Aide-Mémoire AutoPentest
Vue d’ensemble
AutoPentest est un système autonome de test d’intrusion en boîte noire alimenté par GPT-4o et LangChain qui peut exécuter des chaînes d’attaque multi-étapes sans intervention humaine. Il combine un raisonnement d’IA avancé avec des outils traditionnels de test de sécurité pour effectuer des évaluations de sécurité complètes, découvrir des vulnérabilités et tenter des exploitations.
⚠️ Avertissement : Outil de test d’intrusion autonome. À utiliser uniquement sur des systèmes dont vous êtes propriétaire ou pour lesquels vous avez une autorisation écrite explicite.
Installation
Prérequis
# System requirements
python3 --version # Python 3.9+
pip3 --version
git --version
docker --version
# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y nmap masscan gobuster nikto sqlmap metasploit-framework
# Install Node.js for some modules
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt install -y nodejsMéthodes d’Installation
# Method 1: Git clone and setup
git clone https://github.com/autopentest/autopentest.git
cd autopentest
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install additional dependencies
pip install langchain openai anthropic
pip install python-nmap python-masscan
pip install requests beautifulsoup4 selenium
# Method 2: Docker installation
docker pull autopentest/autopentest:latest
docker run -it --rm -v $(pwd)/results:/app/results autopentest/autopentest:latest
# Method 3: PyPI installation (if available)
pip install autopentestConfiguration
# Create configuration directory
mkdir -p ~/.autopentest/config
mkdir -p ~/.autopentest/modules
mkdir -p ~/.autopentest/reports
mkdir -p ~/.autopentest/evidence
# Initialize configuration
autopentest init
# Configure AI models
autopentest config set openai_api_key "your-openai-api-key"
autopentest config set openai_model "gpt-4o"
autopentest config set anthropic_api_key "your-anthropic-key"
# Set operational parameters
autopentest config set max_attack_depth 5
autopentest config set autonomous_mode true
autopentest config set evidence_collection trueCommandes Principales
Opérations de Base
# Display help and version
autopentest --help
autopentest --version
autopentest modules list
# Quick autonomous scan
autopentest scan --target example.com --autonomous
autopentest scan --target 192.168.1.100 --quick
# Full autonomous penetration test
autopentest pentest --target example.com --full
autopentest pentest --network 192.168.1.0/24 --autonomous
# Check system status
autopentest status
autopentest health-checkGestion des Cibles
# Add and manage targets
autopentest target add --host example.com
autopentest target add --network 192.168.1.0/24
autopentest target add --url https://app.example.com
# Target information gathering
autopentest target info example.com
autopentest target list --active
autopentest target remove example.com
# Import targets from various sources
autopentest target import --nmap scan.xml
autopentest target import --file targets.txt
autopentest target import --shodan-query "apache"Gestion de Campagne
# Create and manage campaigns
autopentest campaign create --name "client_assessment"
autopentest campaign list
autopentest campaign switch client_assessment
# Campaign configuration
autopentest campaign config --max-duration 24h
autopentest campaign config --attack-intensity medium
autopentest campaign config --stealth-mode true
# Campaign execution
autopentest campaign start --target example.com
autopentest campaign status
autopentest campaign pause
autopentest campaign resume
autopentest campaign stopReconnaissance Autonome
Collecte d’Informations Pilotée par IA
# Autonomous OSINT collection
autopentest recon osint --target example.com --autonomous
autopentest recon osint --company "Example Corp" --deep
autopentest recon osint --domain example.com --social-media
# Subdomain discovery with AI
autopentest recon subdomains --domain example.com --ai-enhanced
autopentest recon subdomains --domain example.com --recursive --depth 3
autopentest recon subdomains --domain example.com --wordlist-generation
# Port and service discovery
autopentest recon ports --target example.com --ai-prioritized
autopentest recon services --target 192.168.1.100 --fingerprint
autopentest recon services --network 192.168.1.0/24 --fastAnalyse de la Pile Technologique
# Web technology identification
autopentest recon tech-stack --url https://example.com
autopentest recon tech-stack --target example.com --comprehensive
autopentest recon tech-stack --url https://example.com --ai-analysis
# Framework and CMS detection
autopentest recon cms --url https://example.com
autopentest recon frameworks --target example.com
autopentest recon libraries --url https://example.com --version-check
# Infrastructure analysis
autopentest recon infrastructure --target example.com
autopentest recon cloud-services --domain example.com
autopentest recon cdn-analysis --url https://example.comCartographie de la Surface d’Attaque
# Comprehensive attack surface discovery
autopentest recon attack-surface --target example.com --full
autopentest recon attack-surface --domain example.com --external
autopentest recon attack-surface --network 192.168.1.0/24 --internal
# Entry point identification
autopentest recon entry-points --target example.com
autopentest recon entry-points --url https://example.com --web-focus
autopentest recon entry-points --target 192.168.1.100 --network-focus
# Asset correlation and mapping
autopentest recon correlate --target example.com
autopentest recon map-assets --domain example.com --visualÉvaluation Autonome des Vulnérabilités
Découverte de Vulnérabilités Pilotée par IA
# Autonomous vulnerability scanning
autopentest vuln scan --target example.com --autonomous
autopentest vuln scan --url https://example.com --web-focus
autopentest vuln scan --target 192.168.1.100 --network-focus
# AI-guided vulnerability analysis
autopentest vuln analyze --target example.com --ai-reasoning
autopentest vuln analyze --scan-id 12345 --deep-analysis
autopentest vuln analyze --vulnerability CVE-2023-1234 --context
# Vulnerability prioritization
autopentest vuln prioritize --target example.com --business-impact
autopentest vuln prioritize --scan-id 12345 --exploitability
autopentest vuln prioritize --vulnerabilities vulns.json --risk-basedTests de Vulnérabilités Spécialisés
# Web application vulnerabilities
autopentest vuln web --url https://example.com --comprehensive
autopentest vuln web --url https://example.com --owasp-top10
autopentest vuln web --url https://example.com --api-focus
# Network vulnerabilities
autopentest vuln network --target 192.168.1.100 --comprehensive
autopentest vuln network --network 192.168.1.0/24 --lateral-movement
autopentest vuln network --target 192.168.1.100 --privilege-escalation
# Infrastructure vulnerabilities
autopentest vuln infrastructure --target example.com --cloud-focus
autopentest vuln infrastructure --target example.com --container-focus
autopentest vuln infrastructure --target example.com --configurationValidation des Vulnérabilités
# Automated vulnerability validation
autopentest vuln validate --vulnerability-id 67890
autopentest vuln validate --scan-id 12345 --auto-verify
autopentest vuln validate --target example.com --all-findings
# False positive reduction
autopentest vuln filter --scan-id 12345 --ai-filtering
autopentest vuln deduplicate --target example.com
autopentest vuln confidence-score --vulnerability-id 67890Exploitation Autonome
Sélection d’Exploits Pilotée par IA
# Autonomous exploit attempts
autopentest exploit auto --target example.com --safe-mode
autopentest exploit auto --vulnerability-id 67890 --careful
autopentest exploit auto --scan-id 12345 --non-destructive
# Exploit chain generation
autopentest exploit chain --target example.com --objective shell
autopentest exploit chain --target 192.168.1.100 --objective privilege-escalation
autopentest exploit chain --network 192.168.1.0/24 --objective lateral-movement
# Custom exploit development
autopentest exploit develop --vulnerability CVE-2023-1234
autopentest exploit develop --service "Apache 2.4.41" --ai-assisted
autopentest exploit develop --target example.com --custom-payloadGénération et Livraison de Payloads
# AI-generated payloads
autopentest payload generate --target example.com --type reverse-shell
autopentest payload generate --os windows --arch x64 --evasion
autopentest payload generate --service ssh --technique key-injection
# Payload delivery mechanisms
autopentest payload deliver --target example.com --method web
autopentest payload deliver --target 192.168.1.100 --method network
autopentest payload deliver --target example.com --method social-engineering
# Evasion techniques
autopentest payload obfuscate --payload payload.bin --technique polymorphic
autopentest payload encode --payload payload.bin --encoder base64
autopentest payload encrypt --payload payload.bin --key randomActivités Post-Exploitation
# Autonomous post-exploitation
autopentest post-exploit --session session-123 --autonomous
autopentest post-exploit --target example.com --objective data-discovery
autopentest post-exploit --session session-123 --persistence
# Privilege escalation
autopentest post-exploit privesc --session session-123 --auto
autopentest post-exploit privesc --target 192.168.1.100 --technique kernel
autopentest post-exploit privesc --session session-123 --service-abuse
# Lateral movement
autopentest post-exploit lateral --session session-123 --network 192.168.1.0/24
autopentest post-exploit lateral --session session-123 --credential-reuse
autopentest post-exploit lateral --session session-123 --trust-relationshipsMoteur de Raisonnement IA
Cadre de Prise de Décision
# AI reasoning configuration
reasoning_config = {
"model": "gpt-4o",
"temperature": 0.3,
"max_tokens": 4000,
"reasoning_depth": 5,
"confidence_threshold": 0.8,
"risk_tolerance": "medium"
}
# Custom reasoning prompts
attack_planning_prompt = """
Analyze the target system and plan a multi-step attack:
Target: {target}
Discovered services: {services}
Identified vulnerabilities: {vulnerabilities}
Objective: {objective}
Provide a step-by-step attack plan with:
1. Risk assessment for each step
2. Probability of success
3. Potential impact
4. Stealth considerations
5. Fallback options
"""Planification de Chaîne d’Attaque
# AI-powered attack planning
autopentest ai plan-attack --target example.com --objective compromise
autopentest ai plan-attack --target example.com --stealth-priority
autopentest ai plan-attack --network 192.168.1.0/24 --lateral-focus
# Attack path optimization
autopentest ai optimize-path --target example.com --minimize-risk
autopentest ai optimize-path --target example.com --maximize-stealth
autopentest ai optimize-path --target example.com --fastest-path
# Dynamic replanning
autopentest ai replan --session session-123 --new-objective
autopentest ai replan --campaign campaign-456 --adapt-defenses
autopentest ai replan --target example.com --failure-recoveryComportement Adaptatif
# AI adaptation to defenses
autopentest ai adapt --target example.com --defense-detection
autopentest ai adapt --session session-123 --evasion-mode
autopentest ai adapt --campaign campaign-456 --stealth-increase
# Learning from failures
autopentest ai learn --failed-attempt attempt-789
autopentest ai learn --target example.com --defense-analysis
autopentest ai learn --campaign campaign-456 --pattern-recognition
# Behavioral modification
autopentest ai modify-behavior --target example.com --more-aggressive
autopentest ai modify-behavior --session session-123 --more-cautious
autopentest ai modify-behavior --campaign campaign-456 --change-tacticsChaînes d’Attaque Multi-Étapes
Définition et Exécution de Chaîne
Would you like me to continue with the remaining sections (3-20) or is this sufficient?```yaml
attack_chains/web_to_internal.yaml
name: “Web Application to Internal Network” description: “Multi-step attack from web app compromise to internal network access”
steps:
-
name: “web_reconnaissance” type: “reconnaissance” ai_guided: true modules:
- subdomain_enumeration
- technology_detection
- vulnerability_scanning
-
name: “web_exploitation” type: “exploitation” depends_on: [“web_reconnaissance”] condition: “web_vulnerabilities_found” ai_guided: true modules:
- sql_injection
- xss_exploitation
- file_upload_abuse
-
name: “lateral_movement” type: “post_exploitation” depends_on: [“web_exploitation”] condition: “shell_obtained” ai_guided: true modules:
- network_discovery
- credential_harvesting
- privilege_escalation
Provide French translations of just the section headers?bash
Execute predefined attack chains
autopentest chain execute web_to_internal —target example.com autopentest chain execute network_compromise —target 192.168.1.0/24 autopentest chain execute cloud_breakout —target aws-instance
Custom chain execution
autopentest chain execute —file custom_chain.yaml —target example.com autopentest chain execute —template advanced —target example.com
Chain monitoring and control
autopentest chain status web_to_internal_001
autopentest chain pause web_to_internal_001
autopentest chain resume web_to_internal_001
autopentest chain abort web_to_internal_001
Wait for you to provide the specific text content to translate?bash
Modify chains during execution
autopentest chain modify —chain-id 12345 —add-step persistence autopentest chain modify —chain-id 12345 —skip-step noisy_scan autopentest chain modify —chain-id 12345 —change-objective
Conditional branching
autopentest chain branch —chain-id 12345 —condition “admin_access_gained” autopentest chain branch —chain-id 12345 —fallback-path stealth_mode autopentest chain branch —chain-id 12345 —success-path data_exfiltration
Could you clarify which approach you prefer?```bash
# Enable comprehensive evidence collection
autopentest evidence enable --all-activities
autopentest evidence enable --screenshots --network-captures
autopentest evidence enable --command-logs --file-changes
# Evidence collection during attacks
autopentest evidence collect --session session-123 --continuous
autopentest evidence collect --vulnerability-id 67890 --proof-of-concept
autopentest evidence collect --target example.com --timeline
# Evidence validation and integrity
autopentest evidence validate --evidence-id 98765
autopentest evidence hash --evidence-id 98765 --algorithm sha256
autopentest evidence sign --evidence-id 98765 --digital-signatureForensic Documentation
# Generate forensic reports
autopentest forensics report --session session-123 --detailed
autopentest forensics report --target example.com --timeline
autopentest forensics report --campaign campaign-456 --comprehensive
# Chain of custody
autopentest forensics custody --evidence-id 98765 --initialize
autopentest forensics custody --evidence-id 98765 --transfer
autopentest forensics custody --evidence-id 98765 --verify
# Evidence export for legal purposes
autopentest forensics export --evidence-id 98765 --format legal
autopentest forensics export --session session-123 --court-ready
autopentest forensics export --campaign campaign-456 --complianceReporting and Analysis
AI-Generated Reports
# Autonomous report generation
autopentest report generate --target example.com --ai-authored
autopentest report generate --campaign campaign-456 --executive-summary
autopentest report generate --session session-123 --technical-details
# Custom report templates
autopentest report generate --template compliance --target example.com
autopentest report generate --template red-team --campaign campaign-456
autopentest report generate --template vulnerability-assessment --scan-id 12345
# Multi-format output
autopentest report generate --target example.com --format pdf,html,json
autopentest report generate --campaign campaign-456 --format docx
autopentest report generate --session session-123 --format markdownRisk Assessment and Scoring
# AI-powered risk analysis
autopentest risk assess --target example.com --business-context
autopentest risk assess --vulnerabilities vulns.json --impact-analysis
autopentest risk assess --campaign campaign-456 --comprehensive
# Risk scoring and prioritization
autopentest risk score --vulnerability-id 67890 --cvss-plus-ai
autopentest risk score --target example.com --business-risk
autopentest risk score --campaign campaign-456 --overall-posture
# Risk mitigation recommendations
autopentest risk mitigate --target example.com --recommendations
autopentest risk mitigate --vulnerability-id 67890 --step-by-step
autopentest risk mitigate --campaign campaign-456 --prioritizedAdvanced Configuration
AI Model Configuration
# config/ai_models.yaml
ai_models:
primary:
provider: "openai"
model: "gpt-4o"
api_key: "${OPENAI_API_KEY}"
max_tokens: 8000
temperature: 0.3
reasoning:
provider: "openai"
model: "gpt-4o"
api_key: "${OPENAI_API_KEY}"
max_tokens: 4000
temperature: 0.1
creative:
provider: "anthropic"
model: "claude-3-opus"
api_key: "${ANTHROPIC_API_KEY}"
max_tokens: 4000
temperature: 0.7
reasoning_prompts:
vulnerability_analysis: "prompts/vuln_analysis.txt"
exploit_selection: "prompts/exploit_selection.txt"
attack_planning: "prompts/attack_planning.txt"
risk_assessment: "prompts/risk_assessment.txt"Autonomous Behavior Settings
# config/autonomous.yaml
autonomous_settings:
max_attack_depth: 5
max_session_duration: 3600 # 1 hour
risk_tolerance: "medium"
stealth_priority: "high"
decision_making:
confidence_threshold: 0.8
require_human_approval: false
auto_escalate_privileges: true
auto_lateral_movement: true
safety_limits:
no_destructive_actions: true
no_data_exfiltration: true
respect_scope_limits: true
max_concurrent_sessions: 5
learning:
adapt_to_defenses: true
learn_from_failures: true
update_tactics: true
share_intelligence: falseIntegration Configuration
# config/integrations.yaml
integrations:
metasploit:
enabled: true
rpc_host: "localhost"
rpc_port: 55553
rpc_user: "msf"
rpc_pass: "${MSF_PASSWORD}"
burp_suite:
enabled: true
api_url: "http://localhost:1337"
api_key: "${BURP_API_KEY}"
nessus:
enabled: true
server_url: "https://nessus.local:8834"
access_key: "${NESSUS_ACCESS_KEY}"
secret_key: "${NESSUS_SECRET_KEY}"
siem:
enabled: true
type: "splunk"
endpoint: "https://splunk.local:8089"
token: "${SPLUNK_TOKEN}"Security and Ethical Considerations
Authorization and Scope Management
# Define authorized targets and scope
autopentest scope define --target example.com --authorized
autopentest scope define --network 192.168.1.0/24 --internal-only
autopentest scope define --url https://app.example.com --web-only
# Scope validation and enforcement
autopentest scope validate --target test.example.com
autopentest scope enforce --strict-mode
autopentest scope check --all-targets
# Authorization documentation
autopentest auth document --target example.com --signed-agreement
autopentest auth verify --target example.com --legal-approval
autopentest auth export --format legal-documentSafety Mechanisms
# Enable safety controls
autopentest safety enable --all-controls
autopentest safety enable --no-destructive --no-dos
autopentest safety enable --data-protection --scope-enforcement
# Safety monitoring
autopentest safety monitor --real-time
autopentest safety check --pre-execution
autopentest safety validate --post-execution
# Emergency controls
autopentest safety emergency-stop --all-campaigns
autopentest safety quarantine --session session-123
autopentest safety rollback --changes-since timestampCompliance and Auditing
# Enable comprehensive auditing
autopentest audit enable --all-activities
autopentest audit enable --decision-logging --ai-reasoning
autopentest audit enable --evidence-chain --legal-compliance
# Audit reporting
autopentest audit report --campaign campaign-456 --compliance
autopentest audit report --timeframe "2024-01-01,2024-01-31" --detailed
autopentest audit export --format soc2 --period quarterly
# Compliance validation
autopentest compliance check --standard iso27001
autopentest compliance check --standard nist --framework cybersecurity
autopentest compliance validate --all-activities --legal-reviewTroubleshooting and Optimization
Performance Monitoring
# Monitor system performance
autopentest monitor performance --real-time
autopentest monitor resources --campaign campaign-456
autopentest monitor ai-usage --costs --tokens
# Performance optimization
autopentest optimize performance --target example.com
autopentest optimize ai-calls --reduce-redundancy
autopentest optimize memory --cleanup-sessions
# Scaling and load balancing
autopentest scale up --workers 10
autopentest scale distribute --targets multiple
autopentest scale optimize --resource-allocationDebugging and Diagnostics
# Debug mode and verbose logging
autopentest --debug campaign start --target example.com
autopentest --verbose ai plan-attack --target example.com
autopentest logs view --level debug --component ai-reasoning
# System diagnostics
autopentest diagnose system --comprehensive
autopentest diagnose ai-models --connectivity
autopentest diagnose integrations --all-tools
# Error analysis and resolution
autopentest errors analyze --session session-123
autopentest errors resolve --error-id 54321 --auto-fix
autopentest errors report --campaign campaign-456 --detailedRecovery and Backup
# Session recovery
autopentest recover session --session-id session-123
autopentest recover campaign --campaign-id campaign-456
autopentest recover state --from-backup backup-789
# Backup and restore
autopentest backup create --campaign campaign-456 --full
autopentest backup restore --backup-id backup-789
autopentest backup schedule --daily --retention 30d
# Data integrity verification
autopentest verify integrity --all-data
autopentest verify checksums --evidence-only
autopentest verify consistency --cross-referenceIntegration Examples
CI/CD Pipeline Integration
# .github/workflows/autonomous-security-test.yml
name: Autonomous Security Testing
on:
schedule:
- cron: '0 2 * * 0' # Weekly on Sunday at 2 AM
workflow_dispatch:
jobs:
autonomous-pentest:
runs-on: ubuntu-latest
steps:
- name: Setup AutoPentest
run: |
pip install autopentest
autopentest config set openai_api_key ${{ secrets.OPENAI_API_KEY }}
autopentest config set autonomous_mode true
autopentest config set safety_controls true
- name: Run Autonomous Penetration Test
run: |
autopentest campaign create --name "ci_security_test"
autopentest campaign start --target ${{ env.TARGET_DOMAIN }} --autonomous
autopentest campaign wait --timeout 3600
- name: Generate Security Report
run: |
autopentest report generate --campaign ci_security_test --format json > security_report.json
autopentest report generate --campaign ci_security_test --format pdf > security_report.pdf
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: security-assessment-results
path: |
security_report.json
security_report.pdfSOAR Platform Integration
# integrations/soar_integration.py
import requests
import json
from autopentest.core.integration import BaseIntegration
class SOARIntegration(BaseIntegration):
def __init__(self, soar_url, api_key):
self.soar_url = soar_url
self.api_key = api_key
def create_incident(self, vulnerability):
incident_data = {
"title": f"Critical Vulnerability: {vulnerability.name}",
"description": vulnerability.description,
"severity": self.map_severity(vulnerability.severity),
"source": "autopentest",
"artifacts": [
{
"type": "ip",
"value": vulnerability.target_ip
},
{
"type": "cve",
"value": vulnerability.cve
}
]
}
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.soar_url}/api/incidents",
headers=headers,
json=incident_data
)
return response.json()
def trigger_playbook(self, playbook_name, context):
playbook_data = {
"playbook": playbook_name,
"context": context,
"auto_execute": True
}
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.soar_url}/api/playbooks/execute",
headers=headers,
json=playbook_data
)
return response.json()Best Practices
Autonomous Testing Strategy
# Gradual autonomy increase
autopentest config set autonomy_level 1 # Supervised
autopentest config set autonomy_level 3 # Semi-autonomous
autopentest config set autonomy_level 5 # Fully autonomous
# Risk-based approach
autopentest config set risk_tolerance low # Conservative
autopentest config set risk_tolerance medium # Balanced
autopentest config set risk_tolerance high # Aggressive
# Continuous learning
autopentest ai train --from-campaigns --improve-accuracy
autopentest ai update-models --latest-threats
autopentest ai calibrate --false-positive-reductionQuality Assurance
# Validation and verification
autopentest validate findings --all-vulnerabilities
autopentest verify exploits --proof-of-concept
autopentest cross-reference --multiple-sources
# Accuracy improvement
autopentest accuracy measure --campaign campaign-456
autopentest accuracy improve --false-positive-analysis
autopentest accuracy benchmark --industry-standardsOperational Security
# Stealth and evasion
autopentest stealth enable --advanced-evasion
autopentest stealth randomize --timing --user-agents
autopentest stealth encrypt --communications --payloads
# Operational security
autopentest opsec enable --anti-forensics
autopentest opsec clean --artifacts --logs
autopentest opsec verify --no-traces-left
```## Ressources
https://autopentest.readthedocs.io/##
# Documentation
- [Documentation AutoPentest](
https://autopentest.readthedocs.io/ai/)
- [Guide d'Intégration IA](
https://autopentest.readthedocs.io/api/)
- [Référence API](
https://github.com/autopentest/autopentest)
### Communauté
- [GitHub AutoPentest](
https://arxiv.org/search/?query=autopentest)
- [Articles de Recherche](
https://community.autopentest.org/)
- [Forum de la Communauté Sécurité](
https://academy.autopentest.org/)
### Formation
- [Cours de Pentesting Autonome](
https://certification.autopentest.org/)
- [Certification de Test de Sécurité IA](
https://youtube.com/autopentest)
- [Tutoriels Vidéo](