Artorias is a framework to drive other host or web app scanners. Artorias started with the intention of targetting IoT devices, but makes no real distinction between them and a normal desktop.
-Identify OS Type
-Services provided/open ports
-Dictionary guessable credentials
-Vulnerabilities with web interfaces
-Identify plaintext traffic to/from device
-Drive other IoT or host based scans if host meets prerequisites
Python3.5 or higher
virtualenv -p python3 art ; . art/bin/activate # optional steps, but recommended
git clone [email protected]:Burrch3s/artorias.git
cd artorias ; pip install -r requirements.txt
pushd scanners; sudo ./install_scanners.sh; popd # OR just install nikto, owasp-zap, nmap, hydra and wordlist that's pointed to by settings.py
Then you should be good to go. Artorias utilizes the argparse module, so -h will display help messages for args
Contains most code and object definitions for the project. Handling of the test and scan commands happen here as well.
Contains scans to run against a host. These scans are sub classes of core/scan.py and should override the parent classes methods
Scripts and templates for developers
Directory containing sources of scanners to install from install_scanners.sh, as well as the default location for the wordlist to use.
Contains unittests for the repo. Perform unittests by running green. core/scans is omitted by unittests and coverage, in the future, it would be for the best to implement some kind of integration test for them to test them..
-Use given credentials on hosts to loggin to perform basic checks (maybe try using Nessus?)
-May not be possible in timeframe wanted, but eh let's try
-Sounds kinda cool lol
-Take everything that is listed above and provide meaningful feedback
-Consult NIST, OWASP and other guidelines in attempt to rank findings
-Take care of all the setup for users to run artorias; make everyones life simple
-Supporting more scanners is a real must. Custom scans can also be done if written in Python!