A2P2V : Automated Attack Path Planning and Validation

A2P2V ( Automated Attack Path Planning and Validation) is a planning and cyber-attack tool that provides the capability for users to determine a set of ranked attack sequences given a specific attacker goal. The aim of the tool is to simplify process so that non-security experts can generate clear, actionable intelligence from basic inputs using as much automation as possible and generating easy to interpret reporting.

The system uses known network topology and system vulnerability information to determine all sets of attack sequences to obtain the attacker goal and outputs the required steps (as Metasploit commands) for the selected sequence.

The input to the system includes:

  • Initial conditions: modeling the knowledge and current access of the attacker
  • Attacker goal: indicating a change in state (e.g. change temperature on an ICS system) or remote access to a specific target host
  • Vulnerability information: results of Nessus or Nmap scans or data custom (CVS) input format
  • Network topology: a custom XML format describing host information and network connectivity
  • Capability details: a custom XML format describing a set of known services and exploits specified using a PAP (Pre-condition, Action and Post-condition) model.

Prerequisites

A2P2V has the following prerequisites beyond what is installed via requirements.txt during setup:

  • python >= 3.6
  • Metasploit RPC daemon running. (Default configuration uses port 55552, username msf, password welcome1)
  • python-tk installed

To install python tk on Ubuntu (assuming python 3.9)

sudo apt install python3.9-tk

To start the Metasploit RPC daemon

msfrpcd -P welcome1 -S -U msf -a 127.0.0.1 -f -p 55552

Installation

Installing in a virtualenv is recommended.

First create a venvs directory:

mkdir $HOME/.venvs/

Create the virtual environment:

python3 -m venv .venvs/a2p2v

Activate the virtual environment:

source .venvs/a2p2v/bin/activate

Install:

cd a2p2v/
pip install

Load Capability Definitions

The first time that the tool is run, the capabilities definitions needs to be imported. For example, to load the provided default capabilities definitions:

a2p2v –importdb lab_config/capabilities.xml

Getting Started: System Goal

The system is run in planning mode using the following command line arguments

$ a2p2v –plan

The following selections are shown:

TREE#SCOREHOPSFINAL CAPABILITY OPTIONSGOALS
06.17GW(1)>HMI(4)>OPC(4)>PLC(1)auxiliary/scanner/scada/modbusclientchange_temp
16.17GW(1)>HMI(4)>USER2(4)>PLC(1)auxiliary/scanner/scada/modbusclientchange_temp

Select an attack tree to execute (or any other value to exit):

A detailed report and corresponding set of attack trees can be found in the reports/ directory.

Getting Started: Single Host Target

The tool can also be run against a single target, assuming network connectivity to the target.

The system is run in single host mode by specifying a target in the command line arguments:

a2p2v –target USER1

The list of all known exploits are shown in the selection. You can choose a specific exploit to use, or all of them.

TREE#SCORECAPABILITY
08.4exploit/windows/smb/ms17_010_eternalblue
—–—–————————————————–
18.4exploit/windows/smb/ms17_010_psexec
—–—–————————————————–
28.4exploit/windows/smb/ms10_061_spoolss
—–—–————————————————–
38.2exploit/windows/rdp/cve_2019_0708_bluekeep_rce

Select a capability to execute, ‘a’ for all, or any other value to skip: a

The corresponding report is similar to that generated for the system use case.

R K

Recent Posts

Understanding the Model Context Protocol (MCP) and How It Works

Introduction to the Model Context Protocol (MCP) The Model Context Protocol (MCP) is an open…

5 days ago

The file Command – Quickly Identify File Contents in Linux

While file extensions in Linux are optional and often misleading, the file command helps decode what a…

6 days ago

How to Use the touch Command in Linux

The touch command is one of the quickest ways to create new empty files or update timestamps…

6 days ago

How to Search Files and Folders in Linux Using the find Command

Handling large numbers of files is routine for Linux users, and that’s where the find command shines.…

6 days ago

How to Move and Rename Files in Linux with the mv Command

Managing files and directories is foundational for Linux workflows, and the mv (“move”) command makes it easy…

6 days ago

How to Create Directories in Linux with the mkdir Command

Creating directories is one of the earliest skills you'll use on a Linux system. The mkdir (make…

6 days ago