2011年洛克希德·马丁公司提出了the Cyber Kill Chain®的概念和模型,这一模型揭示了网络攻击从侦察跟踪到目标达成的整个网络入侵过程,也为渗透测试建立标准化流程提供了绝佳的参考。在随后2019年的RSA大会中,MITRE组织结合在追踪APT即高级长期威胁组织得到的情报以及79个APT组织的相关TTP(战术、技术和过程)样例,展示了MITRE ATT&CK®模型以及如何利用这个模型建立或提升防御体系。这个模型则可以为渗透测试提供了战术、技术和过程上的指导。所以遵循ATT&CK模型的战术、技术和过程就可以将渗透测试的关键环节甚至全部环节实现自动化。
本工程通过python调用Kali Linux中的工具以攻击者杀链的标准化流程,参考MITRE ATT&CK®模型的战术、技术和过程。借助MongoDB打通工具间的信息共享渠道,最终实现了全自动渗透测试工具ANPT。
ANPT将会更新下去,欢迎各位开源开发者一同贡献力量,在此感谢大家。
In 2011, Lockheed Martin proposed the concept and model of Cyber KillChain®. This model reveals the entire network intrusion process from cyber reconnaissance and tracking to target achievement. It also provides an excellent way to establish a standardized process for penetration testing. In the next RSA conference in 2019, the MITRE organization combined the intelligence obtained by APT, which is an advanced long-term threat organization, and the relevant TTP (tactical, technical, and process) examples of 79 APT organizations to demonstrate the MITRE ATT&CK® model and How to use this model to build or improve a defense system. This model can provide tactical, technical and process guidance for penetration testing. Therefore, with the tactics of the ATT&CK model, the technology and process can automate the key or even all of the penetration testing.
This project calls the tools in Kali Linux through python to standardize the process of the attacker killing the chain, referring to the tactics, technology and process of the MITRE ATT&CK® model. And through MongoDB to open up the information sharing channel between tools, and finally realized the automatic penetration testing tool ANPT.
ANPT will be updated, welcome all open source developers to contribute together, thank you all here.