Attack Platform

Execute security testing strategies with runbooks and attack trees.

Overview

The Attack Platform is Hive's security testing engine, providing:

• Runbooks: Pre-configured testing workflows
• Attack Trees: Multi-stage attack scenarios
• Module Library: 30+ integrated security tools
• Custom Strategies: Build your own testing approaches

Runbooks

What are Runbooks?

Runbooks are pre-configured security testing workflows that combine multiple tools and techniques.

Key Features: - Pre-built templates - Customizable parameters - Sequential execution - Automated result collection

Learn More: Runbooks Overview

Creating Runbooks

Build custom testing workflows:

1. Select security modules
2. Configure parameters
3. Define execution order
4. Set success criteria

Guide: Creating Runbooks

Built-in Runbooks

Web Application Testing: - Quick web scan - Comprehensive web audit - SSL/TLS analysis - Content discovery

Network Testing: - Port scanning - Service enumeration - Network mapping - Vulnerability scanning

Reconnaissance: - Subdomain enumeration - DNS reconnaissance - OSINT gathering - Asset discovery

Attack Trees

What are Attack Trees?

Attack trees are complex, multi-stage security testing scenarios with conditional logic and branching.

Key Features: - Conditional execution - Parallel execution - Branching logic - State management

Learn More: Creating Attack Trees

Use Cases

Red Team Operations: - Multi-phase attacks - Adaptive strategies - Stealth operations - Complex scenarios

Advanced Testing: - Conditional exploitation - Privilege escalation chains - Lateral movement - Objective-based testing

Module Library

Available Modules

Network Scanning: - Nmap - Masscan - Unicornscan

Web Testing: - Nikto - Wapiti - WhatWeb - Dirb - Gobuster

Subdomain Discovery: - Amass - Sublist3r - Subfinder - Assetfinder

Vulnerability Scanning: - Nuclei - Nessus - OpenVAS

SSL/TLS: - SSLScan - TestSSL - SSLyze

Information Gathering: - Shodan - Censys - TheHarvester

DNS Tools: - DNSRecon - Fierce - DNSEnum

See APHIDS Modules for complete list.

Execution Workflow

Running a Runbook

graph LR
    A[Select Runbook] --> B[Configure Target]
    B --> C[Set Parameters]
    C --> D[Execute]
    D --> E[Monitor Progress]
    E --> F[Review Results]

Steps: 1. Navigate to Automation Engine → Attack Platform 2. Select runbook 3. Configure target and parameters 4. Click Execute 5. Monitor in Scan Executions 6. Review results in Intelligence

Running an Attack Tree

graph LR
    A[Select Attack Tree] --> B[Configure Entry Point]
    B --> C[Set Conditions]
    C --> D[Execute]
    D --> E[Adaptive Execution]
    E --> F[Review Path Taken]

Steps: 1. Navigate to Automation Engine → Attack Platform 2. Select attack tree 3. Configure initial conditions 4. Click Execute 5. Tree executes adaptively 6. Review execution path and results

Best Practices

Runbook Design

✅ Clear Purpose: Each runbook has specific goal
✅ Logical Flow: Modules in sensible order
✅ Error Handling: Handle failures gracefully
✅ Documentation: Document purpose and usage
✅ Testing: Test before production use

Attack Tree Design

✅ Clear Objectives: Define success criteria
✅ Conditional Logic: Use conditions wisely
✅ Fallback Paths: Plan for failures
✅ State Management: Track progress
✅ Documentation: Document decision points

Execution

✅ Authorization: Always get permission
✅ Scope Verification: Confirm target in scope
✅ Rate Limiting: Don't overwhelm targets
✅ Monitoring: Watch execution progress
✅ Documentation: Record all activities

Integration

With APHIDS CLI

Execute runbooks and attack trees via CLI:

# Execute runbook
aphids-cli \
  --api-key $API_KEY \
  --runbook RUNBOOK_ID \
  --target-url https://example.com \
  --engagement ENGAGEMENT_ID

# Execute attack tree
aphids-cli \
  --api-key $API_KEY \
  --attack-tree TREE_ID \
  --target-url https://example.com \
  --engagement ENGAGEMENT_ID

See APHIDS Integration

Via API

Programmatic execution:

# Create execution
curl -X POST \
  -H "X-Api-Key: $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "runbookId": "RUNBOOK_ID",
    "target": "https://example.com",
    "engagementId": "ENGAGEMENT_ID"
  }' \
  https://api.hive.darksidesecurity.io/executions-cli/executions

See API Documentation

Quick Start

Your First Runbook

1. Navigate: Go to Automation Engine → Attack Platform
2. Select: Choose "Quick Web Scan" runbook
3. Configure: Enter target URL
4. Execute: Click Start Execution
5. Monitor: Watch progress in Scan Executions
6. Review: Check results in Intelligence → Vulnerabilities

Time: 5-10 minutes

Your First Attack Tree

1. Navigate: Go to Automation Engine → Attack Platform
2. Select: Choose "Web Application Recon" attack tree
3. Configure: Set initial target
4. Execute: Click Start Execution
5. Observe: Watch adaptive execution
6. Review: Examine execution path and findings

Time: 10-20 minutes

Troubleshooting

Runbook Won't Execute

Check: - Target is in scope - Engagement is active - Permissions sufficient - Target is reachable

Attack Tree Stuck

Verify: - Conditions are satisfiable - No circular dependencies - Timeout values appropriate - Network connectivity

No Results

Investigate: - Scan completed successfully - Target responded - Modules ran without errors - Results processed

---

Related: Runbooks Overview | Creating Attack Trees | Automation Engine