ai-reasoning autopentest audit enable --evidence-chain --legal-compliance

Audit reporting

autopentest audit report --campaign campaign-456 --compliance autopentest audit report --timeframe "2024-01-01,2024-01-31" --detailed autopentest audit export --format soc2 --period quarterly

Compliance validation

autopentest compliance check --standard iso27001 autopentest compliance check --standard nist --framework cybersecurity autopentest compliance validate --all-activities --legal-review ```_

Fehlerbehebung und Optimierung

Leistungsüberwachung

```bash

Monitor system performance

autopentest monitor performance --real-time autopentest monitor resources --campaign campaign-456 autopentest monitor ai-usage --costs --tokens

Performance optimization

autopentest optimize performance --target example.com autopentest optimize ai-calls --reduce-redundancy autopentest optimize memory --cleanup-sessions

Scaling and load balancing

autopentest scale up --workers 10 autopentest scale distribute --targets multiple autopentest scale optimize --resource-allocation ```_

Debugging und Diagnose

```bash

Debug mode and verbose logging

autopentest --debug campaign start --target example.com autopentest --verbose ai plan-attack --target example.com autopentest logs view --level debug --component ai-reasoning

System diagnostics

autopentest diagnose system --comprehensive autopentest diagnose ai-models --connectivity autopentest diagnose integrations --all-tools

Error analysis and resolution

autopentest errors analyze --session session-123 autopentest errors resolve --error-id 54321 --auto-fix autopentest errors report --campaign campaign-456 --detailed ```_

Wiederherstellung und Sicherung

```bash

Session recovery

autopentest recover session --session-id session-123 autopentest recover campaign --campaign-id campaign-456 autopentest recover state --from-backup backup-789

Backup and restore

autopentest backup create --campaign campaign-456 --full autopentest backup restore --backup-id backup-789 autopentest backup schedule --daily --retention 30d

Data integrity verification

autopentest verify integrity --all-data autopentest verify checksums --evidence-only autopentest verify consistency --cross-reference ```_

Integrationsbeispiele

CI/CD Pipeline Integration

```yaml

.github/workflows/autonomous-security-test.yml

name: Autonomous Security Testing on: schedule: - cron: '0 2 * * 0' # Weekly on Sunday at 2 AM workflow_dispatch:

jobs: autonomous-pentest: runs-on: ubuntu-latest steps: - name: Setup AutoPentest run: | pip install autopentest autopentest config set openai_api_key ${{ secrets.OPENAI_API_KEY }} autopentest config set autonomous_mode true autopentest config set safety_controls true

- name: Run Autonomous Penetration Test
  run: |
    autopentest campaign create --name "ci_security_test"
    autopentest campaign start --target ${{ env.TARGET_DOMAIN }} --autonomous
    autopentest campaign wait --timeout 3600

- name: Generate Security Report
  run: |
    autopentest report generate --campaign ci_security_test --format json > security_report.json
    autopentest report generate --campaign ci_security_test --format pdf > security_report.pdf

- name: Upload Results
  uses: actions/upload-artifact@v3
  with:
    name: security-assessment-results
    path: |
      security_report.json
      security_report.pdf

```_

SOAR Plattform Integration

```python

integrations/soar_integration.py

import requests import json from autopentest.core.integration import BaseIntegration

class SOARIntegration(BaseIntegration): def init(self, soar_url, api_key): self.soar_url = soar_url self.api_key = api_key

def create_incident(self, vulnerability):
    incident_data = {
        "title": f"Critical Vulnerability: {vulnerability.name}",
        "description": vulnerability.description,
        "severity": self.map_severity(vulnerability.severity),
        "source": "autopentest",
        "artifacts": [
            {
                "type": "ip",
                "value": vulnerability.target_ip
            },
            {
                "type": "cve",
                "value": vulnerability.cve
            }
        ]
    }

    headers = {
        "Authorization": f"Bearer {self.api_key}",
        "Content-Type": "application/json"
    }

    response = requests.post(
        f"{self.soar_url}/api/incidents",
        headers=headers,
        json=incident_data
    )

    return response.json()

def trigger_playbook(self, playbook_name, context):
    playbook_data = {
        "playbook": playbook_name,
        "context": context,
        "auto_execute": True
    }

    headers = {
        "Authorization": f"Bearer {self.api_key}",
        "Content-Type": "application/json"
    }

    response = requests.post(
        f"{self.soar_url}/api/playbooks/execute",
        headers=headers,
        json=playbook_data
    )

    return response.json()

```_

Best Practices

Autonome Teststrategie

```bash

Gradual autonomy increase

autopentest config set autonomy_level 1 # Supervised autopentest config set autonomy_level 3 # Semi-autonomous autopentest config set autonomy_level 5 # Fully autonomous

Risk-based approach

autopentest config set risk_tolerance low # Conservative autopentest config set risk_tolerance medium # Balanced autopentest config set risk_tolerance high # Aggressive

Continuous learning

autopentest ai train --from-campaigns --improve-accuracy autopentest ai update-models --latest-threats autopentest ai calibrate --false-positive-reduction ```_

Qualitätssicherung

```bash

Validation and verification

autopentest validate findings --all-vulnerabilities autopentest verify exploits --proof-of-concept autopentest cross-reference --multiple-sources

Accuracy improvement

autopentest accuracy measure --campaign campaign-456 autopentest accuracy improve --false-positive-analysis autopentest accuracy benchmark --industry-standards ```_

Operationelle Sicherheit

```bash

Stealth and evasion

autopentest stealth enable --advanced-evasion autopentest stealth randomize --timing --user-agents autopentest stealth encrypt --communications --payloads

Operational security

autopentest opsec enable --anti-forensics autopentest opsec clean --artifacts --logs autopentest opsec verify --no-traces-left ```_

Ressourcen

Dokumentation

• AutoPentest Dokumentation
• [AI Integration Guide](LINK_9 -%20[API%20Reference](_LINK_9__

%20Gemeinschaft

-%20[AutoPentest%20GitHub](LINK_9 -%20Forschungspapiere - [Security Community Forum](__LINK_9___

%20Ausbildung

-%20(LINK_9) - [AI Security Testing Certification](LINK_9 -%20Video-Tutorials