# Exploitation Frameworks > Frameworks e ferramentas focados em exploração de vulnerabilidades, execução de payloads e pos-exploração ofensiva. Inclui frameworks multi-protocolo (Impacket, Metasploit), ferramentas de injecao de código (Donut), SQLi (sqlmap) e bypassers de UAC. Cobre principalmente as táticas **Execution (TA0002)**, **Privilege Escalation (TA0004)** e **Lateral Movement (TA0008)**. ```mermaid graph TB VULN["💀 Vulnerabilidade<br/>Identificada"] subgraph EXPLOIT["💥 Frameworks de Exploracao"] MSF["Metasploit<br/>Framework multi-modulo"] IMP["Impacket<br/>SMB, Kerberos, WMI"] PS["PowerSploit<br/>PowerShell ofensivo"] SQL["sqlmap<br/>SQL Injection automatizado"] UAC["UACMe<br/>UAC Bypass - 60+ metodos"] DON["Donut<br/>Shellcode de payloads .NET"] end subgraph POS["🏃 Pos-Exploracao"] PRIV["Privilege Escalation<br/>SYSTEM / Domain Admin"] LAT["Lateral Movement<br/>SMB, WMI, RDP"] EXEC["Execution<br/>Shellcode, scripts, DLLs"] end VULN --> EXPLOIT EXPLOIT --> POS style VULN fill:#e74c3c,color:#fff style EXPLOIT fill:#1a1a2e,color:#fff style POS fill:#16213e,color:#fff style MSF fill:#e74c3c,color:#fff style IMP fill:#c0392b,color:#fff style PS fill:#922b21,color:#fff style SQL fill:#641e16,color:#fff style UAC fill:#7b241c,color:#fff style DON fill:#4a235a,color:#fff ``` > [!warning] Frameworks de Pentest > Estas ferramentas sao a base de red teams e pentests profissionais. Sua presenca em logs de segurança pode indicar tanto atividade legitima de teste quanto ataque real - contexto e essencial para triage. ## TTPs Associados - **[[t1190-exploit-public-facing-application|T1190]]** - Exploit de aplicação pública - **[[t1059-command-and-scripting-interpreter|T1059]]** - Interpretador de scripts e comandos - **[[t1548-abuse-elevation-control-mechanism|T1548]]** - UAC Bypass, SUID/GUID - **[[t1210-exploitation-of-remote-services|T1210]]** - Exploração de servicos remotos - **[[t1550-use-alternate-authentication-material|T1550]]** - Pass-the-Hash via Impacket Mitigacoes relevantes: - **[[_mitigations|Hub de Mitigacoes]]** - controles M-series aplicaveis - **[[_defenses|Hub Defensivo]]** - deteccoes e playbooks ## Catalogo %% ```dataview TABLE WITHOUT ID link(file.link, title) AS "Ferramenta", aliases AS "Aliases", status AS "Status" FROM "cti/software/tools/exploitation" WHERE type = "malware" OR type = "tool" SORT title ASC ``` %% <!-- QueryToSerialize: TABLE WITHOUT ID link(file.link, title) AS "Ferramenta", aliases AS "Aliases", status AS "Status" FROM "cti/software/tools/exploitation" WHERE type = "malware" OR type = "tool" SORT title ASC --> <!-- SerializedQuery: TABLE WITHOUT ID link(file.link, title) AS "Ferramenta", aliases AS "Aliases", status AS "Status" FROM "cti/software/tools/exploitation" WHERE type = "malware" OR type = "tool" SORT title ASC --> | Ferramenta | Aliases | Status | | --------------------------------------------------------------------------- | ---------------------------------------------------------------------------------- | ------ | | [[s0488-crackmapexec\|CrackMapExec]] | <ul><li>CrackMapExec</li></ul> | active | | [[darksword\|DarkSword]] | <ul><li>DarkSword</li><li>Dark Sword</li><li>DarkSword iOS</li></ul> | active | | [[s0695-donut\|Donut]] | <ul><li>Donut</li></ul> | active | | [[s0224-havij\|Havij]] | <ul><li>Havij</li></ul> | active | | [[s0357-impacket\|Impacket]] | <ul><li>Impacket</li><li>fortra/impacket</li></ul> | active | | [[s0231-invoke-psimage\|Invoke-PSImage]] | <ul><li>Invoke-PSImage</li></ul> | active | | [[maestro-toolkit\|MAESTRO]] | <ul><li>MAESTRO</li><li>Maestro Toolkit</li><li>Maestro ESXi Exploit Kit</li></ul> | active | | [[metasploit\|Metasploit]] | <ul><li>Metasploit Framework</li></ul> | active | | [[s0194-powersploit\|PowerSploit]] | <ul><li>PowerSploit</li></ul> | active | | [[cti/software/tools/exploitation/psexec.md\|PsExec]] | <ul><li>PsExec</li></ul> | active | | [[s0029-psexec\|PsExec]] | <ul><li>PsExec</li><li>psexec.exe</li><li>Sysinternals PsExec</li></ul> | active | | [[s0174-responder\|Responder]] | <ul><li>Responder</li></ul> | active | | [[s0225-sqlmap\|sqlmap]] | <ul><li>sqlmap</li></ul> | active | | [[s0116-uacme\|UACMe]] | <ul><li>UACMe</li></ul> | active | <!-- SerializedQuery END --> ## Navegacao - [[_tools|Tools Hub]] - visao geral de todas as ferramentas - [[_software|Software Hub]] - malware + tools - [[_cti|CTI Hub]] - hub central de inteligência