_
dM.
,MMb
d'YM. ___ __ ___ __ __ _____ ___ __ ____ ___
,P `Mb `MM 6MM `MM 6MMb 6MMb 6MMMMMb `MM 6MM `MM( )M'
d' YM. MM69 " MM69 `MM69 `Mb 6M' `Mb MM69 " `Mb d'
___,P____Mb___MM______MM____MM____MM_MM_____MM_MM_______YM.__,P___
d' YM. MM MM MM MM MM MM MM MM M \
__,MMMMMMMMb__MM______MM____MM____MM_MM_____MM_MM________`Mbd'_____\
d' YM. MM MM MM MM YM. ,M9 MM YMP
_dM_ _dMM_MM_ _MM_ _MM_ _MM_ YMMMMM9 _MM_ M
d'
(8),P
YMM
Armory is a tool meant to take in a lot of external and discovery data from a lot of tools, add it to a database and correlate all of related information. It isn't meant to replace any specific tool. It is meant to take the output from various tools, and use it to feed other tools.
Additionally, it is meant to be easily extendable. Don't see a module for your favorite tool? Write one up! Want to export data in just the right format for your reporting? Create a new report!
First, you will require the MySQL db header files for mysqlclient
which can be installed with the
following commands on the respective hosts:
- Kali:
sudo apt install libmariadb-dev
- Arch:
sudo pacman -S mariadb-libs
Afterwards, set up some kind of virtual environment. I like virtualenvwrapper.
Clone the repo:
git clone https://github.com/depthsecurity/armory
Install the module:
python setup.py install
You will want to run armory
at least once in order to create the default config directory: ~/.armory
with the default settings.ini
and settings for each of the modules.
Next edit settings.ini and modify the base_path option. This should point to the root path you are using for your current project. You should change this with every project, so you will always be using a clean database. All files generated by modules will be created in here, as well as the sqlite3 database. By default it will be within the current directory-.
Usage is split into modules and reports.
Modules run tools, ingest output, and write it to the database. To see a list of available modules, type:
armory -lm
To see a list of module options, type:
armory -m <module> -M
Reports are similar to modules, except they are meant to pull data from the database, and display it in a usable format. To view all of the available reports:
armory -lr
To view available report options:
armory -r <report> -R
There is also an interactive shell which uses IPython as the base and will allow you to run commands or change database values. It can be launched with: armory-shell
.
By default, the following will be available: Domain, BaseDomains, IPAddresses, CIDRs, Users, Creds, Vulns, Ports, Urls, ScopeCIDRs
.