APT2: Automated Penetration Toolkit

Automated Penetration Toolkit can perform an NMap scan and import the scan results from Nexpose, Nessus and other scanning tools. The results are further used to launch exploit and enumeration modules.

All the results are stored to knowledge base of APT2 on localhost machine. The KB is accessible from within the application and allows the user to view the harvested results of an exploit module.


On kali Linux install Python-Nmap library: pip installpython-nmap


To configure APT2 to run as you desire, edit the default.cfg file in root directory.

Current options include:

Metasploit RPC API: 

APT2 can utuilize your host’s Metasploit RPC interface


Configure NMAP scan settings to include the target, scan type, scan port range, and scan flags. These settings can be configured while the program is running.


Configure the number of the threads APT2 will use.


No Options:

python apt2 or ./apt2
With Configuration File
python apt2 -C <config.txt>
Import Nexpose, Nessus, or NMap XML
python apt2 -f <nmap.xml>
Specify Target Range to Start
python apt2 -f

Safe Level:

Safe levels indicate how safe a module is to run againsts a target. The scale runs from 1 to 5 with 5 being the safest. The default configuration uses a Safe Level of 4 but can be set with the -s or –safelevel command line flags.


apt2.py [-h] [-C <config.txt>] [-f [<input file> [<input file> …]]]

               [–target] [–ip <local IP>] [-v] [-s SAFE_LEVEL] [-b]
optional arguments:
  -h, –help            show this help message and exit
  -v, –verbosity       increase output verbosity
  -s SAFE_LEVEL, –safelevel SAFE_LEVEL
                        set min safe level for modules
  -b, –bypassmenu      bypass menu and run from command line arguments
  -C <config.txt>       config file
  -f [<input file> [<input file> …]]
                        one of more input files seperated by spaces
  –target              initial scan target(s)
  –ip <local IP>       defaults to ip of interface
  –listmodules         list out all current modules


nmaploadxml               Load NMap XML File
hydrasmbpassword          Attempt to bruteforce SMB passwords
nullsessionrpcclient      Test for NULL Session
msf_snmpenumshares        Enumerate SMB Shares via LanManager OID Values
nmapbasescan              Standard NMap Scan
impacketsecretsdump       Test for NULL Session
msf_dumphashes            Gather hashes from MSF Sessions
msf_smbuserenum           Get List of Users From SMB
anonftp                   Test for Anonymous FTP
searchnfsshare            Search files on NFS Shares
crackPasswordHashJohnTR   Attempt to crack any password hashes
msf_vncnoneauth           Detect VNC Services with the None authentication type
nmapsslscan               NMap SSL Scan
nmapsmbsigning            NMap SMB-Signing Scan
responder                 Run Responder and watch for hashes
msf_openx11               Attempt Login To Open X11 Service
nmapvncbrute              NMap VNC Brute Scan
msf_gathersessioninfo     Get Info about any new sessions
nmapsmbshares             NMap SMB Share Scan
userenumrpcclient         Get List of Users From SMB
httpscreenshot            Get Screen Shot of Web Pages
httpserverversion         Get HTTP Server Version
nullsessionsmbclient      Test for NULL Session
openx11                   Attempt Login To Open X11 Servicei and Get Screenshot
msf_snmplogin             Attempt Login Using Common Community Strings
msf_snmpenumusers         Enumerate Local User Accounts Using LanManager/psProcessUsername OID Values
httpoptions               Get HTTP Options
nmapnfsshares             NMap NFS Share Scan
msf_javarmi               Attempt to Exploit A Java RMI Service
anonldap                  Test for Anonymous LDAP Searches
ssltestsslserver          Determine SSL protocols and ciphers
gethostname               Determine the hostname for each IP
sslsslscan                Determine SSL protocols and ciphers
nmapms08067scan           NMap MS08-067 Scan
msf_ms08_067              Attempt to exploit MS08-067
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Exploit Heartbleed using Metasploit in Kali Linux

Heartbleed vulnerability (registered as CVE-2014-0160) is a security bug present in the older version of OpenSSL cryptographic library. OpenSSL is a cryptographic toolkit used...

How to Install Parrot Security OS on VirtualBox in 2020

Parrot Security OS is a free GNU/LINUX distribution, released on 10th April 2013. It is a mixture of Kali Linux and Frozenbox OS, aims to...

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...