atk > documentation > help > first steps Last update: 2004/11/06 by Marc Ruef

First Steps

Thank you very much for choosing the Attack Tool Kit (ATK). The ATK is a vulnerability scanner and exploiting framework. It is possible to detect potential flaws and exploit found vulnerabilities. Thus the ATK is a very powerfull tool for administrators, security auditors and penetration testers to secure an IT environment.

Download the latest ATK release from the official ATK project web site. Then decompress the ZIP archive into your prefered destination directory. Afterwards you are able to run the software by opening the file atk.exe in the working directory. The initialisation of the application begins and you can start your interactive ATK session. First in every ATK session you should download the latest plugin with the Plugin AutoUpdate by clicking on Plugins/Download the latest plugins.

Let us go back to the main frame that is seperated in three parts: On the top the toolbar, on the left hand the loaded plugins in the treeview and on the right side the plugin overview. You can browse the loaded plugins on the left side. If you select one of them, the whole plugin data is loaded and shown on the plugin overview textbox on the right side.

If you make a click on the selected plugin with the right mouse button, the plugin context menu is opening. If you want to start the check, select the run item. You have to choose between detection and exploitation. The detection procedure checks the existence of a vulnerability by checking such information as like the application banner. This is very stealthy because the exploit itself is not run. On the other hand you are able to run the exploit procedure to exploit the found vulnerability. This may be very important to verify the existence of a bug very accurately. But be aware that this is a real attack and some intrusion detection systems may indicate the access attempt as a hack attempt.

After the check is finished, the software indicates wether the attack was successfull or not. You are able to open the response analysis by clicking on the response icon. Or you can see the actual report by clicking on Reporting/Show report. Furthermore you are able to change the behavior of an attack by clicking on the edit icon. See the other topics of the ATK online help to get further information.