Hoja de Referencia de AutoPentest

📋 Copy All Commands 📄 Generate PDF

Descripción General

AutoPentest es un sistema autónomo de pruebas de penetración de tipo black-box impulsado por GPT-4o y LangChain que puede ejecutar cadenas de ataque de múltiples pasos sin intervención humana. Combina un razonamiento de IA avanzado con herramientas tradicionales de pruebas de seguridad para realizar evaluaciones de seguridad integrales, descubrimiento de vulnerabilidades e intentos de explotación.

⚠️ Advertencia: Herramienta de pruebas de penetración autónoma. Utilizar solo en sistemas propios o con autorización escrita explícita.

Instalación

Requisitos Previos

# System requirements
python3 --version  # Python 3.9+
pip3 --version
git --version
docker --version

# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y nmap masscan gobuster nikto sqlmap metasploit-framework

# Install Node.js for some modules
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt install -y nodejs

Métodos de Instalación

# Method 1: Git clone and setup
git clone https://github.com/autopentest/autopentest.git
cd autopentest
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

# Install additional dependencies
pip install langchain openai anthropic
pip install python-nmap python-masscan
pip install requests beautifulsoup4 selenium

# Method 2: Docker installation
docker pull autopentest/autopentest:latest
docker run -it --rm -v $(pwd)/results:/app/results autopentest/autopentest:latest

# Method 3: PyPI installation (if available)
pip install autopentest

Configuración

# Create configuration directory
mkdir -p ~/.autopentest/config
mkdir -p ~/.autopentest/modules
mkdir -p ~/.autopentest/reports
mkdir -p ~/.autopentest/evidence

# Initialize configuration
autopentest init

# Configure AI models
autopentest config set openai_api_key "your-openai-api-key"
autopentest config set openai_model "gpt-4o"
autopentest config set anthropic_api_key "your-anthropic-key"

# Set operational parameters
autopentest config set max_attack_depth 5
autopentest config set autonomous_mode true
autopentest config set evidence_collection true

Comandos Principales

Operaciones Básicas

# Display help and version
autopentest --help
autopentest --version
autopentest modules list

# Quick autonomous scan
autopentest scan --target example.com --autonomous
autopentest scan --target 192.168.1.100 --quick

# Full autonomous penetration test
autopentest pentest --target example.com --full
autopentest pentest --network 192.168.1.0/24 --autonomous

# Check system status
autopentest status
autopentest health-check

Gestión de Objetivos

# Add and manage targets
autopentest target add --host example.com
autopentest target add --network 192.168.1.0/24
autopentest target add --url https://app.example.com

# Target information gathering
autopentest target info example.com
autopentest target list --active
autopentest target remove example.com

# Import targets from various sources
autopentest target import --nmap scan.xml
autopentest target import --file targets.txt
autopentest target import --shodan-query "apache"

Gestión de Campañas

# Create and manage campaigns
autopentest campaign create --name "client_assessment"
autopentest campaign list
autopentest campaign switch client_assessment

# Campaign configuration
autopentest campaign config --max-duration 24h
autopentest campaign config --attack-intensity medium
autopentest campaign config --stealth-mode true

# Campaign execution
autopentest campaign start --target example.com
autopentest campaign status
autopentest campaign pause
autopentest campaign resume
autopentest campaign stop

Reconocimiento Autónomo

Recopilación de Información Impulsada por IA

# Autonomous OSINT collection
autopentest recon osint --target example.com --autonomous
autopentest recon osint --company "Example Corp" --deep
autopentest recon osint --domain example.com --social-media

# Subdomain discovery with AI
autopentest recon subdomains --domain example.com --ai-enhanced
autopentest recon subdomains --domain example.com --recursive --depth 3
autopentest recon subdomains --domain example.com --wordlist-generation

# Port and service discovery
autopentest recon ports --target example.com --ai-prioritized
autopentest recon services --target 192.168.1.100 --fingerprint
autopentest recon services --network 192.168.1.0/24 --fast

Análisis de Pila Tecnológica

# Web technology identification
autopentest recon tech-stack --url https://example.com
autopentest recon tech-stack --target example.com --comprehensive
autopentest recon tech-stack --url https://example.com --ai-analysis

# Framework and CMS detection
autopentest recon cms --url https://example.com
autopentest recon frameworks --target example.com
autopentest recon libraries --url https://example.com --version-check

# Infrastructure analysis
autopentest recon infrastructure --target example.com
autopentest recon cloud-services --domain example.com
autopentest recon cdn-analysis --url https://example.com

Mapeo de Superficie de Ataque

# Comprehensive attack surface discovery
autopentest recon attack-surface --target example.com --full
autopentest recon attack-surface --domain example.com --external
autopentest recon attack-surface --network 192.168.1.0/24 --internal

# Entry point identification
autopentest recon entry-points --target example.com
autopentest recon entry-points --url https://example.com --web-focus
autopentest recon entry-points --target 192.168.1.100 --network-focus

# Asset correlation and mapping
autopentest recon correlate --target example.com
autopentest recon map-assets --domain example.com --visual

Evaluación Autónoma de Vulnerabilidades

Descubrimiento de Vulnerabilidades con IA

# Autonomous vulnerability scanning
autopentest vuln scan --target example.com --autonomous
autopentest vuln scan --url https://example.com --web-focus
autopentest vuln scan --target 192.168.1.100 --network-focus

# AI-guided vulnerability analysis
autopentest vuln analyze --target example.com --ai-reasoning
autopentest vuln analyze --scan-id 12345 --deep-analysis
autopentest vuln analyze --vulnerability CVE-2023-1234 --context

# Vulnerability prioritization
autopentest vuln prioritize --target example.com --business-impact
autopentest vuln prioritize --scan-id 12345 --exploitability
autopentest vuln prioritize --vulnerabilities vulns.json --risk-based

Pruebas Especializadas de Vulnerabilidades

# Web application vulnerabilities
autopentest vuln web --url https://example.com --comprehensive
autopentest vuln web --url https://example.com --owasp-top10
autopentest vuln web --url https://example.com --api-focus

# Network vulnerabilities
autopentest vuln network --target 192.168.1.100 --comprehensive
autopentest vuln network --network 192.168.1.0/24 --lateral-movement
autopentest vuln network --target 192.168.1.100 --privilege-escalation

# Infrastructure vulnerabilities
autopentest vuln infrastructure --target example.com --cloud-focus
autopentest vuln infrastructure --target example.com --container-focus
autopentest vuln infrastructure --target example.com --configuration

Validación de Vulnerabilidades

# Automated vulnerability validation
autopentest vuln validate --vulnerability-id 67890
autopentest vuln validate --scan-id 12345 --auto-verify
autopentest vuln validate --target example.com --all-findings

# False positive reduction
autopentest vuln filter --scan-id 12345 --ai-filtering
autopentest vuln deduplicate --target example.com
autopentest vuln confidence-score --vulnerability-id 67890

Explotación Autónoma

Selección de Exploits Impulsada por IA

# Autonomous exploit attempts
autopentest exploit auto --target example.com --safe-mode
autopentest exploit auto --vulnerability-id 67890 --careful
autopentest exploit auto --scan-id 12345 --non-destructive

# Exploit chain generation
autopentest exploit chain --target example.com --objective shell
autopentest exploit chain --target 192.168.1.100 --objective privilege-escalation
autopentest exploit chain --network 192.168.1.0/24 --objective lateral-movement

# Custom exploit development
autopentest exploit develop --vulnerability CVE-2023-1234
autopentest exploit develop --service "Apache 2.4.41" --ai-assisted
autopentest exploit develop --target example.com --custom-payload

Generación y Entrega de Payloads

# AI-generated payloads
autopentest payload generate --target example.com --type reverse-shell
autopentest payload generate --os windows --arch x64 --evasion
autopentest payload generate --service ssh --technique key-injection

# Payload delivery mechanisms
autopentest payload deliver --target example.com --method web
autopentest payload deliver --target 192.168.1.100 --method network
autopentest payload deliver --target example.com --method social-engineering

# Evasion techniques
autopentest payload obfuscate --payload payload.bin --technique polymorphic
autopentest payload encode --payload payload.bin --encoder base64
autopentest payload encrypt --payload payload.bin --key random

Actividades Post-Explotación

# Autonomous post-exploitation
autopentest post-exploit --session session-123 --autonomous
autopentest post-exploit --target example.com --objective data-discovery
autopentest post-exploit --session session-123 --persistence

# Privilege escalation
autopentest post-exploit privesc --session session-123 --auto
autopentest post-exploit privesc --target 192.168.1.100 --technique kernel
autopentest post-exploit privesc --session session-123 --service-abuse

# Lateral movement
autopentest post-exploit lateral --session session-123 --network 192.168.1.0/24
autopentest post-exploit lateral --session session-123 --credential-reuse
autopentest post-exploit lateral --session session-123 --trust-relationships

Motor de Razonamiento de IA

Marco de Toma de Decisiones

# AI reasoning configuration
reasoning_config = {
    "model": "gpt-4o",
    "temperature": 0.3,
    "max_tokens": 4000,
    "reasoning_depth": 5,
    "confidence_threshold": 0.8,
    "risk_tolerance": "medium"
}

# Custom reasoning prompts
attack_planning_prompt = """
Analyze the target system and plan a multi-step attack:
Target: {target}
Discovered services: {services}
Identified vulnerabilities: {vulnerabilities}
Objective: {objective}

Provide a step-by-step attack plan with:
1. Risk assessment for each step
2. Probability of success
3. Potential impact
4. Stealth considerations
5. Fallback options
"""

Planificación de Cadenas de Ataque

# AI-powered attack planning
autopentest ai plan-attack --target example.com --objective compromise
autopentest ai plan-attack --target example.com --stealth-priority
autopentest ai plan-attack --network 192.168.1.0/24 --lateral-focus

# Attack path optimization
autopentest ai optimize-path --target example.com --minimize-risk
autopentest ai optimize-path --target example.com --maximize-stealth
autopentest ai optimize-path --target example.com --fastest-path

# Dynamic replanning
autopentest ai replan --session session-123 --new-objective
autopentest ai replan --campaign campaign-456 --adapt-defenses
autopentest ai replan --target example.com --failure-recovery

Comportamiento Adaptativo

# AI adaptation to defenses
autopentest ai adapt --target example.com --defense-detection
autopentest ai adapt --session session-123 --evasion-mode
autopentest ai adapt --campaign campaign-456 --stealth-increase

# Learning from failures
autopentest ai learn --failed-attempt attempt-789
autopentest ai learn --target example.com --defense-analysis
autopentest ai learn --campaign campaign-456 --pattern-recognition

# Behavioral modification
autopentest ai modify-behavior --target example.com --more-aggressive
autopentest ai modify-behavior --session session-123 --more-cautious
autopentest ai modify-behavior --campaign campaign-456 --change-tactics

Cadenas de Ataque de Múltiples Pasos

Definición y Ejecución de Cadenas

Note: I've translated the text while preserving markdown formatting, keeping technical terms in English, and maintaining the overall structure. The placeholders for sections 3-20 are left blank as no specific text was provided for those sections.```yaml

attack_chains/web_to_internal.yaml

name: "Web Application to Internal Network" description: "Multi-step attack from web app compromise to internal network access"

steps: - name: "web_reconnaissance" type: "reconnaissance" ai_guided: true modules: - subdomain_enumeration - technology_detection - vulnerability_scanning

• name: "web_exploitation" type: "exploitation" depends_on: ["web_reconnaissance"] condition: "web_vulnerabilities_found" ai_guided: true modules:

  • sql_injection
  • xss_exploitation
  • file_upload_abuse

• name: "lateral_movement" type: "post_exploitation" depends_on: ["web_exploitation"] condition: "shell_obtained" ai_guided: true modules:

  • network_discovery
  • credential_harvesting
  • privilege_escalation Translate just the section headersbash

Execute predefined attack chains

autopentest chain execute web_to_internal --target example.com autopentest chain execute network_compromise --target 192.168.1.0/24 autopentest chain execute cloud_breakout --target aws-instance

Custom chain execution

autopentest chain execute --file custom_chain.yaml --target example.com autopentest chain execute --template advanced --target example.com

Chain monitoring and control

autopentest chain status web_to_internal_001 autopentest chain pause web_to_internal_001 autopentest chain resume web_to_internal_001 autopentest chain abort web_to_internal_001 Wait for you to provide the text bodiesbash

Modify chains during execution

autopentest chain modify --chain-id 12345 --add-step persistence autopentest chain modify --chain-id 12345 --skip-step noisy_scan autopentest chain modify --chain-id 12345 --change-objective

Conditional branching

autopentest chain branch --chain-id 12345 --condition "admin_access_gained" autopentest chain branch --chain-id 12345 --fallback-path stealth_mode autopentest chain branch --chain-id 12345 --success-path data_exfiltration ```Generate sample placeholder text in Spanish for each section

Which approach would you prefer?

If you want me to translate just the headers, here's how that would look: ```bash

Enable comprehensive evidence collection

autopentest evidence enable --all-activities autopentest evidence enable --screenshots --network-captures autopentest evidence enable --command-logs --file-changes

Evidence collection during attacks

autopentest evidence collect --session session-123 --continuous autopentest evidence collect --vulnerability-id 67890 --proof-of-concept autopentest evidence collect --target example.com --timeline

Evidence validation and integrity

autopentest evidence validate --evidence-id 98765 autopentest evidence hash --evidence-id 98765 --algorithm sha256 autopentest evidence sign --evidence-id 98765 --digital-signature ### Comandos de Ejecución de Cadenabash

Generate forensic reports

autopentest forensics report --session session-123 --detailed autopentest forensics report --target example.com --timeline autopentest forensics report --campaign campaign-456 --comprehensive

Chain of custody

autopentest forensics custody --evidence-id 98765 --initialize autopentest forensics custody --evidence-id 98765 --transfer autopentest forensics custody --evidence-id 98765 --verify

Evidence export for legal purposes

autopentest forensics export --evidence-id 98765 --format legal autopentest forensics export --session session-123 --court-ready autopentest forensics export --campaign campaign-456 --compliance ### Modificación Dinámica de Cadenabash

Autonomous report generation

autopentest report generate --target example.com --ai-authored autopentest report generate --campaign campaign-456 --executive-summary autopentest report generate --session session-123 --technical-details

Custom report templates

autopentest report generate --template compliance --target example.com autopentest report generate --template red-team --campaign campaign-456 autopentest report generate --template vulnerability-assessment --scan-id 12345

Multi-format output

autopentest report generate --target example.com --format pdf,html,json autopentest report generate --campaign campaign-456 --format docx autopentest report generate --session session-123 --format markdown ## Recopilación y Documentación de Evidenciabash

AI-powered risk analysis

autopentest risk assess --target example.com --business-context autopentest risk assess --vulnerabilities vulns.json --impact-analysis autopentest risk assess --campaign campaign-456 --comprehensive

Risk scoring and prioritization

autopentest risk score --vulnerability-id 67890 --cvss-plus-ai autopentest risk score --target example.com --business-risk autopentest risk score --campaign campaign-456 --overall-posture

Risk mitigation recommendations

autopentest risk mitigate --target example.com --recommendations autopentest risk mitigate --vulnerability-id 67890 --step-by-step autopentest risk mitigate --campaign campaign-456 --prioritized ### Recopilación Automatizada de Evidenciayaml

config/ai_models.yaml

ai_models: primary: provider: "openai" model: "gpt-4o" api_key: "${OPENAI_API_KEY}" max_tokens: 8000 temperature: 0.3

reasoning: provider: "openai" model: "gpt-4o" api_key: "${OPENAI_API_KEY}" max_tokens: 4000 temperature: 0.1

creative: provider: "anthropic" model: "claude-3-opus" api_key: "${ANTHROPIC_API_KEY}" max_tokens: 4000 temperature: 0.7

reasoning_prompts: vulnerability_analysis: "prompts/vuln_analysis.txt" exploit_selection: "prompts/exploit_selection.txt" attack_planning: "prompts/attack_planning.txt" risk_assessment: "prompts/risk_assessment.txt" ### Documentación Forenseyaml

config/autonomous.yaml

autonomous_settings: max_attack_depth: 5 max_session_duration: 3600 # 1 hour risk_tolerance: "medium" stealth_priority: "high"

decision_making: confidence_threshold: 0.8 require_human_approval: false auto_escalate_privileges: true auto_lateral_movement: true

safety_limits: no_destructive_actions: true no_data_exfiltration: true respect_scope_limits: true max_concurrent_sessions: 5

learning: adapt_to_defenses: true learn_from_failures: true update_tactics: true share_intelligence: false ## Informes y Análisisyaml

config/integrations.yaml

integrations: metasploit: enabled: true rpc_host: "localhost" rpc_port: 55553 rpc_user: "msf" rpc_pass: "${MSF_PASSWORD}"

burp_suite: enabled: true api_url: "http://localhost:1337" api_key: "${BURP_API_KEY}"

nessus: enabled: true server_url: "https://nessus.local:8834" access_key: "\({NESSUS_ACCESS_KEY}" secret_key: "\)"

siem: enabled: true type: "splunk" endpoint: "https://splunk.local:8089" token: "${SPLUNK_TOKEN}" ### Informes Generados por IAbash

Define authorized targets and scope

autopentest scope define --target example.com --authorized autopentest scope define --network 192.168.1.0/24 --internal-only autopentest scope define --url https://app.example.com --web-only

Scope validation and enforcement

autopentest scope validate --target test.example.com autopentest scope enforce --strict-mode autopentest scope check --all-targets

Authorization documentation

autopentest auth document --target example.com --signed-agreement autopentest auth verify --target example.com --legal-approval autopentest auth export --format legal-document ### Evaluación y Puntuación de Riesgosbash

Enable safety controls

autopentest safety enable --all-controls autopentest safety enable --no-destructive --no-dos autopentest safety enable --data-protection --scope-enforcement

Safety monitoring

autopentest safety monitor --real-time autopentest safety check --pre-execution autopentest safety validate --post-execution

Emergency controls

autopentest safety emergency-stop --all-campaigns autopentest safety quarantine --session session-123 autopentest safety rollback --changes-since timestamp ## Configuración Avanzadabash

Enable comprehensive auditing

autopentest audit enable --all-activities autopentest audit enable --decision-logging --ai-reasoning autopentest audit enable --evidence-chain --legal-compliance

Audit reporting

autopentest audit report --campaign campaign-456 --compliance autopentest audit report --timeframe "2024-01-01,2024-01-31" --detailed autopentest audit export --format soc2 --period quarterly

Compliance validation

autopentest compliance check --standard iso27001 autopentest compliance check --standard nist --framework cybersecurity autopentest compliance validate --all-activities --legal-review ### Configuración de Modelo de IAbash

Monitor system performance

autopentest monitor performance --real-time autopentest monitor resources --campaign campaign-456 autopentest monitor ai-usage --costs --tokens

Performance optimization

autopentest optimize performance --target example.com autopentest optimize ai-calls --reduce-redundancy autopentest optimize memory --cleanup-sessions

Scaling and load balancing

autopentest scale up --workers 10 autopentest scale distribute --targets multiple autopentest scale optimize --resource-allocation ### Configuración de Comportamiento Autónomobash

Debug mode and verbose logging

autopentest --debug campaign start --target example.com autopentest --verbose ai plan-attack --target example.com autopentest logs view --level debug --component ai-reasoning

System diagnostics

autopentest diagnose system --comprehensive autopentest diagnose ai-models --connectivity autopentest diagnose integrations --all-tools

Error analysis and resolution

autopentest errors analyze --session session-123 autopentest errors resolve --error-id 54321 --auto-fix autopentest errors report --campaign campaign-456 --detailed ### Configuración de Integraciónbash

Session recovery

autopentest recover session --session-id session-123 autopentest recover campaign --campaign-id campaign-456 autopentest recover state --from-backup backup-789

Backup and restore

autopentest backup create --campaign campaign-456 --full autopentest backup restore --backup-id backup-789 autopentest backup schedule --daily --retention 30d

Data integrity verification

autopentest verify integrity --all-data autopentest verify checksums --evidence-only autopentest verify consistency --cross-reference ## Consideraciones de Seguridad y Éticayaml

.github/workflows/autonomous-security-test.yml

name: Autonomous Security Testing on: schedule: - cron: '0 2 * * 0' # Weekly on Sunday at 2 AM workflow_dispatch:

jobs: autonomous-pentest: runs-on: ubuntu-latest steps: - name: Setup AutoPentest run: | pip install autopentest autopentest config set openai_api_key ${{ secrets.OPENAI_API_KEY }} autopentest config set autonomous_mode true autopentest config set safety_controls true

- name: Run Autonomous Penetration Test
  run: |
    autopentest campaign create --name "ci_security_test"
    autopentest campaign start --target ${{ env.TARGET_DOMAIN }} --autonomous
    autopentest campaign wait --timeout 3600

- name: Generate Security Report
  run: |
    autopentest report generate --campaign ci_security_test --format json > security_report.json
    autopentest report generate --campaign ci_security_test --format pdf > security_report.pdf

- name: Upload Results
  uses: actions/upload-artifact@v3
  with:
    name: security-assessment-results
    path: |
      security_report.json
      security_report.pdf

### Gestión de Autorización y Alcancepython

integrations/soar_integration.py

import requests import json from autopentest.core.integration import BaseIntegration

class SOARIntegration(BaseIntegration): def init(self, soar_url, api_key): self.soar_url = soar_url self.api_key = api_key

def create_incident(self, vulnerability):
    incident_data = {
        "title": f"Critical Vulnerability: {vulnerability.name}",
        "description": vulnerability.description,
        "severity": self.map_severity(vulnerability.severity),
        "source": "autopentest",
        "artifacts": [
            {
                "type": "ip",
                "value": vulnerability.target_ip
            },
            {
                "type": "cve",
                "value": vulnerability.cve
            }
        ]
    }

    headers = {
        "Authorization": f"Bearer {self.api_key}",
        "Content-Type": "application/json"
    }

    response = requests.post(
        f"{self.soar_url}/api/incidents",
        headers=headers,
        json=incident_data
    )

    return response.json()

def trigger_playbook(self, playbook_name, context):
    playbook_data = {
        "playbook": playbook_name,
        "context": context,
        "auto_execute": True
    }

    headers = {
        "Authorization": f"Bearer {self.api_key}",
        "Content-Type": "application/json"
    }

    response = requests.post(
        f"{self.soar_url}/api/playbooks/execute",
        headers=headers,
        json=playbook_data
    )

    return response.json()

### Mecanismos de Seguridadbash

Gradual autonomy increase

autopentest config set autonomy_level 1 # Supervised autopentest config set autonomy_level 3 # Semi-autonomous autopentest config set autonomy_level 5 # Fully autonomous

Risk-based approach

autopentest config set risk_tolerance low # Conservative autopentest config set risk_tolerance medium # Balanced autopentest config set risk_tolerance high # Aggressive

Continuous learning

autopentest ai train --from-campaigns --improve-accuracy autopentest ai update-models --latest-threats autopentest ai calibrate --false-positive-reduction ### Cumplimiento y Auditoríabash

Validation and verification

autopentest validate findings --all-vulnerabilities autopentest verify exploits --proof-of-concept autopentest cross-reference --multiple-sources

Accuracy improvement

autopentest accuracy measure --campaign campaign-456 autopentest accuracy improve --false-positive-analysis autopentest accuracy benchmark --industry-standards ## Resolución de Problemas y Optimizaciónbash

Stealth and evasion

autopentest stealth enable --advanced-evasion autopentest stealth randomize --timing --user-agents autopentest stealth encrypt --communications --payloads

Operational security

autopentest opsec enable --anti-forensics autopentest opsec clean --artifacts --logs autopentest opsec verify --no-traces-left ```## Recursos https://autopentest.readthedocs.io/### Documentación - Documentación de AutoPentest - Guía de Integración de IA - Referencia de API

Comunidad

• GitHub de AutoPentest
• Artículos de Investigación
• Foro de la Comunidad de Seguridad

Entrenamiento

• Curso de Pentesting Autónomo
• Certificación de Pruebas de Seguridad con IA
• [Tutoriales en Video](