Feuille de Cheat AutoPentest
Aperçu général
AutoPentest est un système autonome de test de pénétration en boîte noire alimenté par GPT-4o et LangChain qui peut exécuter des chaînes d'attaque en plusieurs étapes sans intervention humaine. Il combine le raisonnement avancé de l'IA avec les outils traditionnels de test de sécurité pour effectuer des évaluations de sécurité complètes, la découverte de vulnérabilité et les tentatives d'exploitation.
C'est pas vrai. Attention: Outil de test de pénétration autonome. Utilisez seulement sur les systèmes que vous possédez ou avez l'autorisation écrite explicite de tester.
Installation
Préalables
# System requirements
python3 --version # Python 3.9+
pip3 --version
git --version
docker --version
# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y nmap masscan gobuster nikto sqlmap metasploit-framework
# Install Node.js for some modules
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt install -y nodejs
Méthodes d'installation
# Method 1: Git clone and setup
git clone https://github.com/autopentest/autopentest.git
cd autopentest
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install additional dependencies
pip install langchain openai anthropic
pip install python-nmap python-masscan
pip install requests beautifulsoup4 selenium
# Method 2: Docker installation
docker pull autopentest/autopentest:latest
docker run -it --rm -v $(pwd)/results:/app/results autopentest/autopentest:latest
# Method 3: PyPI installation (if available)
pip install autopentest
```_
### Configuration Configuration
```bash
# Create configuration directory
mkdir -p ~/.autopentest/config
mkdir -p ~/.autopentest/modules
mkdir -p ~/.autopentest/reports
mkdir -p ~/.autopentest/evidence
# Initialize configuration
autopentest init
# Configure AI models
autopentest config set openai_api_key "your-openai-api-key"
autopentest config set openai_model "gpt-4o"
autopentest config set anthropic_api_key "your-anthropic-key"
# Set operational parameters
autopentest config set max_attack_depth 5
autopentest config set autonomous_mode true
autopentest config set evidence_collection true
```_
## Commandes de base
### Opérations de base
```bash
# Display help and version
autopentest --help
autopentest --version
autopentest modules list
# Quick autonomous scan
autopentest scan --target example.com --autonomous
autopentest scan --target 192.168.1.100 --quick
# Full autonomous penetration test
autopentest pentest --target example.com --full
autopentest pentest --network 192.168.1.0/24 --autonomous
# Check system status
autopentest status
autopentest health-check
Gestion des objectifs
# Add and manage targets
autopentest target add --host example.com
autopentest target add --network 192.168.1.0/24
autopentest target add --url https://app.example.com
# Target information gathering
autopentest target info example.com
autopentest target list --active
autopentest target remove example.com
# Import targets from various sources
autopentest target import --nmap scan.xml
autopentest target import --file targets.txt
autopentest target import --shodan-query "apache"
Gestion des campagnes
# Create and manage campaigns
autopentest campaign create --name "client_assessment"
autopentest campaign list
autopentest campaign switch client_assessment
# Campaign configuration
autopentest campaign config --max-duration 24h
autopentest campaign config --attack-intensity medium
autopentest campaign config --stealth-mode true
# Campaign execution
autopentest campaign start --target example.com
autopentest campaign status
autopentest campaign pause
autopentest campaign resume
autopentest campaign stop
Reconnaissance autonome
Collecte d'information conduite par l'IA
# Autonomous OSINT collection
autopentest recon osint --target example.com --autonomous
autopentest recon osint --company "Example Corp" --deep
autopentest recon osint --domain example.com --social-media
# Subdomain discovery with AI
autopentest recon subdomains --domain example.com --ai-enhanced
autopentest recon subdomains --domain example.com --recursive --depth 3
autopentest recon subdomains --domain example.com --wordlist-generation
# Port and service discovery
autopentest recon ports --target example.com --ai-prioritized
autopentest recon services --target 192.168.1.100 --fingerprint
autopentest recon services --network 192.168.1.0/24 --fast
Analyse des piles technologiques
# Web technology identification
autopentest recon tech-stack --url https://example.com
autopentest recon tech-stack --target example.com --comprehensive
autopentest recon tech-stack --url https://example.com --ai-analysis
# Framework and CMS detection
autopentest recon cms --url https://example.com
autopentest recon frameworks --target example.com
autopentest recon libraries --url https://example.com --version-check
# Infrastructure analysis
autopentest recon infrastructure --target example.com
autopentest recon cloud-services --domain example.com
autopentest recon cdn-analysis --url https://example.com
Cartographie de surface des attaques
# Comprehensive attack surface discovery
autopentest recon attack-surface --target example.com --full
autopentest recon attack-surface --domain example.com --external
autopentest recon attack-surface --network 192.168.1.0/24 --internal
# Entry point identification
autopentest recon entry-points --target example.com
autopentest recon entry-points --url https://example.com --web-focus
autopentest recon entry-points --target 192.168.1.100 --network-focus
# Asset correlation and mapping
autopentest recon correlate --target example.com
autopentest recon map-assets --domain example.com --visual
Évaluation de la vulnérabilité autonome
Vulnérabilité alimentée par l'IA Découverte
# Autonomous vulnerability scanning
autopentest vuln scan --target example.com --autonomous
autopentest vuln scan --url https://example.com --web-focus
autopentest vuln scan --target 192.168.1.100 --network-focus
# AI-guided vulnerability analysis
autopentest vuln analyze --target example.com --ai-reasoning
autopentest vuln analyze --scan-id 12345 --deep-analysis
autopentest vuln analyze --vulnerability CVE-2023-1234 --context
# Vulnerability prioritization
autopentest vuln prioritize --target example.com --business-impact
autopentest vuln prioritize --scan-id 12345 --exploitability
autopentest vuln prioritize --vulnerabilities vulns.json --risk-based
Essais spécialisés de vulnérabilité
# Web application vulnerabilities
autopentest vuln web --url https://example.com --comprehensive
autopentest vuln web --url https://example.com --owasp-top10
autopentest vuln web --url https://example.com --api-focus
# Network vulnerabilities
autopentest vuln network --target 192.168.1.100 --comprehensive
autopentest vuln network --network 192.168.1.0/24 --lateral-movement
autopentest vuln network --target 192.168.1.100 --privilege-escalation
# Infrastructure vulnerabilities
autopentest vuln infrastructure --target example.com --cloud-focus
autopentest vuln infrastructure --target example.com --container-focus
autopentest vuln infrastructure --target example.com --configuration
Validation de la vulnérabilité
# Automated vulnerability validation
autopentest vuln validate --vulnerability-id 67890
autopentest vuln validate --scan-id 12345 --auto-verify
autopentest vuln validate --target example.com --all-findings
# False positive reduction
autopentest vuln filter --scan-id 12345 --ai-filtering
autopentest vuln deduplicate --target example.com
autopentest vuln confidence-score --vulnerability-id 67890
Exploitation autonome
Sélection AI-Drived Exploit
# Autonomous exploit attempts
autopentest exploit auto --target example.com --safe-mode
autopentest exploit auto --vulnerability-id 67890 --careful
autopentest exploit auto --scan-id 12345 --non-destructive
# Exploit chain generation
autopentest exploit chain --target example.com --objective shell
autopentest exploit chain --target 192.168.1.100 --objective privilege-escalation
autopentest exploit chain --network 192.168.1.0/24 --objective lateral-movement
# Custom exploit development
autopentest exploit develop --vulnerability CVE-2023-1234
autopentest exploit develop --service "Apache 2.4.41" --ai-assisted
autopentest exploit develop --target example.com --custom-payload
Production et livraison de charges utiles
# AI-generated payloads
autopentest payload generate --target example.com --type reverse-shell
autopentest payload generate --os windows --arch x64 --evasion
autopentest payload generate --service ssh --technique key-injection
# Payload delivery mechanisms
autopentest payload deliver --target example.com --method web
autopentest payload deliver --target 192.168.1.100 --method network
autopentest payload deliver --target example.com --method social-engineering
# Evasion techniques
autopentest payload obfuscate --payload payload.bin --technique polymorphic
autopentest payload encode --payload payload.bin --encoder base64
autopentest payload encrypt --payload payload.bin --key random
Après exploitation Activités
# Autonomous post-exploitation
autopentest post-exploit --session session-123 --autonomous
autopentest post-exploit --target example.com --objective data-discovery
autopentest post-exploit --session session-123 --persistence
# Privilege escalation
autopentest post-exploit privesc --session session-123 --auto
autopentest post-exploit privesc --target 192.168.1.100 --technique kernel
autopentest post-exploit privesc --session session-123 --service-abuse
# Lateral movement
autopentest post-exploit lateral --session session-123 --network 192.168.1.0/24
autopentest post-exploit lateral --session session-123 --credential-reuse
autopentest post-exploit lateral --session session-123 --trust-relationships
Moteur de raisonnement AI
Cadre décisionnel
# AI reasoning configuration
reasoning_config = {
"model": "gpt-4o",
"temperature": 0.3,
"max_tokens": 4000,
"reasoning_depth": 5,
"confidence_threshold": 0.8,
"risk_tolerance": "medium"
}
# Custom reasoning prompts
attack_planning_prompt = """
Analyze the target system and plan a multi-step attack:
Target: {target}
Discovered services: {services}
Identified vulnerabilities: {vulnerabilities}
Objective: {objective}
Provide a step-by-step attack plan with:
1. Risk assessment for each step
2. Probability of success
3. Potential impact
4. Stealth considerations
5. Fallback options
"""
Planification de la chaîne d'attaque
# AI-powered attack planning
autopentest ai plan-attack --target example.com --objective compromise
autopentest ai plan-attack --target example.com --stealth-priority
autopentest ai plan-attack --network 192.168.1.0/24 --lateral-focus
# Attack path optimization
autopentest ai optimize-path --target example.com --minimize-risk
autopentest ai optimize-path --target example.com --maximize-stealth
autopentest ai optimize-path --target example.com --fastest-path
# Dynamic replanning
autopentest ai replan --session session-123 --new-objective
autopentest ai replan --campaign campaign-456 --adapt-defenses
autopentest ai replan --target example.com --failure-recovery
Comportement adapté
# AI adaptation to defenses
autopentest ai adapt --target example.com --defense-detection
autopentest ai adapt --session session-123 --evasion-mode
autopentest ai adapt --campaign campaign-456 --stealth-increase
# Learning from failures
autopentest ai learn --failed-attempt attempt-789
autopentest ai learn --target example.com --defense-analysis
autopentest ai learn --campaign campaign-456 --pattern-recognition
# Behavioral modification
autopentest ai modify-behavior --target example.com --more-aggressive
autopentest ai modify-behavior --session session-123 --more-cautious
autopentest ai modify-behavior --campaign campaign-456 --change-tactics
Chaînes d'attaque multi-étapes
Définition et exécution de la chaîne
# attack_chains/web_to_internal.yaml
name: "Web Application to Internal Network"
description: "Multi-step attack from web app compromise to internal network access"
steps:
- name: "web_reconnaissance"
type: "reconnaissance"
ai_guided: true
modules:
- subdomain_enumeration
- technology_detection
- vulnerability_scanning
- name: "web_exploitation"
type: "exploitation"
depends_on: ["web_reconnaissance"]
condition: "web_vulnerabilities_found"
ai_guided: true
modules:
- sql_injection
- xss_exploitation
- file_upload_abuse
- name: "lateral_movement"
type: "post_exploitation"
depends_on: ["web_exploitation"]
condition: "shell_obtained"
ai_guided: true
modules:
- network_discovery
- credential_harvesting
- privilege_escalation
Commandes d'exécution en chaîne
# Execute predefined attack chains
autopentest chain execute web_to_internal --target example.com
autopentest chain execute network_compromise --target 192.168.1.0/24
autopentest chain execute cloud_breakout --target aws-instance
# Custom chain execution
autopentest chain execute --file custom_chain.yaml --target example.com
autopentest chain execute --template advanced --target example.com
# Chain monitoring and control
autopentest chain status web_to_internal_001
autopentest chain pause web_to_internal_001
autopentest chain resume web_to_internal_001
autopentest chain abort web_to_internal_001
Modification de la chaîne dynamique
# Modify chains during execution
autopentest chain modify --chain-id 12345 --add-step persistence
autopentest chain modify --chain-id 12345 --skip-step noisy_scan
autopentest chain modify --chain-id 12345 --change-objective
# Conditional branching
autopentest chain branch --chain-id 12345 --condition "admin_access_gained"
autopentest chain branch --chain-id 12345 --fallback-path stealth_mode
autopentest chain branch --chain-id 12345 --success-path data_exfiltration
Collecte de preuves et documentation
Collecte automatisée de preuves
# Enable comprehensive evidence collection
autopentest evidence enable --all-activities
autopentest evidence enable --screenshots --network-captures
autopentest evidence enable --command-logs --file-changes
# Evidence collection during attacks
autopentest evidence collect --session session-123 --continuous
autopentest evidence collect --vulnerability-id 67890 --proof-of-concept
autopentest evidence collect --target example.com --timeline
# Evidence validation and integrity
autopentest evidence validate --evidence-id 98765
autopentest evidence hash --evidence-id 98765 --algorithm sha256
autopentest evidence sign --evidence-id 98765 --digital-signature
Documentation médico-légale
# Generate forensic reports
autopentest forensics report --session session-123 --detailed
autopentest forensics report --target example.com --timeline
autopentest forensics report --campaign campaign-456 --comprehensive
# Chain of custody
autopentest forensics custody --evidence-id 98765 --initialize
autopentest forensics custody --evidence-id 98765 --transfer
autopentest forensics custody --evidence-id 98765 --verify
# Evidence export for legal purposes
autopentest forensics export --evidence-id 98765 --format legal
autopentest forensics export --session session-123 --court-ready
autopentest forensics export --campaign campaign-456 --compliance
Rapports et analyse
Rapports générés par l'IA
# Autonomous report generation
autopentest report generate --target example.com --ai-authored
autopentest report generate --campaign campaign-456 --executive-summary
autopentest report generate --session session-123 --technical-details
# Custom report templates
autopentest report generate --template compliance --target example.com
autopentest report generate --template red-team --campaign campaign-456
autopentest report generate --template vulnerability-assessment --scan-id 12345
# Multi-format output
autopentest report generate --target example.com --format pdf,html,json
autopentest report generate --campaign campaign-456 --format docx
autopentest report generate --session session-123 --format markdown
Évaluation et notation des risques
# AI-powered risk analysis
autopentest risk assess --target example.com --business-context
autopentest risk assess --vulnerabilities vulns.json --impact-analysis
autopentest risk assess --campaign campaign-456 --comprehensive
# Risk scoring and prioritization
autopentest risk score --vulnerability-id 67890 --cvss-plus-ai
autopentest risk score --target example.com --business-risk
autopentest risk score --campaign campaign-456 --overall-posture
# Risk mitigation recommendations
autopentest risk mitigate --target example.com --recommendations
autopentest risk mitigate --vulnerability-id 67890 --step-by-step
autopentest risk mitigate --campaign campaign-456 --prioritized
Configuration avancée
Configuration du modèle AI
# config/ai_models.yaml
ai_models:
primary:
provider: "openai"
model: "gpt-4o"
api_key: "${OPENAI_API_KEY}"
max_tokens: 8000
temperature: 0.3
reasoning:
provider: "openai"
model: "gpt-4o"
api_key: "${OPENAI_API_KEY}"
max_tokens: 4000
temperature: 0.1
creative:
provider: "anthropic"
model: "claude-3-opus"
api_key: "${ANTHROPIC_API_KEY}"
max_tokens: 4000
temperature: 0.7
reasoning_prompts:
vulnerability_analysis: "prompts/vuln_analysis.txt"
exploit_selection: "prompts/exploit_selection.txt"
attack_planning: "prompts/attack_planning.txt"
risk_assessment: "prompts/risk_assessment.txt"
Paramètres autonomes du comportement
# config/autonomous.yaml
autonomous_settings:
max_attack_depth: 5
max_session_duration: 3600 # 1 hour
risk_tolerance: "medium"
stealth_priority: "high"
decision_making:
confidence_threshold: 0.8
require_human_approval: false
auto_escalate_privileges: true
auto_lateral_movement: true
safety_limits:
no_destructive_actions: true
no_data_exfiltration: true
respect_scope_limits: true
max_concurrent_sessions: 5
learning:
adapt_to_defenses: true
learn_from_failures: true
update_tactics: true
share_intelligence: false
Configuration d'intégration
# config/integrations.yaml
integrations:
metasploit:
enabled: true
rpc_host: "localhost"
rpc_port: 55553
rpc_user: "msf"
rpc_pass: "${MSF_PASSWORD}"
burp_suite:
enabled: true
api_url: "http://localhost:1337"
api_key: "${BURP_API_KEY}"
nessus:
enabled: true
server_url: "https://nessus.local:8834"
access_key: "${NESSUS_ACCESS_KEY}"
secret_key: "${NESSUS_SECRET_KEY}"
siem:
enabled: true
type: "splunk"
endpoint: "https://splunk.local:8089"
token: "${SPLUNK_TOKEN}"
Sécurité et considérations éthiques
Autorisation et gestion de la portée
# Define authorized targets and scope
autopentest scope define --target example.com --authorized
autopentest scope define --network 192.168.1.0/24 --internal-only
autopentest scope define --url https://app.example.com --web-only
# Scope validation and enforcement
autopentest scope validate --target test.example.com
autopentest scope enforce --strict-mode
autopentest scope check --all-targets
# Authorization documentation
autopentest auth document --target example.com --signed-agreement
autopentest auth verify --target example.com --legal-approval
autopentest auth export --format legal-document
Mécanismes de sécurité
# Enable safety controls
autopentest safety enable --all-controls
autopentest safety enable --no-destructive --no-dos
autopentest safety enable --data-protection --scope-enforcement
# Safety monitoring
autopentest safety monitor --real-time
autopentest safety check --pre-execution
autopentest safety validate --post-execution
# Emergency controls
autopentest safety emergency-stop --all-campaigns
autopentest safety quarantine --session session-123
autopentest safety rollback --changes-since timestamp
Conformité et vérification
# Enable comprehensive auditing
autopentest audit enable --all-activities
autopentest audit enable --decision-logging --ai-reasoning
autopentest audit enable --evidence-chain --legal-compliance
# Audit reporting
autopentest audit report --campaign campaign-456 --compliance
autopentest audit report --timeframe "2024-01-01,2024-01-31" --detailed
autopentest audit export --format soc2 --period quarterly
# Compliance validation
autopentest compliance check --standard iso27001
autopentest compliance check --standard nist --framework cybersecurity
autopentest compliance validate --all-activities --legal-review
Dépannage et optimisation
Surveillance de la performance
# Monitor system performance
autopentest monitor performance --real-time
autopentest monitor resources --campaign campaign-456
autopentest monitor ai-usage --costs --tokens
# Performance optimization
autopentest optimize performance --target example.com
autopentest optimize ai-calls --reduce-redundancy
autopentest optimize memory --cleanup-sessions
# Scaling and load balancing
autopentest scale up --workers 10
autopentest scale distribute --targets multiple
autopentest scale optimize --resource-allocation
Débogue et diagnostic
# Debug mode and verbose logging
autopentest --debug campaign start --target example.com
autopentest --verbose ai plan-attack --target example.com
autopentest logs view --level debug --component ai-reasoning
# System diagnostics
autopentest diagnose system --comprehensive
autopentest diagnose ai-models --connectivity
autopentest diagnose integrations --all-tools
# Error analysis and resolution
autopentest errors analyze --session session-123
autopentest errors resolve --error-id 54321 --auto-fix
autopentest errors report --campaign campaign-456 --detailed
Récupération et sauvegarde
# Session recovery
autopentest recover session --session-id session-123
autopentest recover campaign --campaign-id campaign-456
autopentest recover state --from-backup backup-789
# Backup and restore
autopentest backup create --campaign campaign-456 --full
autopentest backup restore --backup-id backup-789
autopentest backup schedule --daily --retention 30d
# Data integrity verification
autopentest verify integrity --all-data
autopentest verify checksums --evidence-only
autopentest verify consistency --cross-reference
Exemples d'intégration
Intégration des pipelines CI/CD
# .github/workflows/autonomous-security-test.yml
name: Autonomous Security Testing
on:
schedule:
- cron: '0 2 * * 0' # Weekly on Sunday at 2 AM
workflow_dispatch:
jobs:
autonomous-pentest:
runs-on: ubuntu-latest
steps:
- name: Setup AutoPentest
run: |
pip install autopentest
autopentest config set openai_api_key ${{ secrets.OPENAI_API_KEY }}
autopentest config set autonomous_mode true
autopentest config set safety_controls true
- name: Run Autonomous Penetration Test
run: |
autopentest campaign create --name "ci_security_test"
autopentest campaign start --target ${{ env.TARGET_DOMAIN }} --autonomous
autopentest campaign wait --timeout 3600
- name: Generate Security Report
run: |
autopentest report generate --campaign ci_security_test --format json > security_report.json
autopentest report generate --campaign ci_security_test --format pdf > security_report.pdf
- name: Upload Results
uses: actions/upload-artifact@v3
with:
name: security-assessment-results
path: |
security_report.json
security_report.pdf
Intégration de la plateforme SOAR
# integrations/soar_integration.py
import requests
import json
from autopentest.core.integration import BaseIntegration
class SOARIntegration(BaseIntegration):
def __init__(self, soar_url, api_key):
self.soar_url = soar_url
self.api_key = api_key
def create_incident(self, vulnerability):
incident_data = {
"title": f"Critical Vulnerability: {vulnerability.name}",
"description": vulnerability.description,
"severity": self.map_severity(vulnerability.severity),
"source": "autopentest",
"artifacts": [
{
"type": "ip",
"value": vulnerability.target_ip
},
{
"type": "cve",
"value": vulnerability.cve
}
]
}
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.soar_url}/api/incidents",
headers=headers,
json=incident_data
)
return response.json()
def trigger_playbook(self, playbook_name, context):
playbook_data = {
"playbook": playbook_name,
"context": context,
"auto_execute": True
}
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.soar_url}/api/playbooks/execute",
headers=headers,
json=playbook_data
)
return response.json()
Meilleures pratiques
Stratégie d'essais autonomes
# Gradual autonomy increase
autopentest config set autonomy_level 1 # Supervised
autopentest config set autonomy_level 3 # Semi-autonomous
autopentest config set autonomy_level 5 # Fully autonomous
# Risk-based approach
autopentest config set risk_tolerance low # Conservative
autopentest config set risk_tolerance medium # Balanced
autopentest config set risk_tolerance high # Aggressive
# Continuous learning
autopentest ai train --from-campaigns --improve-accuracy
autopentest ai update-models --latest-threats
autopentest ai calibrate --false-positive-reduction
Assurance qualité
# Validation and verification
autopentest validate findings --all-vulnerabilities
autopentest verify exploits --proof-of-concept
autopentest cross-reference --multiple-sources
# Accuracy improvement
autopentest accuracy measure --campaign campaign-456
autopentest accuracy improve --false-positive-analysis
autopentest accuracy benchmark --industry-standards
Sécurité opérationnelle
# Stealth and evasion
autopentest stealth enable --advanced-evasion
autopentest stealth randomize --timing --user-agents
autopentest stealth encrypt --communications --payloads
# Operational security
autopentest opsec enable --anti-forensics
autopentest opsec clean --artifacts --logs
autopentest opsec verify --no-traces-left
Ressources
Documentation
- [Documentation de l'AutoPentest] (LINK_9)
- [Guide d'intégration de l'AI] (LINK_9)
- [Référence API] (LINK_9)
Communauté
- [AutoPentest GitHub] (LINK_9)
- [Documents de recherche] (LINK_9)
- [Forum communautaire sur la sécurité] (LINK_9)
Formation
- [Cours d'essai automatique] (LINK_9)
- Attestation d'essai de sécurité de l'AI
- [Tutoriels vidéo] (LINK_9)