Article directory
Preface
ARL (Asset Reconnaissance Lighthouse) is designed to quickly discover and organize corporate extranet assets and build a basic database for the assets. It can actively discover and identify assets without login credentials or special access, allowing Party A's security team or penetration testers to quickly Find vulnerabilities in designated enterprise assets, reduce the possibility of assets being exploited by threats, and avoid possible adverse effects.
1. Preparation
1. System requirements:
Currently, Windows is not supported. It is recommended to use Docker for Linux and MAC. The system configuration is at least 2 cores and 4G.
Since there will be a large number of outsourcing during the automatic asset discovery process, it is recommended to use cloud servers to bring a better experience.
2. Experimental environment: VM platform + KALI
2. Install docker and docker-compose
sudo apt-get update
sudo apt install docker.io
sudo docker version
If the download speed is very slow, it is recommended to update the default source of kali. It is recommended to use Alibaba’s source download
Then install docker-compose. In fact, just download it directly
sudo apt install docker-compose
sudo docker-compose version
3. Install ARL lighthouse
sudo apt-get update
git clone https://github.com/TophantTechnology/ARL
If cloning doesn’t work, it doesn’t matter. You can also directly visit this website to download the resources and put them into Kali.
Then enter the docker directory under the ARL directory to create a container data volume
sudo su (输入密码)
docker volume create --name=arl_db
Then launch
Then type the following command in the ARL/docker folder:
docker-compose pull
docker-compose up -d
docker-compose stop //停止服务
docker-compose start //启动服务
docker-compose restart //重启服务
Check the startup status:
docker container ls
4. Log in to ARL Lighthouse
The lighthouse address is: https://[virtual machine ip]:5003
Enter the login interface, the default account password is (admin/arlpass):
It has been set up here. Let’s continue exploring for subsequent use!
In addition, the fofa account needs to be filled in ARL/app/config.py