Published on March 19th, 2019 📆 | 3336 Views ⚑
0Armory – A Tool Meant To Take In A Lot Of External And Discovery Data From A Lot Of Tools, Add It To A Database And Correlate All Of Related Information
[adsense size='1']
Installation
Prerequisites
First, set up some kind of virtual environment. I like virtualenvwrapper:
http://virtualenvwrapper.readthedocs.io/en/latest/install.html
Actually installing
Clone the repo:
git clone https://github.com/depthsecurity/armory
Install the module:
python setup.py install
You will want to run armory
at least once in order to create the default config directory: ~/.armory
with the default settings.ini
and settings for each of the modules.
Next edit settings.ini and modify the base_path option. This should point to the root path you are using for your current project. You should change this with every project, so you will always be using a clean database. All files generated by modules will be created in here, as well as the sqlite3 database. By default it will be within the current directory-.
[adsense size='1']
Usage
Usage is split into modules and reports.
Modules
Modules run tools, ingest output, and write it to the database. To see a list of available modules, type:
armory -lm
To see a list of module options, type:
armory -m <module> -M
Reports
Reports are similar to modules, except they are meant to pull data from the database, and display it in a usable format. To view all of the available reports:
armory -lr
To view available report options:
armory -r <report> -R
Interactive Shell
There is also an interactive shell which uses IPython as the base and will allow you to run commands or change database values. It can be launched with: armory-shell
. By default, the following will be available: Domain, BaseDomains, IPAddresses, CIDRs, Users, Creds, Vulns, Ports, Urls, ScopeCIDRs
.
Gloss