Published on March 19th, 2019 📆 | 4490 Views ⚑0
Armory – A Tool Meant To Take In A Lot Of External And Discovery Data From A Lot Of Tools, Add It To A Database And Correlate All Of Related Information
First, set up some kind of virtual environment. I like virtualenvwrapper:
Clone the repo:
git clone https://github.com/depthsecurity/armory
Install the module:
python setup.py install
You will want to run
armory at least once in order to create the default config directory:
~/.armory with the default
settings.ini and settings for each of the modules.
Next edit settings.ini and modify the base_path option. This should point to the root path you are using for your current project. You should change this with every project, so you will always be using a clean database. All files generated by modules will be created in here, as well as the sqlite3 database. By default it will be within the current directory-
Usage is split into modules and reports.
Modules run tools, ingest output, and write it to the database. To see a list of available modules, type:
To see a list of module options, type:
armory -m <module> -M
Reports are similar to modules, except they are meant to pull data from the database, and display it in a usable format. To view all of the available reports:
To view available report options:
armory -r <report> -R
There is also an interactive shell which uses IPython as the base and will allow you to run commands or change database values. It can be launched with:
armory-shell. By default, the following will be available:
Domain, BaseDomains, IPAddresses, CIDRs, Users, Creds, Vulns, Ports, Urls, ScopeCIDRs.