SPARTA: Network Infrastructure Pentesting GUI Toolkit
Sparta can save you a lot of time by allowing you to have point-to-click access to the toolkit and also by displaying all tool output in a convenient way. Commands and Tools are fully customisable, each tester can adjust them per needs. If you spend little time on setting up things, you’ll have more time for analysing results.
- Run nmap from SPARTA or import nmap XML output.
- Transparent staged nmap: get results quickly and achieve thorough coverage.
- Configurable context menu for each service. You can configure what to run on discovered services. Any tool that can be run from a terminal, can be run from SPARTA.
- You can run any script or tool on a service across all the hosts in scope, just with a click of the mouse.
- Define automated tasks for services (ie. Run nikto on every HTTP service, or sslscan on every ssl service).
- Default credentials check for most common services. Of course, this can also be configured to run automatically.
- Identify password reuse on the tested infrastructure. If any usernames/passwords are found by Hydra they are stored in internal wordlists which can then be used on other targets in the same network (breaking news: sysadmins reuse passwords).
- Ability to mark hosts that you have already worked on so that you don’t waste time looking at them again.
- Website screenshot taker so that you don’t waste time on less interesting web servers
nmap(for adding hosts)
hydra(the brute tab)
You can use Kali Linux since it comes with preinstalled tool, but it’ll also work in Debian-based platforms. To install
apt-get install python-elixir python-pyside.qtwebkit
cutycapt, run the following:
apt-get install nmap hydra cutycapt
Kali users, make sure you have all the tools used by SPARTA’s default configuration:
apt-get install ldap-utils rwho rsh-client x11-apps finger
Ubuntu 12.04+ (untested):
Run the following to install
apt-get install python-elixir python-qt4 xsltproc
To download/clone it form github:
cd /usr/share/ git clone https://github.com/secforce/sparta.git
Place the “sparta” file in /usr/bin/ and make it executable. To launch it, just type
sparta in terminal.
Since SPARTA uses a third-party tool Cutycapt to take screenshots, you may encounter problem with the version that is currently in Kali’s repositories. The problem is that It fails to take screenshots of HTTPS pages when self-signed certificates are in use.
A way to solve this is to compile the Cutycapt executable yourself and to specify the path to the compiled executable by editing SPARTA’s conf file. Compile in Kali with following:
% sudo apt-get install subversion libqt4-webkit libqt4-dev g++ % svn co svn://svn.code.sf.net/p/cutycapt/code/ cutycapt % cd cutycapt/CutyCapt % qmake % make % ./CutyCapt --url=http://www.example.org --out=example.png