A2P2V ( Automated Attack Path Planning and Validation) is a planning and cyber-attack tool that provides the capability for users to determine a set of ranked attack sequences given a specific attacker goal. The aim of the tool is to simplify process so that non-security experts can generate clear, actionable intelligence from basic inputs using as much automation as possible and generating easy to interpret reporting.
The system uses known network topology and system vulnerability information to determine all sets of attack sequences to obtain the attacker goal and outputs the required steps (as Metasploit commands) for the selected sequence.
The input to the system includes:
Prerequisites
A2P2V has the following prerequisites beyond what is installed via requirements.txt during setup:
To install python tk on Ubuntu (assuming python 3.9)
sudo apt install python3.9-tk
To start the Metasploit RPC daemon
msfrpcd -P welcome1 -S -U msf -a 127.0.0.1 -f -p 55552
Installation
Installing in a virtualenv is recommended.
First create a venvs directory:
mkdir $HOME/.venvs/
Create the virtual environment:
python3 -m venv .venvs/a2p2v
Activate the virtual environment:
source .venvs/a2p2v/bin/activate
Install:
cd a2p2v/
pip install
Load Capability Definitions
The first time that the tool is run, the capabilities definitions needs to be imported. For example, to load the provided default capabilities definitions:
a2p2v –importdb lab_config/capabilities.xml
Getting Started: System Goal
The system is run in planning mode using the following command line arguments
$ a2p2v –plan
The following selections are shown:
TREE# | SCORE | HOPS | FINAL CAPABILITY OPTIONS | GOALS |
---|---|---|---|---|
0 | 6.17 | GW(1)>HMI(4)>OPC(4)>PLC(1) | auxiliary/scanner/scada/modbusclient | change_temp |
1 | 6.17 | GW(1)>HMI(4)>USER2(4)>PLC(1) | auxiliary/scanner/scada/modbusclient | change_temp |
Select an attack tree to execute (or any other value to exit):
A detailed report and corresponding set of attack trees can be found in the reports/ directory.
Getting Started: Single Host Target
The tool can also be run against a single target, assuming network connectivity to the target.
The system is run in single host mode by specifying a target in the command line arguments:
a2p2v –target USER1
The list of all known exploits are shown in the selection. You can choose a specific exploit to use, or all of them.
TREE# | SCORE | CAPABILITY |
---|---|---|
0 | 8.4 | exploit/windows/smb/ms17_010_eternalblue |
—– | —– | ————————————————– |
1 | 8.4 | exploit/windows/smb/ms17_010_psexec |
—– | —– | ————————————————– |
2 | 8.4 | exploit/windows/smb/ms10_061_spoolss |
—– | —– | ————————————————– |
3 | 8.2 | exploit/windows/rdp/cve_2019_0708_bluekeep_rce |
Select a capability to execute, ‘a’ for all, or any other value to skip: a
The corresponding report is similar to that generated for the system use case.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…