banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github
HomeArchives

Automated Host Penetration Testing Tool

#渗透41
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
Shennina is a powerful automated host penetration/vulnerability exploitation framework that uses artificial intelligence technology for security scanning, vulnerability analysis, and exploitation development. It integrates Metasploit and Nmap for penetration testing, includes a command control server for data filtering, and covers over 40 TTP in the MITRE ATT&CK framework. Users can download and install the tool, run it on their devices, and perform various automated security tasks.

image
Shennina is a powerful automated host penetration/vulnerability exploitation framework. The main purpose of this project is to achieve complete automation of security scanning, vulnerability scanning/analysis, and vulnerability exploitation development using artificial intelligence technology. Shennina integrates the powerful network security tools Metasploit and Nmap to implement some of its functions and perform penetration testing. In addition, the tool also integrates a command control server to automatically filter data from the target host.

Function Introduction:

  1. Implements an automated self-learning method to find vulnerability exploitation solutions.
  2. Uses hosted concurrent design to achieve high-performance operation.
  3. Intelligent cluster penetration testing/vulnerability exploitation.
  4. Post-exploitation functionality.
  5. Deception attack detection.
  6. Ransomware simulation functionality.
  7. Automatic data filtering.
  8. Optional vulnerability scanning mode.
  9. Heuristic mode to obtain recommended penetration testing solutions.
  10. Supports Windows, Linux, and macOS proxies.
  11. Scripted attack/penetration mode in the post-exploitation phase.
  12. Provides kernel-based vulnerability exploitation/penetration solution recommendations.
  13. Provides out-of-band technology testing for vulnerability exploitation solutions.
  14. Automatically filters important data from the target server.
  15. Report generation.
  16. Covers 40+ TTPs in the MITRE ATT&CK framework.
  17. Supports multiple input targets.

Tool Download:
Since this tool is developed based on Python, we first need to install and configure the Python environment on our local device. Next, we can use the following command to clone the source code of the project to our local machine:

git clone https://github.com/mazen160/shennina.git

Then, use the pip command and the requirements.txt file provided by the project to install the required dependencies for the tool:

cd Shennina

pip install requirements.txt

Alternatively, we can also directly access the Release page of the project to download the latest released version of the tool.

Tool Execution:
Exfiltration Server - Agent
Linux/macOS

./exfiltration-server/agent.sh

Windows

./exfiltration-server/agent.ps1

Exfiltration Server - Run

$ cd ./exfiltration-server/

$ ./run-server.sh

MSFRPCD Server

./scripts/run-msfrp.py

Run Service Scan

$ ./shennina.py --lhost metasploit-ip --target target.local --service-scan-only

Run Shennina in Training Mode

$ ./shennina.py --training-mode --lhost lhost.local --target training-target.local

Exploitation Mode

$ ./shennina.py --lhost lhost.local --target target.local --exploitation-mode

Exploitation Mode - Heuristic

$ ./shennina.py --lhost lhost.local --target target.local --exploitation-mode --secondary-mode

Project Address:
Shennina: https://github.com/mazen160/shennina

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.