ARACNE 치트 시트
개요
ARACNE (Autonomous Reconnaissance and Attack Coordination for Network Exploitation)는 SSH 서비스를 대상으로 하고 Linux 셸 환경을 자율적으로 탐색하고 악용하도록 특별히 설계된 LLM 기반 에이전트입니다. 대규모 언어 모델 추론을 기존의 침투 테스트 기법과 결합하여 SSH 접근 가능한 시스템에 정교한 공격을 수행합니다.
⚠️ 중요 경고: 고급 자율 악용 도구입니다. 소유하거나 명시적인 서면 승인을 받은 시스템에서만 사용하세요. 무단 사용은 불법입니다.
설치
필수 조건
# System requirements
python3 --version # Python 3.9+
pip3 --version
git --version
# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y openssh-client sshpass hydra nmap masscan
# Install additional security tools
sudo apt install -y john hashcat gobuster dirb nikto
sudo apt install -y metasploit-framework exploitdb설치 방법
# Method 1: Git clone and setup
git clone https://github.com/aracne-ai/aracne.git
cd aracne
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install LLM dependencies
pip install openai anthropic langchain
pip install transformers torch
pip install paramiko fabric pexpect
# Method 2: Docker installation
docker pull aracne/aracne:latest
docker run -it --rm -v $(pwd)/sessions:/app/sessions aracne/aracne:latest
# Method 3: PyPI installation (if available)
pip install aracne-agent구성 설정
# Create configuration directory
mkdir -p ~/.aracne/config
mkdir -p ~/.aracne/sessions
mkdir -p ~/.aracne/payloads
mkdir -p ~/.aracne/logs
# Initialize configuration
aracne init
# Configure LLM providers
aracne config set openai_api_key "your-openai-key"
aracne config set openai_model "gpt-4"
aracne config set anthropic_api_key "your-anthropic-key"
# Set operational parameters
aracne config set max_session_time 3600
aracne config set autonomous_mode true
aracne config set stealth_mode true
aracne config set evidence_collection true핵심 명령어
기본 작업
# Display help and version
aracne --help
aracne --version
aracne modules list
# Quick SSH reconnaissance
aracne recon ssh --target 192.168.1.100
aracne recon ssh --network 192.168.1.0/24
aracne recon ssh --target-list targets.txt
# SSH service analysis
aracne analyze ssh --target 192.168.1.100 --deep
aracne analyze ssh --target 192.168.1.100 --version-detection
aracne analyze ssh --target 192.168.1.100 --configuration-analysis
# System status and health
aracne status
aracne health-check
aracne modules status대상 관리
# Add SSH targets
aracne target add --host 192.168.1.100 --port 22
aracne target add --host example.com --port 2222
aracne target add --network 192.168.1.0/24 --ssh-only
# Target information and management
aracne target list --active
aracne target info 192.168.1.100
aracne target remove 192.168.1.100
# Import targets from various sources
aracne target import --nmap ssh_scan.xml
aracne target import --masscan masscan_results.txt
aracne target import --file ssh_targets.txt
# Target prioritization
aracne target prioritize --by vulnerability
aracne target prioritize --by accessibility
aracne target prioritize --custom-scoring세션 관리
# Create and manage attack sessions
aracne session create --target 192.168.1.100 --name "target_compromise"
aracne session list --active
aracne session switch target_compromise
# Session configuration
aracne session config --max-duration 2h
aracne session config --stealth-level high
aracne session config --logging-level verbose
# Session control
aracne session start --target 192.168.1.100
aracne session pause target_compromise
aracne session resume target_compromise
aracne session terminate target_compromiseSSH 정찰 및 분석
SSH 서비스 탐지
# Comprehensive SSH discovery
aracne discover ssh --network 192.168.1.0/24 --comprehensive
aracne discover ssh --target-list targets.txt --fast
aracne discover ssh --target 192.168.1.100 --deep-analysis
# SSH version and banner analysis
aracne analyze banner --target 192.168.1.100
aracne analyze version --target 192.168.1.100 --vulnerability-check
aracne analyze configuration --target 192.168.1.100 --security-assessment
# SSH algorithm and cipher analysis
aracne analyze algorithms --target 192.168.1.100
aracne analyze ciphers --target 192.168.1.100 --weak-crypto
aracne analyze kex --target 192.168.1.100 --security-analysisSSH 취약점 평가
# SSH-specific vulnerability scanning
aracne vuln scan-ssh --target 192.168.1.100 --comprehensive
aracne vuln scan-ssh --target 192.168.1.100 --known-exploits
aracne vuln scan-ssh --network 192.168.1.0/24 --quick
# Configuration vulnerability analysis
aracne vuln config --target 192.168.1.100 --misconfigurations
aracne vuln config --target 192.168.1.100 --weak-settings
aracne vuln config --target 192.168.1.100 --default-configs
# SSH implementation vulnerabilities
aracne vuln implementation --target 192.168.1.100 --version-specific
aracne vuln implementation --target 192.168.1.100 --buffer-overflows
aracne vuln implementation --target 192.168.1.100 --timing-attacks사용자 열거
# SSH user enumeration techniques
aracne enum users --target 192.168.1.100 --timing-based
aracne enum users --target 192.168.1.100 --error-based
aracne enum users --target 192.168.1.100 --comprehensive
# Username wordlist generation
aracne generate usernames --target 192.168.1.100 --context-aware
aracne generate usernames --company "Example Corp" --employees
aracne generate usernames --domain example.com --email-based
# User validation and verification
aracne validate users --target 192.168.1.100 --user-list users.txt
aracne validate users --target 192.168.1.100 --probabilistic
aracne validate users --target 192.168.1.100 --stealth-mode자율 SSH 악용
자격 증명 기반 공격
# Intelligent brute force attacks
aracne attack brute-force --target 192.168.1.100 --smart
aracne attack brute-force --target 192.168.1.100 --user admin --adaptive
aracne attack brute-force --target 192.168.1.100 --credential-stuffing
# Dictionary attacks with AI optimization
aracne attack dictionary --target 192.168.1.100 --ai-optimized
aracne attack dictionary --target 192.168.1.100 --context-aware
aracne attack dictionary --target 192.168.1.100 --pattern-learning
# Credential spraying
aracne attack spray --network 192.168.1.0/24 --common-passwords
aracne attack spray --target-list targets.txt --seasonal-passwords
aracne attack spray --targets multiple --lockout-aware키 기반 공격
# SSH key discovery and analysis
aracne keys discover --target 192.168.1.100 --web-crawling
aracne keys discover --target 192.168.1.100 --git-repositories
aracne keys discover --target 192.168.1.100 --configuration-files
# Private key attacks
aracne keys attack --target 192.168.1.100 --weak-keys
aracne keys attack --target 192.168.1.100 --default-keys
aracne keys attack --target 192.168.1.100 --cracking
# Key injection and manipulation
aracne keys inject --target 192.168.1.100 --authorized-keys
aracne keys manipulate --target 192.168.1.100 --key-replacement
aracne keys backdoor --target 192.168.1.100 --persistent-access프로토콜 수준 익스플로잇
# SSH protocol exploitation
aracne exploit protocol --target 192.168.1.100 --version-specific
aracne exploit protocol --target 192.168.1.100 --implementation-bugs
aracne exploit protocol --target 192.168.1.100 --timing-attacks
# Man-in-the-middle attacks
aracne exploit mitm --target 192.168.1.100 --arp-poisoning
aracne exploit mitm --target 192.168.1.100 --dns-spoofing
aracne exploit mitm --target 192.168.1.100 --certificate-manipulation
# Downgrade attacks
aracne exploit downgrade --target 192.168.1.100 --weak-algorithms
aracne exploit downgrade --target 192.168.1.100 --legacy-protocols
aracne exploit downgrade --target 192.168.1.100 --cipher-downgradeLinux 셸 악용
초기 접근 및 셸 설정
# Establish initial shell access
aracne shell establish --target 192.168.1.100 --method ssh
aracne shell establish --target 192.168.1.100 --credentials user:pass
aracne shell establish --target 192.168.1.100 --key-file private_key
# Shell upgrade and stabilization
aracne shell upgrade --session session-123 --interactive
aracne shell upgrade --session session-123 --pty
aracne shell upgrade --session session-123 --full-terminal
# Shell persistence mechanisms
aracne shell persist --session session-123 --cron-job
aracne shell persist --session session-123 --systemd-service
aracne shell persist --session session-123 --ssh-keys시스템 정찰
# Autonomous system enumeration
aracne recon system --session session-123 --comprehensive
aracne recon system --session session-123 --quick-wins
aracne recon system --session session-123 --stealth-mode
# User and privilege enumeration
aracne recon users --session session-123 --all-users
aracne recon users --session session-123 --privileged-users
aracne recon users --session session-123 --sudo-capabilities
# Network and service discovery
aracne recon network --session session-123 --internal-networks
aracne recon services --session session-123 --running-services
aracne recon processes --session session-123 --interesting-processes권한 상승
# Autonomous privilege escalation
aracne privesc auto --session session-123 --all-techniques
aracne privesc auto --session session-123 --kernel-exploits
aracne privesc auto --session session-123 --suid-binaries
# Specific escalation techniques
aracne privesc sudo --session session-123 --sudo-abuse
aracne privesc cron --session session-123 --cron-jobs
aracne privesc services --session session-123 --service-abuse
# Custom escalation strategies
aracne privesc custom --session session-123 --ai-guided
aracne privesc search --session session-123 --novel-techniques
aracne privesc exploit --session session-123 --zero-day측면 이동
# Network lateral movement
aracne lateral network --session session-123 --ssh-keys
aracne lateral network --session session-123 --credential-reuse
aracne lateral network --session session-123 --trust-relationships
# Service-based lateral movement
aracne lateral services --session session-123 --shared-services
aracne lateral services --session session-123 --database-access
aracne lateral services --session session-123 --file-shares
# Advanced lateral movement
aracne lateral advanced --session session-123 --kerberos
aracne lateral advanced --session session-123 --container-escape
aracne lateral advanced --session session-123 --cloud-metadataAI 기반 의사 결정
자율 추론 엔진
# AI reasoning configuration
reasoning_config = {
"model": "gpt-4",
"temperature": 0.2,
"max_tokens": 4000,
"reasoning_depth": 3,
"confidence_threshold": 0.85,
"exploration_factor": 0.3
}
# Custom reasoning prompts for SSH exploitation
ssh_analysis_prompt = """
Analyze the SSH service and system information:
Target: {target}
SSH Version: {ssh_version}
Available Users: {users}
System Information: {system_info}
Previous Attempts: {previous_attempts}
Determine the best exploitation strategy:
1. Most likely attack vectors
2. Probability of success for each
3. Stealth considerations
4. Risk assessment
5. Next steps recommendation
"""적응형 공격 전략
# AI-guided attack planning
aracne ai plan-attack --target 192.168.1.100 --objective shell-access
aracne ai plan-attack --session session-123 --objective privilege-escalation
aracne ai plan-attack --target 192.168.1.100 --stealth-priority
# Dynamic strategy adaptation
aracne ai adapt-strategy --session session-123 --defense-detected
aracne ai adapt-strategy --session session-123 --failure-analysis
aracne ai adapt-strategy --session session-123 --new-information
# Learning from interactions
aracne ai learn --session session-123 --command-responses
aracne ai learn --target 192.168.1.100 --defense-mechanisms
aracne ai learn --global --pattern-recognition지능형 명령어 생성```bash
AI-generated commands for exploration
aracne ai generate-commands —session session-123 —exploration aracne ai generate-commands —session session-123 —privilege-escalation aracne ai generate-commands —session session-123 —persistence
Context-aware command selection
aracne ai select-commands —session session-123 —current-context aracne ai select-commands —session session-123 —objective-focused aracne ai select-commands —session session-123 —stealth-optimized
Command effectiveness analysis
aracne ai analyze-effectiveness —session session-123 —command-history aracne ai analyze-effectiveness —session session-123 —success-patterns aracne ai analyze-effectiveness —session session-123 —failure-analysis
```bash
# Stealth mode operations
aracne stealth enable --session session-123 --advanced-evasion
aracne stealth timing --session session-123 --random-delays
aracne stealth obfuscation --session session-123 --command-obfuscation
# Anti-forensics techniques
aracne antiforensics enable --session session-123 --log-cleaning
aracne antiforensics timestamps --session session-123 --timestamp-manipulation
aracne antiforensics artifacts --session session-123 --artifact-removal
# Detection evasion
aracne evasion ids --session session-123 --ids-evasion
aracne evasion monitoring --session session-123 --monitoring-detection
aracne evasion behavioral --session session-123 --behavioral-mimicry
```### 은닉성과 회피
```bash
# Establish persistent access
aracne persist establish --session session-123 --multiple-methods
aracne persist establish --session session-123 --stealth-persistence
aracne persist establish --session session-123 --redundant-access
# Persistence validation and testing
aracne persist validate --session session-123 --all-methods
aracne persist test --session session-123 --reconnection-test
aracne persist monitor --session session-123 --persistence-health
# Persistence cleanup and removal
aracne persist cleanup --session session-123 --selective-removal
aracne persist remove --session session-123 --complete-cleanup
aracne persist verify-removal --session session-123 --forensic-check
```### 지속성 메커니즘
```bash
# Intelligent data discovery
aracne data discover --session session-123 --sensitive-files
aracne data discover --session session-123 --database-content
aracne data discover --session session-123 --configuration-files
# Data classification and prioritization
aracne data classify --session session-123 --ai-classification
aracne data prioritize --session session-123 --business-value
aracne data assess --session session-123 --sensitivity-analysis
# Secure data exfiltration
aracne data exfiltrate --session session-123 --encrypted-channel
aracne data exfiltrate --session session-123 --steganography
aracne data exfiltrate --session session-123 --covert-channels
```### 데이터 유출 및 수집
```bash
# Real-time session monitoring
aracne monitor session --session session-123 --real-time
aracne monitor activity --session session-123 --command-tracking
aracne monitor progress --session session-123 --objective-tracking
# Performance and resource monitoring
aracne monitor performance --session session-123 --resource-usage
aracne monitor network --session session-123 --traffic-analysis
aracne monitor system --session session-123 --system-impact
# Alert and notification system
aracne monitor alerts --session session-123 --critical-events
aracne monitor notifications --session session-123 --progress-updates
aracne monitor warnings --session session-123 --risk-indicators
```## 모니터링 및 로깅
```bash
# Enable detailed logging
aracne logging enable --session session-123 --comprehensive
aracne logging enable --session session-123 --ai-decisions
aracne logging enable --session session-123 --command-responses
# Log analysis and insights
aracne logging analyze --session session-123 --pattern-analysis
aracne logging analyze --session session-123 --success-factors
aracne logging analyze --session session-123 --failure-analysis
# Log export and reporting
aracne logging export --session session-123 --format json
aracne logging export --session session-123 --timeline-format
aracne logging export --session session-123 --forensic-format
```### 세션 모니터링
```bash
# Define authorized targets and scope
aracne scope define --target 192.168.1.100 --authorized
aracne scope define --network 192.168.1.0/24 --internal-testing
aracne scope validate --target 192.168.1.100 --legal-check
# Documentation and evidence
aracne legal document --session session-123 --authorization-proof
aracne legal evidence --session session-123 --chain-of-custody
aracne legal export --session session-123 --court-ready
# Compliance verification
aracne compliance check --session session-123 --ethical-guidelines
aracne compliance verify --session session-123 --legal-requirements
aracne compliance audit --session session-123 --comprehensive
```### 포괄적 로깅
```bash
# Risk assessment and management
aracne risk assess --session session-123 --comprehensive
aracne risk monitor --session session-123 --real-time
aracne risk mitigate --session session-123 --automatic
# Safety controls and limits
aracne safety enable --session session-123 --all-controls
aracne safety limits --session session-123 --time-limits
aracne safety boundaries --session session-123 --scope-enforcement
# Emergency procedures
aracne emergency stop --session session-123 --immediate
aracne emergency cleanup --session session-123 --evidence-removal
aracne emergency report --session session-123 --incident-documentation
```## 보안 및 윤리적 고려사항
```bash
# Optimize AI model performance
aracne optimize ai --model-selection --performance-focused
aracne optimize ai --token-usage --cost-optimization
aracne optimize ai --response-time --latency-reduction
# Session performance optimization
aracne optimize session --session session-123 --speed-optimization
aracne optimize session --session session-123 --resource-optimization
aracne optimize session --session session-123 --stealth-optimization
# Network and connectivity optimization
aracne optimize network --session session-123 --connection-stability
aracne optimize network --session session-123 --bandwidth-optimization
aracne optimize network --session session-123 --latency-reduction
```### 권한 부여 및 법적 준수
```bash
# Debug mode and verbose logging
aracne --debug session start --target 192.168.1.100
aracne --verbose ai plan-attack --target 192.168.1.100
aracne logs view --level debug --component ai-reasoning
# System diagnostics
aracne diagnose system --comprehensive
aracne diagnose ai-models --connectivity-test
aracne diagnose ssh-client --configuration-check
# Error analysis and resolution
aracne errors analyze --session session-123 --root-cause
aracne errors resolve --error-id 12345 --auto-fix
aracne errors prevent --session session-123 --predictive-analysis
```### 안전성 및 위험 관리
```bash
# Session recovery and restoration
aracne recover session --session-id session-123 --full-recovery
aracne recover state --session session-123 --checkpoint-restore
aracne recover connection --session session-123 --reconnect
# Backup and data protection
aracne backup create --session session-123 --incremental
aracne backup restore --backup-id backup-456 --selective
aracne backup verify --backup-id backup-456 --integrity-check
# Data integrity and validation
aracne verify integrity --session session-123 --all-data
aracne verify consistency --session session-123 --cross-validation
aracne verify authenticity --session session-123 --digital-signatures
```## 문제 해결 및 최적화
```python
# integrations/siem_integration.py
import json
import requests
from aracne.core.integration import BaseIntegration
class SIEMIntegration(BaseIntegration):
def __init__(self, siem_url, api_key):
self.siem_url = siem_url
self.api_key = api_key
def send_ssh_attempt(self, attempt_data):
event = {
"timestamp": attempt_data.timestamp,
"source": "aracne",
"event_type": "ssh_attempt",
"target": attempt_data.target,
"username": attempt_data.username,
"success": attempt_data.success,
"method": attempt_data.method
}
self.send_event(event)
def send_privilege_escalation(self, privesc_data):
event = {
"timestamp": privesc_data.timestamp,
"source": "aracne",
"event_type": "privilege_escalation",
"target": privesc_data.target,
"technique": privesc_data.technique,
"success": privesc_data.success,
"privileges_gained": privesc_data.privileges
}
self.send_event(event)
def send_event(self, event):
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.siem_url}/api/events",
headers=headers,
json=event
)
return response.status_code == 200
```### 성능 최적화
```python
# integrations/threat_intel.py
import requests
from aracne.core.threat_intel import ThreatIntelProvider
class ThreatIntelIntegration(ThreatIntelProvider):
def __init__(self, api_key):
self.api_key = api_key
self.base_url = "https://api.threatintel.com"
def get_ssh_vulnerabilities(self, ssh_version):
headers = {"Authorization": f"Bearer {self.api_key}"}
response = requests.get(
f"{self.base_url}/vulnerabilities/ssh/{ssh_version}",
headers=headers
)
if response.status_code == 200:
return response.json()
return []
def get_exploit_techniques(self, target_os, target_version):
headers = {"Authorization": f"Bearer {self.api_key}"}
response = requests.get(
f"{self.base_url}/techniques/{target_os}/{target_version}",
headers=headers
)
if response.status_code == 200:
return response.json()
return []
def report_new_technique(self, technique_data):
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.base_url}/techniques/report",
headers=headers,
json=technique_data
)
return response.status_code == 201
```### 디버깅 및 진단
```bash
# Reconnaissance before exploitation
aracne recon comprehensive --target 192.168.1.100 --pre-exploitation
aracne analyze target --target 192.168.1.100 --vulnerability-assessment
aracne plan attack --target 192.168.1.100 --risk-assessment
# Gradual escalation approach
aracne attack gentle --target 192.168.1.100 --low-impact
aracne attack moderate --target 192.168.1.100 --measured-approach
aracne attack aggressive --target 192.168.1.100 --high-confidence
# Stealth and operational security
aracne stealth maximum --session session-123 --anti-detection
aracne opsec enable --session session-123 --comprehensive
aracne evasion advanced --session session-123 --adaptive
```### 복구 및 백업
```bash
# Model selection and tuning
aracne ai optimize --model-selection --task-specific
aracne ai tune --parameters --performance-focused
aracne ai calibrate --confidence-thresholds --accuracy-focused
# Prompt engineering and optimization
aracne ai optimize-prompts --task ssh-exploitation
aracne ai optimize-prompts --task privilege-escalation
aracne ai optimize-prompts --task lateral-movement
# Continuous learning and improvement
aracne ai learn --from-sessions --pattern-recognition
aracne ai update --knowledge-base --latest-techniques
aracne ai validate --accuracy --benchmark-testing
```## 통합 예시
```bash
# Session management best practices
aracne session plan --target 192.168.1.100 --comprehensive-planning
aracne session execute --plan session-plan --monitored-execution
aracne session review --session session-123 --lessons-learned
# Documentation and reporting
aracne document session --session session-123 --comprehensive
aracne report generate --session session-123 --technical-details
aracne evidence collect --session session-123 --forensic-quality
# Quality assurance and validation
aracne validate findings --session session-123 --cross-verification
aracne verify exploits --session session-123 --proof-of-concept
aracne assess impact --session session-123 --business-context
```### SIEM 통합
https://aracne.readthedocs.io/##
# 위협 인텔리전스 통합
https://aracne.readthedocs.io/ssh/#
# 모범 사례
https://aracne.readthedocs.io/ai/##
# SSH 익스플로이테이션 모범 사례
https://arxiv.org/search/?query=aracne+ssh##
# AI 모델 최적화
[자율 해킹 시스템](https://arxiv.org/search/?query=autonomous+hacking)
### 커뮤니티
- [ARACNE GitHub](https://github.com/aracne-ai/aracne)
- [보안 연구 포럼](https://community.aracne.ai/)
- [AI 보안 디스코드](https://discord.gg/aracne-ai)
### 트레이닝
- [고급 SSH 익스플로이테이션](https://academy.aracne.ai/ssh/)
- [AI 기반 펜테스팅](https://academy.aracne.ai/ai-pentesting/)
- [리눅스 사후 익스플로이테이션](https://academy.aracne.ai/linux-postex/)