aaron: Draw your taget network's topology (connectivity) graph from netstat results of clients (victims)
License: GNU General Public License v3.0
Ruby 100.00%
aaron's Introduction
aaron
======
In loving memory of tireless Internet activist, "Aaron Swartz".
======
Find a way to go deep inside your target network to get the "Arkenstone".
Designed for hacktists, professional penetration testers and APT teams.
#About
Imagine those hard times that you were inside an unknown network
trying to discover how things work by looking at anything,
just to find out a way to go deeper and deeper inside that jungle of
connected electronic devices. Going deeper means you need
to find new targets, but how? Yes! That cool netstat -an command,
shows valuable network information. But, did you ever try to
analyze 10000 lines of netstat result? THAT'S HELL OF A HARD WORK!
so you may use grep, awk, cut, sort, uniq and a bunch of | (pipes)
trying to make one those magical single line commands and reduce
the netstat result to 1000 lines! That's geek but you need s
omething more visual!
Any advanced hacking or black-box penetration testing project starts
with a short list of known targets. After exploiting one of those known
targets, you should use all the information found inside that target
to find new targets. Discovering new HVTs is a key point for
a successful security breach because you can go deeper and deeper.
aaron helps you do that in a more visual way!
#Why?
- You can understand data-flow inside your target network.
- You don't need to install it on remote target (e.g. libpcap)
=> less suspicious.
- Find high value targets by looking at a graphical map!
#Features
Core
- Parse netstat results
- Search!
- Automated OS detection (based on netstat results)
- Add/Edit/Remove Hosts/Connections
- rdoc
Graph
- Draw network graph of your local machine
- Draw a network graph based on results collected
from several remote hosts
- Update an existing network graph
- Export graphs in png and pdf formats
Advanced Targeting
- Add hosts to metasploit database
- Supports SSH ans PSExec (SMB) protocols
- Supports "adb shell" (android devices)
#Installation:
Ruby dependencies:
1. thor
2. net-ssh
3. graphviz
4. sqlite3
5. activerecord
6. highline
7. termios
General dependencies:
1. metasploit: msfconsole
2. android tools: adb
Install on a Debian or kali Linux:
$ sudo aptitude install ruby-thor ruby-net-ssh ruby-highline
$ sudo aptitude install ruby-graphviz libsqlite3-ruby ruby-termios
$ sudo aptitude install ruby-activerecord android-tools-adb
Note 1:
Make sure metasploit is installed and msfdb (postgresql on port
5432 and 5433) is up.
Note 2:
I think there shouldn't be any difficulties installing aaron on
other GNU/Linux, BSD or other Unix families, However there are
some issues (like adb, psexec, etc.) installing aaron on a
windows machine but fixing those issues wouldn't be a
headache for a professional user.
Third Party Tools:
1. xdot to view .dot file
2. sqlitebrowser to modify .axa file
#TODO
- aaron search + regex
- IPv6 netstat regex
- BSD test
- test, test, test
#more
- Sqlite3 Database (.axa file):
+----------------+ +-----------------+
| Host | | Edge |
+----------------+ +-----------------+
| id (PK) | | id (PK) |
| name | | src_ip_id (FK) |
| info | | dst_ip_id |
| deepinfo | | src_tag |
| comment | | dst_tag |
| | | proto |
| | | type_tag |
| | | comment |
+----------------+ +-----------------+
^ | |
| | |
| | |
| +----------------+ | |
| | IP | | |
| +----------------+ | |
| | id (PK) |<---+ |
+----| host_id (FK) |<-----+
| addr |
| comment |
| |
+----------------+