Introduction:
If you ever participated in CTF or trying to crack up some machines on-site like hackthebox you will know what amount of effort goes into initial scanning and enumeration to get you headed on possible advancement on your kill chain. For example, starting a Nmap scan to running Nikto and eventually being able to run brute force and finding the right Metasploit exploit. What if I told you that you could do all of this by just running one tool, that’s right. SPARTA can do all these things in just a few clicks.
This will save you so much time getting results and you can focus on analyzing and thinking about the next steps. The tool integrates with NMAP, Hydra, and Nikto. This can work on any Debian-based Linux operating system since it is written in python. Still, it is recommended to use it on Kali Linux as there might be some libraries or tools missing on other Debian-based Linux distros.
Here are some features mentioned on the SECFORCE website:
– Nmap XML output importer
– Any tool that can be run from a terminal, can be run from SPARTA
– Default credentials check for most common services
– If any usernames/passwords are found by Hydra they are stored in internal wordlists which can then be used on other targets in the same network (breaking news: people reuse passwords)
– Ability to mark hosts that you have already worked on so that you don’t waste time looking at them again
– Screenshot taker so that you don’t waste time on less interesting web servers
Installation:
- Add python3 Extensions
sudo apt install python3-sqlalchemy python3-pyqt5 wkhtmltopdf
- Install some tools used by default configuration
sudo apt-get install ldap-utils rwho rsh-client x11-apps finger
- Now to git repo clone and install
cd /usr/share/
git clone https://github.com/secforce/sparta.git
Place the "sparta" file in /usr/bin/ and make it executable.
Type 'sparta' in any terminal to launch the application.
Usage:
Add the network scope:
Results: