kmdn-ch/phantom-ethical-redteam

# Phantom – 道德红队 **自主红队代理 — 适用于任何 LLM** 使用 Nuclei、sqlmap、ffuf、高级侦察和社会工程学模板 — 仅限授权范围内。  ## 功能 - 具备逐步推理 + 自动修正能力的自主代理 - 在任何受支持的 LLM 上原生调用工具（Nuclei、sqlmap、ffuf、recon、bettercap、cleanup、phishing 模板） - 完整日志记录 + 自动清理临时文件 - 每隔 N 轮暂停 — 人工可停止、继续或强制生成报告 - 社会工程学仅限于教育模板（未经人工确认不会实际发送） ## 支持的 LLM 提供商 | 提供商 | 默认模型 (2026-03-15) | API key 环境变量 | |---|---|---| | Anthropic (Claude) | `claude-sonnet-4-6` | `ANTHROPIC_API_KEY` | | OpenAI (ChatGPT) | `gpt-5.4` | `OPENAI_API_KEY` | | xAI (Grok) | `grok-4-20-beta` | `XAI_API_KEY` | | Google (Gemini) | `gemini-3.0-pro` | `GEMINI_API_KEY` | | Mistral | `mistral-large-latest` | `MISTRAL_API_KEY` | | DeepSeek | `deepseek-chat-v3.2` | `DEEPSEEK_API_KEY` | | Ollama (本地) | `deepseek-r1:3.2` | *(无)* | ## 内置工具 | 工具 | 角色 | |---|---| | Nuclei | CVE / 配置错误扫描 | | sqlmap | SQL 注入检测与利用 | | ffuf | 目录与端点模糊测试 | | recon | 被动侦察（DNS, WHOIS, headers） | | bettercap | 网络 MITM, ARP 探测（仅限 Linux） | | Zphisher | 钓鱼页面模板（教育用途，仅限 Linux） | | CyberStrikeAI | AI 原生编排器 — 100+ 工具 | ## 安装 ### Linux 运行安装程序 — 它将以交互方式引导您完成每一步： ``` ./install.sh ``` ``` [ STEP 0 / 3 ] LLM Provider 1) Anthropic (Claude sonnet-4-6) 2) OpenAI (ChatGPT 5.4) 3) xAI (Grok 4.20 Beta) 4) Google (Gemini 3) 5) Mistral 6) DeepSeek 3.2 7) Ollama (local — deepseek-r1:3.2) Choose provider [1-7] : 1 ✅ Provider selected : ANTHROPIC [ STEP 1 / 3 ] API Key Enter your ANTHROPIC_API_KEY : sk-ant-... ✅ API key saved to .env [ STEP 2 / 3 ] Authorized Scope Target URL : https://someth1ng.com Authorization note : Pentest contract signed 2026-03-15 Engagement date : 2026-03-15 ✅ Scope saved to scopes/current_scope.md [ STEP 3 / 3 ] Installing dependencies... ✅ Installation complete ! export $(cat .env) export PATH=$PATH:$(pwd)/bin python agent/main.py ``` ### Windows (PowerShell) ``` .\install.ps1 ``` 同样的交互流程（提供商 → API key → 范围 → 依赖项）。 Windows 限制：`bettercap` 和 `zphisher` 需要 WSL2。 安装程序会处理所有事务：提供商选择、API key 验证、范围强制执行、Python 包以及外部工具。 ## 真实示例 — Web 应用程序渗透测试 ### 背景 您是一名受雇测试 `https://someth1ng.com` 安全性的红队成员。 客户已签署交战规则 (Rules of Engagement) 文件。范围仅限于该域名及其子域名。 ### 步骤 1 — 安装与配置 运行 `./install.sh` 并按照提示操作（API key + 目标 URL）。完成 — 无需手动编辑文件。 ### 步骤 2 — 启动 Phantom ``` python agent/main.py ``` ``` 🚀 Phantom - Ethical RedTeam v1.5.0 Mode : AUTONOME TOTAL Scope : https://someth1ng.com — Pentest contract signed 2026-03-15... ``` ### 步骤 3 — Phantom 自主推理并行动 Phantom 贯彻标准杀伤链 (kill chain)，叙述每一个决策： ``` 🤖 Phantom : Starting mission on https://someth1ng.com. Result obtained: scope confirmed. Analysis: I will begin with passive recon before any active scan. Next optimal action: run_recon on the target. Reason: passive data collection has zero impact on availability. 🔧 Execution : run_recon → DNS records, WHOIS, HTTP headers, tech stack fingerprinting... 🤖 Phantom : Result obtained: Apache 2.4.51, PHP 8.0, WordPress 6.1. Analysis: WordPress 6.1 is EOL — multiple known CVEs. Apache version exposed. Next optimal action: run_nuclei with wordpress templates. Reason: high probability of CVE hits before any brute-force or injection. 🔧 Execution : run_nuclei → Target: https://someth1ng.com, templates: http/cves, severity: critical 🤖 Phantom : Result obtained: 3 findings — CVE-2023-2745 (path traversal), CVE-2022-3590 (SSRF via pingback), misconfigured xmlrpc.php. Analysis: CVE-2023-2745 exploitable without auth — direct path to /etc/passwd. Next optimal action: run_sqlmap on login endpoint discovered by ffuf. Reason: parallel track — test both path traversal and SQL injection. 🔧 Execution : run_ffuf → Discovered: /admin, /wp-login.php, /api/v1/users, /backup.zip 🔧 Execution : run_sqlmap → Target: https://someth1ng.com/api/v1/users?id=1 → Injection found: UNION-based, 4 columns — database: someth1ng_prod 🤖 Phantom : Result obtained: SQLi confirmed, partial dump acquired. Analysis: standard tools exhausted on web layer. Internal network segment (192.168.1.0/24) is in scope — MITM probe warranted. Next optimal action: run_bettercap on eth0. Reason: ARP probe will map live hosts and expose unencrypted traffic. 🔧 Execution : run_bettercap → Interface: eth0, module: net.probe, duration: 30s → 14 live hosts discovered — 3 running HTTP on port 80 (no TLS) 🤖 Phantom : Result obtained: 3 unencrypted internal services exposed. Analysis: web fingerprinting of internal hosts shows legacy Apache 2.2 with no patch history. Standard CVE templates yielded 0 hits. Escalating to full tool suite. Next optimal action: run_cyberstrike on 192.168.1.42. Reason: legacy target requires deeper enumeration beyond nuclei/ffuf scope. 🔧 Execution : run_cyberstrike → Target: 192.168.1.42, role: redteam, skill: full-scan → 7 critical findings — LFI, exposed .git repo, default credentials on /manager → Achieved RCE via Tomcat manager upload (CVE-2019-0232) ``` 10 轮之后，Phantom 暂停： ``` ⏸️ Pause after 10 steps (mode autonome). Entrée = continue | 'stop' = stop | 'report' = force report : ``` 您查看 `logs/agent.log` 中的日志，然后按 Enter 继续 — 或输入 `report` 立即获取执行摘要。 ### 步骤 4 — 任务完成 ``` 🤖 Phantom : Objectives achieved. Generating final report. === MISSION COMPLETE === **Executive Summary** app.someth1ng.com presents 3 critical vulnerabilities exploitable without authentication. **Critical findings** 1. CVE-2023-2745 — WordPress path traversal → arbitrary file read (PoC: /wp-admin/?action=..&page=../../../etc/passwd) 2. SQL injection on /api/v1/users?id= → full database dump (someth1ng_prod, 12 tables, 4 200 users) 3. /backup.zip publicly accessible → contains database credentials in plaintext 4. Internal host 192.168.1.42 — RCE via Tomcat manager (CVE-2019-0232), default credentials 5. 3 internal services transmitting data over unencrypted HTTP (bettercap ARP probe) **Recommendations** - Patch WordPress to 6.5+ immediately - Parameterize all SQL queries — use prepared statements - Remove /backup.zip and audit all publicly accessible backup files - Disable xmlrpc.php if not required - Enforce TLS on all internal services - Rotate Tomcat manager credentials and restrict access to localhost ``` 所有发现均位于 `logs/` 中 — 准备好导入您的报告。 ## 配置 `config.yaml`: ``` provider: "anthropic" # anthropic | openai | grok | gemini | ollama | mistral model: "" # leave empty for provider default autonomous: true max_autonomous_turns: 50 pause_every_n_turns: 10 ``` 安装程序会将 API key 写入 `.env` 并自动在 `config.yaml` 中设置提供商。若要手动启动： ``` # Linux export $(cat .env) export PATH=$PATH:$(pwd)/bin python agent/main.py # Windows (PowerShell) foreach ($line in Get-Content .env) { [System.Environment]::SetEnvironmentVariable($line.Split("=")[0], $line.Split("=",2)[1]) } $env:PATH += ";$PWD\bin" python agent\main.py ``` 若要切换提供商或在任务之间更改目标，请重新运行安装程序或直接编辑 `config.yaml` 和 `scopes/current_scope.md`。 ## 法律声明 此工具仅用于授权渗透测试。针对您未获得书面测试权限的系统运行它是非法的。作者不对滥用行为负责。

标签：AI安全, Burp Suite, Chat Copilot, CISA项目, Claude, CTF工具, CVE检测, DLL 劫持, ESC8, ffuf, FTP漏洞扫描, Google, HackTheBox, Nuclei, OWASP ZAP, sqlmap, TryHackMe, 大语言模型, 安全编排, 密码管理, 数据展示, 漏洞搜索, 社会工程学, 红队, 结构化查询, 网络攻击模拟, 自主智能体, 自动化安全, 逆向工具