forked from SECFORCE/sparta
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhelp.html
66 lines (59 loc) · 4.8 KB
/
help.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<!DOCTYPE html>
<html lang="en-US">
<head>
<h1 id="Documentation">Documentation</h3>
<div class="entry-content">
<p>This documentation will grow organically and is a work in progress.</p>
<h3 id="configuration">Configuration</h3>
<p>At the moment, SPARTA can be configured by editing the <strong>sparta.conf</strong> file located in SPARTA’s root folder. At launch time, SPARTA checks if this file exists and if it does not, a new file is created with default values. In the future, there will be a settings menu which will remove the need to manually edit this file and will make changing the configuration easier and safer.</p>
<p><strong>WARNING: Apart from tools, do not remove any lines from sparta.conf as it could break functionality. Also, assume that setting values are case-sensitive.</strong></p>
<p> </p>
<h4 id="adding-actions">Adding new actions</h4>
<p>In SPARTA we separate actions in three classes:</p>
<ul>
<li><strong>Host Actions:</strong> are invoked by right-clicking on a <strong>host</strong> and their tool output will be stored and displayed in SPARTA</li>
<li><strong>Port Actions:</strong> are invoked by right-clicking on a <strong>port or service</strong> and their tool output will be stored and displayed in SPARTA (Eg: Nikto)</li>
<li><strong>Terminal Actions:</strong> are invoked by right-clicking on a <strong>port</strong> and will spawn an external terminal window (Eg: Connect with netcat)</li>
</ul>
<p> </p>
<p>To configure a new action the following format must be used:<br />
<center><strong><em>tool=label, command, services</em></strong></center></p>
<p><strong>tool</strong> is a unique identifier, typically the name of the tool.</p>
<p><strong>label</strong> is the text that will appear in the context menu.</p>
<p><strong>command</strong> is the command you would type in the terminal to run the tool. Note that it must be a non-interactive command. The placeholders [IP], [PORT] and [OUTPUT] when used will be replaced at run time by the right values.</p>
<p><strong>services</strong> is the list of nmap service names that the tool applies to. When you right-click on a port/service the tool will only appear in the context menu if the service was defined here. Note that this field is not used by the Host Actions for obvious reasons.</p>
<p> </p>
<p>Example:<br />
To configure the tool Nikto as a port action we would need to add the following line to the [PortActions] section in sparta.conf:</p>
<p><strong><em>nikto=Run nikto, nikto -o [OUTPUT].txt -p [PORT] -h [IP], “http,https”</em></strong></p>
<p> </p>
<p>After making changes to the configuration file, SPARTA must be restarted for changes to take effect. This won’t be the case when we implement the settings menu.</p>
<p> </p>
<h4 id="conf-auto-attacks">Configuring automated attacks</h4>
<p>You can set up SPARTA to automatically run any tool – that you have configured in the [PortActions] section of the configuration file – when a service is identified.</p>
<p>Automated attacks are enabled by default but can be disabled by editing the “enable-scheduler” option in the [GeneralSettings] section of the configuration file.</p>
<p>Automated attacks are configured in the [SchedulerSettings] section of the configuration file. The following format must be used:</p>
<p><center><strong><em>tool=services, protocol</em></strong></center></p>
<p><strong>tool</strong> is the unique identifier which was used to define the tool in the [PortActions] section.</p>
<p><strong>services</strong> is the list of services that when identified should trigger the tool to run automatically.</p>
<p><strong>protocol</strong> is the protocol of the service the tool should run on (tcp/udp).</p>
</div><!-- .entry-content -->
<h3 id="Feedback">Feedback</h3>
<p>We value your feedback as it will help us turn SPARTA into an even more awesome tool!</p>
<p>Also, since we are penetration testers and not developers there’s a chance you will find a few bugs.</p>
<p>For bug reports, feature requests or any other feedback, please use our <a href="https://github.com/SECFORCE/sparta/issues" target="_blank">issue tracker</a>.</p>
<h3 id="License-Disclaimer">License / Disclaimer</h3>
<p>SPARTA comes without warranty and is meant to be used by penetration testers during network infrastructure security assessments.</p>
<p>Both its developers and SECFORCE decline all responsibility:<br />
– in case the tool is used for malicious purposes or in any illegal context;<br />
– in case the tool crashes your system or other systems.</p>
<h3 id="Authors">Authors</h3>
<p>SPARTA was created and developed by:</p>
<p>Antonio Quina (@st3r30byt3)<br />
Leonidas Stavliotis (@lstavliotis)</p>
</div><!-- .entry-content -->
</article><!-- #post-## -->
</main><!-- #main -->
</div><!-- #primary -->
</body>
</html>