Now with moar go!!!
Arsenic aims to set conventions around how pentest data is stored. It is nothing more than a directory structure and file naming conventions. By itself it is nothing fancy, but when combined with things like arsenic-hugo, it should make operations fun again!
An example operation directory structure would look like.
├── apps
├── bin
├── config.toml
├── hosts
│ └── 127.0.0.1
│ ├── README.md
│ └── recon
├── Makefile
├── README.md -> report/sections/README.md
├── recon
│ └── domains
└── report
├── findings
│ └── first-finding
│ ├── 00-metadata.md
│ ├── affected_assets.md
│ ├── recommendations.md
│ ├── references.md
│ ├── steps_to_reproduce.md
│ └── summary.md
├── sections
│ └── README.md
└── static
A free form place to store applications. So far no magic here. Open to suggestions
Every operation is different; use this directory for one off operation scripts.
This is where hosts information is stored. Host directories will typically be named after the host IPv4 or IPv6 address, but a hostname should work (untested). Every host should have README.md and hostname files, as well as recon and loot directories.
The recon directory in the operation root will contain all the recon for the operation as a whole. when doing host specific recon it should be in the host's recon directory.
Every operation should have findings! This is where to store that information.
to start an op:
arsenic init opname
echo example.com >> scope-domains.txt
arsenic discoverNext we check what hosts we have.
arsenic analyzeIf there is something you dont want to scan, blacklist it and re run until you have what you want.
Now you can review things, blacklist things.
arsenic config -sThen simply add the domain to the blacklist.domains array
Once you have everything you want, run:
arsenic analyze -cThis will create your directories in hosts/. Now you can run.
arsenic reconThis will probably take a while... but when its done you should have port scans, content discovery, and screen shots.
Working with friends? Not a problem. arsenic-hugo should make it easier to see the big picture.
export REVIEWER='defektive'
ar-mark-reviewed.sh 192.168.0.1 # this will set reviewer = 'defektive' in the README for the host
arsenic hosts -uOh goodie!! This is all still very much a WIP, but it should get better as it gets used more. Assuming you already have go setup and your arsenic is in $HOME/opt or /opt, to get started:
cd arsenic
go installNow you should be able to run arsenic. If not something is wrong.
- Arsenic is intended to be checked out along side other similarly purposed tools in an
opt/directory. - Arsenic will automatically add the
bin/directory of sibling directories (eg:opt/arsenic/bin,opt/xe/bin) to your$PATH
- curl
- aquatone
- ncat
- nmap
- awk
- sed
- grep
- figlet
- exploitdb (searchsploit)