Skip to content

Kim-San04/ares

Repository files navigation

                                       █████╗ ██████╗ ███████╗███████╗
                                      ██╔══██╗██╔══██╗██╔════╝██╔════╝
                                      ███████║██████╔╝█████╗  ███████╗
                                      ██╔══██║██╔══██╗██╔══╝  ╚════██║
                                      ██║  ██║██║  ██║███████╗███████║
                                      ╚═╝  ╚═╝╚═╝  ╚═╝╚══════╝╚══════╝

Autonomous Reconnaissance & Exploitation System

Version Python Metasploit Groq AI Kali Linux License Lab Only

⚠️ For authorized lab environments only — HackTheBox · TryHackMe · Personal VMs


🎯 What is it?

ares is a fully autonomous penetration testing agent that combines Nmap, Metasploit, AI decision-making via Groq, and a suite of offensive tools into a single CLI. It executes a full attack chain — recon → exploitation → post-exploitation — without human intervention, and generates professional PDF/JSON reports.


💻 Demo — Real Terminal Output

$ python main.py --target 172.20.10.2 --agent

[*] Starting ARES v6.2.1 — Target: 172.20.10.2
[*] Phase 1 — Passive Recon: WHOIS, DNS, Shodan fingerprint...
[*] Phase 2 — Active Scan: Nmap 3-pass (host discovery → ports → services)
[*] 23 ports discovered — Attack surface score: 95/100
[*] AI analysis (Groq Llama-3.3-70b): CVE-2009-3843 identified → tomcat_mgr_deploy
[*] Phase 3 — Exploitation: Launching Metasploit RPC...
[*] Module: exploit/multi/http/tomcat_mgr_deploy → RHOST=172.20.10.2
[+] Session opened → Meterpreter shell active
[*] Phase 4 — Post-Exploitation: uid=daemon → escalating...
[*] GTFOBins + distcc_rce privilege escalation...
[+] uid=0(root) euid=0(root) — ROOT ACCESS ACHIEVED
[*] Credential harvesting: /etc/shadow → 7 hashes extracted
[+] Backdoor installed: SSH key injected + crontab persistence
[+] shell> whoami → root
[+] Report generated: report_172.20.10.2_20250607_142310.pdf

✨ Features

Module Features
🔍 Passive Recon WHOIS, DNS enumeration, subdomain discovery, Shodan, HTTP fingerprinting
📡 Active Scan Nmap 3-pass (host discovery, full port scan, service/version detection)
🌐 Web Enumeration Directory bruteforce, sensitive file detection, CMS fingerprinting
🔧 Service Enum SMB, LDAP, FTP, SSH banner grabbing
🤖 AI Decision Engine Groq Llama-3.3-70b: CVE suggestions, exploit selection, attack vector scoring
💥 Exploitation Metasploit RPC, SQLMap, Hydra, Nikto, WPScan, SearchSploit integration
🔐 Post-Exploitation Credential harvesting, GTFOBins privesc, distcc_rce, persistence (SSH + crontab)
🌍 Network Pivot SOCKS5 routing, ARP scan, network mapping
📱 Android WiFi Attack Deauth, Evil Twin, WPS Pixie Dust, PMKID capture
🍎 iOS Audit MDM profile analysis, iCloud bypass, jailbreak detection
📡 Wireless Attacks WPA2 handshake capture, PMKID, deauth flood, Kismet integration
🎣 Phishing Custom HTML page cloning, credential capture server
🔎 OSINT Username enumeration (Sherlock), email breach check, metadata extraction
🖼️ Steganography LSB detection, hidden data extraction, image forensics
📊 Reporting PDF (colored by criticality), HTML dashboard, JSON export, CVSS v3.1 scoring

✅ Validated Results — Metasploitable 2

Metric Result
🎯 Target Metasploitable 2 (172.20.10.2)
🔍 Ports discovered 23 open ports
📊 Attack surface score 95 / 100
💥 Exploit selected by AI tomcat_mgr_deploy (CVE-2009-3843)
🔐 Access level ROOT (uid=0)
🗝️ Credentials harvested 7 password hashes (/etc/shadow)
🔒 Persistence SSH backdoor + crontab installed
⏱️ Total time ~4 minutes (full chain, zero interaction)
📄 Report PDF + JSON generated automatically

🚀 Quick Start

# 1. Clone the repository
git clone https://github.com/Kim-San04/ares
cd ares

# 2. Install dependencies
pip install -r requirements.txt

# 3. Configure environment
cp .env.example .env
# Edit .env with your API keys

# 4. Start Metasploit RPC (required for exploitation)
msfrpcd -P msfrpc_password -S -a 127.0.0.1

# 5. Launch the agent
python main.py --target <IP|CIDR|domain> --agent

🎮 Usage

python main.py --target <target> [options]
Option Description Example
--target IP, CIDR, or domain --target 192.168.1.0/24
--agent Full autonomous AI agent mode --agent
--scan Network scan + report only --scan
--passive-only Passive recon, no active scanning --passive-only
--android Android WiFi attack menu --android
--ios iOS security audit --ios
--wireless Wireless attack suite --wireless
--phishing Phishing campaign setup --phishing
--osint OSINT reconnaissance --osint
--stego Steganography analysis --stego
--verbose Verbose output --verbose
--delay Delay between probes (seconds) --delay 2
--output Output directory --output ./results

🏗️ Architecture

ares/
├── main.py                  # Entry point & CLI
├── agent/
│   ├── core.py             # AI decision engine (Groq)
│   ├── recon.py            # Passive & active recon
│   ├── scanner.py          # Nmap integration (3-pass)
│   ├── exploitation.py     # Metasploit RPC + tools
│   ├── post_exploit.py     # Post-exploitation & persistence
│   └── report.py           # PDF/HTML/JSON reporting
├── modules/
│   ├── android_wifi.py     # Android WiFi attack suite
│   ├── ios_audit.py        # iOS security analysis
│   ├── wireless.py         # Wireless attack tools
│   ├── phishing.py         # Phishing framework
│   ├── osint.py            # OSINT recon tools
│   └── stego.py            # Steganography analysis
├── templates/              # Report HTML templates
├── wordlists/              # Bruteforce dictionaries
├── .env.example            # Environment configuration
├── requirements.txt        # Python dependencies
├── GUIDE.md                # Complete usage guide (EN)
├── GUIDE.fr.md             # Guide complet (FR)
└── CHANGELOG.md            # Version history

📜 Version History

Version Phase Key Features
v1.0.0 Phase 1 Passive recon, Nmap 3-pass, Shodan, AI analysis, PDF/JSON reports
v2.0.0 Phase 2 Colored PDF, HTML dashboard, Flask UI, CVSS v3.1, FR/EN bilingual
v3.0.0 Phase 3 Metasploit RPC automation, SQLMap, Hydra, Nikto, WPScan, auto-exploit
v4.0.0 Phase 4 Post-exploitation, credential harvesting, GTFOBins privesc, SOCKS5 pivot
v5.0.0 Phase 5 Reactive AI agent, event loop, auto privesc, SSH + crontab backdoors
v6.0.0 Phase 6 Android WiFi attacks, iOS audit, wireless suite, phishing, OSINT, stego
v6.2.1 Current Bug fixes, performance improvements, improved AI decision tree

📋 Requirements

Python 3.10+
Kali Linux (recommended) or Parrot OS
Nmap 7.x
Metasploit Framework 6.x
Groq API key (free tier available)

Optional tools (auto-detected):
- sqlmap, hydra, nikto, wpscan, searchsploit
- aircrack-ng, airmon-ng, kismet
- sherlock, exiftool, steghide, binwalk

⚙️ Configuration

Create your .env file from the template:

cp .env.example .env
GROQ_API_KEY=gsk_xxxxxxxxxxxxxxxxxxxxxxxxxxxx
SHODAN_API_KEY=your_shodan_key_here
MSF_RPC_HOST=127.0.0.1
MSF_RPC_PORT=55553
MSF_RPC_PASSWORD=msfrpc_password
REPORT_OUTPUT_DIR=./output

🔒 Legal Disclaimer

⚠️ THIS TOOL IS FOR AUTHORIZED PENETRATION TESTING ONLY ⚠️

ares is designed exclusively for use in controlled lab environments: HackTheBox, TryHackMe, DVWA, and personal virtual machines.

Using this tool against systems without explicit written authorization is ILLEGAL and may result in criminal prosecution under computer fraud laws.

The author assumes no liability for any misuse of this software. Use responsibly. Hack legally.


Built by Kim-San04

LinkedIn Portfolio

⭐ Star this repo if you find it useful — it helps a lot!