Folha de Dicas do ARACNE
Visão Geral
ARACNE (Autonomous Reconnaissance and Attack Coordination for Network Exploitation) é um agente baseado em LLM especificamente projetado para direcionar serviços SSH e explorar e atacar autonomamente ambientes de shell Linux. Ele combina raciocínio de modelo de linguagem de grande escala com técnicas tradicionais de teste de penetração para realizar ataques sofisticados em sistemas acessíveis via SSH.
⚠️ Aviso Crítico: Ferramenta avançada de exploração autônoma. Use apenas em sistemas que você possui ou tem autorização expressa por escrito para testar. O uso não autorizado é ilegal.
Instalação
Pré-requisitos
# System requirements
python3 --version # Python 3.9+
pip3 --version
git --version
# Required system packages
sudo apt update
sudo apt install -y python3-pip python3-venv git curl wget
sudo apt install -y openssh-client sshpass hydra nmap masscan
# Install additional security tools
sudo apt install -y john hashcat gobuster dirb nikto
sudo apt install -y metasploit-framework exploitdbMétodos de Instalação
# Method 1: Git clone and setup
git clone https://github.com/aracne-ai/aracne.git
cd aracne
python3 -m venv venv
source venv/bin/activate
pip install -r requirements.txt
# Install LLM dependencies
pip install openai anthropic langchain
pip install transformers torch
pip install paramiko fabric pexpect
# Method 2: Docker installation
docker pull aracne/aracne:latest
docker run -it --rm -v $(pwd)/sessions:/app/sessions aracne/aracne:latest
# Method 3: PyPI installation (if available)
pip install aracne-agentConfiguração de Instalação
# Create configuration directory
mkdir -p ~/.aracne/config
mkdir -p ~/.aracne/sessions
mkdir -p ~/.aracne/payloads
mkdir -p ~/.aracne/logs
# Initialize configuration
aracne init
# Configure LLM providers
aracne config set openai_api_key "your-openai-key"
aracne config set openai_model "gpt-4"
aracne config set anthropic_api_key "your-anthropic-key"
# Set operational parameters
aracne config set max_session_time 3600
aracne config set autonomous_mode true
aracne config set stealth_mode true
aracne config set evidence_collection trueComandos Principais
Operações Básicas
# Display help and version
aracne --help
aracne --version
aracne modules list
# Quick SSH reconnaissance
aracne recon ssh --target 192.168.1.100
aracne recon ssh --network 192.168.1.0/24
aracne recon ssh --target-list targets.txt
# SSH service analysis
aracne analyze ssh --target 192.168.1.100 --deep
aracne analyze ssh --target 192.168.1.100 --version-detection
aracne analyze ssh --target 192.168.1.100 --configuration-analysis
# System status and health
aracne status
aracne health-check
aracne modules statusGerenciamento de Alvos
# Add SSH targets
aracne target add --host 192.168.1.100 --port 22
aracne target add --host example.com --port 2222
aracne target add --network 192.168.1.0/24 --ssh-only
# Target information and management
aracne target list --active
aracne target info 192.168.1.100
aracne target remove 192.168.1.100
# Import targets from various sources
aracne target import --nmap ssh_scan.xml
aracne target import --masscan masscan_results.txt
aracne target import --file ssh_targets.txt
# Target prioritization
aracne target prioritize --by vulnerability
aracne target prioritize --by accessibility
aracne target prioritize --custom-scoringGerenciamento de Sessão
# Create and manage attack sessions
aracne session create --target 192.168.1.100 --name "target_compromise"
aracne session list --active
aracne session switch target_compromise
# Session configuration
aracne session config --max-duration 2h
aracne session config --stealth-level high
aracne session config --logging-level verbose
# Session control
aracne session start --target 192.168.1.100
aracne session pause target_compromise
aracne session resume target_compromise
aracne session terminate target_compromiseReconhecimento e Análise SSH
Descoberta de Serviço SSH
# Comprehensive SSH discovery
aracne discover ssh --network 192.168.1.0/24 --comprehensive
aracne discover ssh --target-list targets.txt --fast
aracne discover ssh --target 192.168.1.100 --deep-analysis
# SSH version and banner analysis
aracne analyze banner --target 192.168.1.100
aracne analyze version --target 192.168.1.100 --vulnerability-check
aracne analyze configuration --target 192.168.1.100 --security-assessment
# SSH algorithm and cipher analysis
aracne analyze algorithms --target 192.168.1.100
aracne analyze ciphers --target 192.168.1.100 --weak-crypto
aracne analyze kex --target 192.168.1.100 --security-analysisAvaliação de Vulnerabilidades SSH
# SSH-specific vulnerability scanning
aracne vuln scan-ssh --target 192.168.1.100 --comprehensive
aracne vuln scan-ssh --target 192.168.1.100 --known-exploits
aracne vuln scan-ssh --network 192.168.1.0/24 --quick
# Configuration vulnerability analysis
aracne vuln config --target 192.168.1.100 --misconfigurations
aracne vuln config --target 192.168.1.100 --weak-settings
aracne vuln config --target 192.168.1.100 --default-configs
# SSH implementation vulnerabilities
aracne vuln implementation --target 192.168.1.100 --version-specific
aracne vuln implementation --target 192.168.1.100 --buffer-overflows
aracne vuln implementation --target 192.168.1.100 --timing-attacksEnumeração de Usuários
# SSH user enumeration techniques
aracne enum users --target 192.168.1.100 --timing-based
aracne enum users --target 192.168.1.100 --error-based
aracne enum users --target 192.168.1.100 --comprehensive
# Username wordlist generation
aracne generate usernames --target 192.168.1.100 --context-aware
aracne generate usernames --company "Example Corp" --employees
aracne generate usernames --domain example.com --email-based
# User validation and verification
aracne validate users --target 192.168.1.100 --user-list users.txt
aracne validate users --target 192.168.1.100 --probabilistic
aracne validate users --target 192.168.1.100 --stealth-modeExploração Autônoma SSH
Ataques Baseados em Credenciais
# Intelligent brute force attacks
aracne attack brute-force --target 192.168.1.100 --smart
aracne attack brute-force --target 192.168.1.100 --user admin --adaptive
aracne attack brute-force --target 192.168.1.100 --credential-stuffing
# Dictionary attacks with AI optimization
aracne attack dictionary --target 192.168.1.100 --ai-optimized
aracne attack dictionary --target 192.168.1.100 --context-aware
aracne attack dictionary --target 192.168.1.100 --pattern-learning
# Credential spraying
aracne attack spray --network 192.168.1.0/24 --common-passwords
aracne attack spray --target-list targets.txt --seasonal-passwords
aracne attack spray --targets multiple --lockout-awareAtaques Baseados em Chaves
# SSH key discovery and analysis
aracne keys discover --target 192.168.1.100 --web-crawling
aracne keys discover --target 192.168.1.100 --git-repositories
aracne keys discover --target 192.168.1.100 --configuration-files
# Private key attacks
aracne keys attack --target 192.168.1.100 --weak-keys
aracne keys attack --target 192.168.1.100 --default-keys
aracne keys attack --target 192.168.1.100 --cracking
# Key injection and manipulation
aracne keys inject --target 192.168.1.100 --authorized-keys
aracne keys manipulate --target 192.168.1.100 --key-replacement
aracne keys backdoor --target 192.168.1.100 --persistent-accessExploits em Nível de Protocolo
# SSH protocol exploitation
aracne exploit protocol --target 192.168.1.100 --version-specific
aracne exploit protocol --target 192.168.1.100 --implementation-bugs
aracne exploit protocol --target 192.168.1.100 --timing-attacks
# Man-in-the-middle attacks
aracne exploit mitm --target 192.168.1.100 --arp-poisoning
aracne exploit mitm --target 192.168.1.100 --dns-spoofing
aracne exploit mitm --target 192.168.1.100 --certificate-manipulation
# Downgrade attacks
aracne exploit downgrade --target 192.168.1.100 --weak-algorithms
aracne exploit downgrade --target 192.168.1.100 --legacy-protocols
aracne exploit downgrade --target 192.168.1.100 --cipher-downgradeExploração de Shell Linux
Acesso Inicial e Estabelecimento de Shell
# Establish initial shell access
aracne shell establish --target 192.168.1.100 --method ssh
aracne shell establish --target 192.168.1.100 --credentials user:pass
aracne shell establish --target 192.168.1.100 --key-file private_key
# Shell upgrade and stabilization
aracne shell upgrade --session session-123 --interactive
aracne shell upgrade --session session-123 --pty
aracne shell upgrade --session session-123 --full-terminal
# Shell persistence mechanisms
aracne shell persist --session session-123 --cron-job
aracne shell persist --session session-123 --systemd-service
aracne shell persist --session session-123 --ssh-keysReconhecimento de Sistema
# Autonomous system enumeration
aracne recon system --session session-123 --comprehensive
aracne recon system --session session-123 --quick-wins
aracne recon system --session session-123 --stealth-mode
# User and privilege enumeration
aracne recon users --session session-123 --all-users
aracne recon users --session session-123 --privileged-users
aracne recon users --session session-123 --sudo-capabilities
# Network and service discovery
aracne recon network --session session-123 --internal-networks
aracne recon services --session session-123 --running-services
aracne recon processes --session session-123 --interesting-processesEscalação de Privilégios
# Autonomous privilege escalation
aracne privesc auto --session session-123 --all-techniques
aracne privesc auto --session session-123 --kernel-exploits
aracne privesc auto --session session-123 --suid-binaries
# Specific escalation techniques
aracne privesc sudo --session session-123 --sudo-abuse
aracne privesc cron --session session-123 --cron-jobs
aracne privesc services --session session-123 --service-abuse
# Custom escalation strategies
aracne privesc custom --session session-123 --ai-guided
aracne privesc search --session session-123 --novel-techniques
aracne privesc exploit --session session-123 --zero-dayMovimentação Lateral
# Network lateral movement
aracne lateral network --session session-123 --ssh-keys
aracne lateral network --session session-123 --credential-reuse
aracne lateral network --session session-123 --trust-relationships
# Service-based lateral movement
aracne lateral services --session session-123 --shared-services
aracne lateral services --session session-123 --database-access
aracne lateral services --session session-123 --file-shares
# Advanced lateral movement
aracne lateral advanced --session session-123 --kerberos
aracne lateral advanced --session session-123 --container-escape
aracne lateral advanced --session session-123 --cloud-metadataTomada de Decisão Alimentada por IA
Motor de Raciocínio Autônomo
# AI reasoning configuration
reasoning_config = {
"model": "gpt-4",
"temperature": 0.2,
"max_tokens": 4000,
"reasoning_depth": 3,
"confidence_threshold": 0.85,
"exploration_factor": 0.3
}
# Custom reasoning prompts for SSH exploitation
ssh_analysis_prompt = """
Analyze the SSH service and system information:
Target: {target}
SSH Version: {ssh_version}
Available Users: {users}
System Information: {system_info}
Previous Attempts: {previous_attempts}
Determine the best exploitation strategy:
1. Most likely attack vectors
2. Probability of success for each
3. Stealth considerations
4. Risk assessment
5. Next steps recommendation
"""Estratégias de Ataque Adaptativas
# AI-guided attack planning
aracne ai plan-attack --target 192.168.1.100 --objective shell-access
aracne ai plan-attack --session session-123 --objective privilege-escalation
aracne ai plan-attack --target 192.168.1.100 --stealth-priority
# Dynamic strategy adaptation
aracne ai adapt-strategy --session session-123 --defense-detected
aracne ai adapt-strategy --session session-123 --failure-analysis
aracne ai adapt-strategy --session session-123 --new-information
# Learning from interactions
aracne ai learn --session session-123 --command-responses
aracne ai learn --target 192.168.1.100 --defense-mechanisms
aracne ai learn --global --pattern-recognitionGeração Inteligente de Comandos
Would you like me to continue with the remaining sections?```bash
AI-generated commands for exploration
aracne ai generate-commands —session session-123 —exploration aracne ai generate-commands —session session-123 —privilege-escalation aracne ai generate-commands —session session-123 —persistence
Context-aware command selection
aracne ai select-commands —session session-123 —current-context aracne ai select-commands —session session-123 —objective-focused aracne ai select-commands —session session-123 —stealth-optimized
Command effectiveness analysis
aracne ai analyze-effectiveness —session session-123 —command-history aracne ai analyze-effectiveness —session session-123 —success-patterns aracne ai analyze-effectiveness —session session-123 —failure-analysis
```bash
# Stealth mode operations
aracne stealth enable --session session-123 --advanced-evasion
aracne stealth timing --session session-123 --random-delays
aracne stealth obfuscation --session session-123 --command-obfuscation
# Anti-forensics techniques
aracne antiforensics enable --session session-123 --log-cleaning
aracne antiforensics timestamps --session session-123 --timestamp-manipulation
aracne antiforensics artifacts --session session-123 --artifact-removal
# Detection evasion
aracne evasion ids --session session-123 --ids-evasion
aracne evasion monitoring --session session-123 --monitoring-detection
aracne evasion behavioral --session session-123 --behavioral-mimicry
```### Furtividade e Evasão
```bash
# Establish persistent access
aracne persist establish --session session-123 --multiple-methods
aracne persist establish --session session-123 --stealth-persistence
aracne persist establish --session session-123 --redundant-access
# Persistence validation and testing
aracne persist validate --session session-123 --all-methods
aracne persist test --session session-123 --reconnection-test
aracne persist monitor --session session-123 --persistence-health
# Persistence cleanup and removal
aracne persist cleanup --session session-123 --selective-removal
aracne persist remove --session session-123 --complete-cleanup
aracne persist verify-removal --session session-123 --forensic-check
```### Mecanismos de Persistência
```bash
# Intelligent data discovery
aracne data discover --session session-123 --sensitive-files
aracne data discover --session session-123 --database-content
aracne data discover --session session-123 --configuration-files
# Data classification and prioritization
aracne data classify --session session-123 --ai-classification
aracne data prioritize --session session-123 --business-value
aracne data assess --session session-123 --sensitivity-analysis
# Secure data exfiltration
aracne data exfiltrate --session session-123 --encrypted-channel
aracne data exfiltrate --session session-123 --steganography
aracne data exfiltrate --session session-123 --covert-channels
```### Exfiltração e Coleta de Dados
```bash
# Real-time session monitoring
aracne monitor session --session session-123 --real-time
aracne monitor activity --session session-123 --command-tracking
aracne monitor progress --session session-123 --objective-tracking
# Performance and resource monitoring
aracne monitor performance --session session-123 --resource-usage
aracne monitor network --session session-123 --traffic-analysis
aracne monitor system --session session-123 --system-impact
# Alert and notification system
aracne monitor alerts --session session-123 --critical-events
aracne monitor notifications --session session-123 --progress-updates
aracne monitor warnings --session session-123 --risk-indicators
```## Monitoramento e Registro
```bash
# Enable detailed logging
aracne logging enable --session session-123 --comprehensive
aracne logging enable --session session-123 --ai-decisions
aracne logging enable --session session-123 --command-responses
# Log analysis and insights
aracne logging analyze --session session-123 --pattern-analysis
aracne logging analyze --session session-123 --success-factors
aracne logging analyze --session session-123 --failure-analysis
# Log export and reporting
aracne logging export --session session-123 --format json
aracne logging export --session session-123 --timeline-format
aracne logging export --session session-123 --forensic-format
```### Monitoramento de Sessão
```bash
# Define authorized targets and scope
aracne scope define --target 192.168.1.100 --authorized
aracne scope define --network 192.168.1.0/24 --internal-testing
aracne scope validate --target 192.168.1.100 --legal-check
# Documentation and evidence
aracne legal document --session session-123 --authorization-proof
aracne legal evidence --session session-123 --chain-of-custody
aracne legal export --session session-123 --court-ready
# Compliance verification
aracne compliance check --session session-123 --ethical-guidelines
aracne compliance verify --session session-123 --legal-requirements
aracne compliance audit --session session-123 --comprehensive
```### Registro Abrangente
```bash
# Risk assessment and management
aracne risk assess --session session-123 --comprehensive
aracne risk monitor --session session-123 --real-time
aracne risk mitigate --session session-123 --automatic
# Safety controls and limits
aracne safety enable --session session-123 --all-controls
aracne safety limits --session session-123 --time-limits
aracne safety boundaries --session session-123 --scope-enforcement
# Emergency procedures
aracne emergency stop --session session-123 --immediate
aracne emergency cleanup --session session-123 --evidence-removal
aracne emergency report --session session-123 --incident-documentation
```## Considerações de Segurança e Ética
```bash
# Optimize AI model performance
aracne optimize ai --model-selection --performance-focused
aracne optimize ai --token-usage --cost-optimization
aracne optimize ai --response-time --latency-reduction
# Session performance optimization
aracne optimize session --session session-123 --speed-optimization
aracne optimize session --session session-123 --resource-optimization
aracne optimize session --session session-123 --stealth-optimization
# Network and connectivity optimization
aracne optimize network --session session-123 --connection-stability
aracne optimize network --session session-123 --bandwidth-optimization
aracne optimize network --session session-123 --latency-reduction
```### Autorização e Conformidade Legal
```bash
# Debug mode and verbose logging
aracne --debug session start --target 192.168.1.100
aracne --verbose ai plan-attack --target 192.168.1.100
aracne logs view --level debug --component ai-reasoning
# System diagnostics
aracne diagnose system --comprehensive
aracne diagnose ai-models --connectivity-test
aracne diagnose ssh-client --configuration-check
# Error analysis and resolution
aracne errors analyze --session session-123 --root-cause
aracne errors resolve --error-id 12345 --auto-fix
aracne errors prevent --session session-123 --predictive-analysis
```### Segurança e Gestão de Riscos
```bash
# Session recovery and restoration
aracne recover session --session-id session-123 --full-recovery
aracne recover state --session session-123 --checkpoint-restore
aracne recover connection --session session-123 --reconnect
# Backup and data protection
aracne backup create --session session-123 --incremental
aracne backup restore --backup-id backup-456 --selective
aracne backup verify --backup-id backup-456 --integrity-check
# Data integrity and validation
aracne verify integrity --session session-123 --all-data
aracne verify consistency --session session-123 --cross-validation
aracne verify authenticity --session session-123 --digital-signatures
```## Solução de Problemas e Otimização
```python
# integrations/siem_integration.py
import json
import requests
from aracne.core.integration import BaseIntegration
class SIEMIntegration(BaseIntegration):
def __init__(self, siem_url, api_key):
self.siem_url = siem_url
self.api_key = api_key
def send_ssh_attempt(self, attempt_data):
event = {
"timestamp": attempt_data.timestamp,
"source": "aracne",
"event_type": "ssh_attempt",
"target": attempt_data.target,
"username": attempt_data.username,
"success": attempt_data.success,
"method": attempt_data.method
}
self.send_event(event)
def send_privilege_escalation(self, privesc_data):
event = {
"timestamp": privesc_data.timestamp,
"source": "aracne",
"event_type": "privilege_escalation",
"target": privesc_data.target,
"technique": privesc_data.technique,
"success": privesc_data.success,
"privileges_gained": privesc_data.privileges
}
self.send_event(event)
def send_event(self, event):
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.siem_url}/api/events",
headers=headers,
json=event
)
return response.status_code == 200
```### Otimização de Desempenho
```python
# integrations/threat_intel.py
import requests
from aracne.core.threat_intel import ThreatIntelProvider
class ThreatIntelIntegration(ThreatIntelProvider):
def __init__(self, api_key):
self.api_key = api_key
self.base_url = "https://api.threatintel.com"
def get_ssh_vulnerabilities(self, ssh_version):
headers = {"Authorization": f"Bearer {self.api_key}"}
response = requests.get(
f"{self.base_url}/vulnerabilities/ssh/{ssh_version}",
headers=headers
)
if response.status_code == 200:
return response.json()
return []
def get_exploit_techniques(self, target_os, target_version):
headers = {"Authorization": f"Bearer {self.api_key}"}
response = requests.get(
f"{self.base_url}/techniques/{target_os}/{target_version}",
headers=headers
)
if response.status_code == 200:
return response.json()
return []
def report_new_technique(self, technique_data):
headers = {
"Authorization": f"Bearer {self.api_key}",
"Content-Type": "application/json"
}
response = requests.post(
f"{self.base_url}/techniques/report",
headers=headers,
json=technique_data
)
return response.status_code == 201
```### Depuração e Diagnóstico
```bash
# Reconnaissance before exploitation
aracne recon comprehensive --target 192.168.1.100 --pre-exploitation
aracne analyze target --target 192.168.1.100 --vulnerability-assessment
aracne plan attack --target 192.168.1.100 --risk-assessment
# Gradual escalation approach
aracne attack gentle --target 192.168.1.100 --low-impact
aracne attack moderate --target 192.168.1.100 --measured-approach
aracne attack aggressive --target 192.168.1.100 --high-confidence
# Stealth and operational security
aracne stealth maximum --session session-123 --anti-detection
aracne opsec enable --session session-123 --comprehensive
aracne evasion advanced --session session-123 --adaptive
```### Recuperação e Backup
```bash
# Model selection and tuning
aracne ai optimize --model-selection --task-specific
aracne ai tune --parameters --performance-focused
aracne ai calibrate --confidence-thresholds --accuracy-focused
# Prompt engineering and optimization
aracne ai optimize-prompts --task ssh-exploitation
aracne ai optimize-prompts --task privilege-escalation
aracne ai optimize-prompts --task lateral-movement
# Continuous learning and improvement
aracne ai learn --from-sessions --pattern-recognition
aracne ai update --knowledge-base --latest-techniques
aracne ai validate --accuracy --benchmark-testing
```## Exemplos de Integração
```bash
# Session management best practices
aracne session plan --target 192.168.1.100 --comprehensive-planning
aracne session execute --plan session-plan --monitored-execution
aracne session review --session session-123 --lessons-learned
# Documentation and reporting
aracne document session --session session-123 --comprehensive
aracne report generate --session session-123 --technical-details
aracne evidence collect --session session-123 --forensic-quality
# Quality assurance and validation
aracne validate findings --session session-123 --cross-verification
aracne verify exploits --session session-123 --proof-of-concept
aracne assess impact --session session-123 --business-context
```### Integração SIEM
https://aracne.readthedocs.io/##
# Integração de Inteligência de Ameaças
https://aracne.readthedocs.io/ssh/#
# Melhores Práticas
https://aracne.readthedocs.io/ai/##
# Melhores Práticas de Exploração SSH
https://arxiv.org/search/?query=aracne+ssh##
# Otimização de Modelo de IA
[Sistemas de Hacking Autônomo](https://arxiv.org/search/?query=autonomous+hacking)
### Comunidade
- [ARACNE GitHub](https://github.com/aracne-ai/aracne)
- [Fórum de Pesquisa em Segurança](https://community.aracne.ai/)
- [Discord de Segurança em IA](https://discord.gg/aracne-ai)
### Treinamento
- [Exploração Avançada de SSH](https://academy.aracne.ai/ssh/)
- [Pentesting Alimentado por IA](https://academy.aracne.ai/ai-pentesting/)
- [Pós-Exploração em Linux](https://academy.aracne.ai/linux-postex/)