Adding Metasploit to HuntDown
In the rapidly changing realm of cybersecurity, there has been a marked increase in the demand for effective and user-friendly penetration testing tools. This dissertation endeavors to introduce an automated penetration testing tool that is seamlessly incorporated with the Metasploit Framework. The...
| Autor: | |
|---|---|
| Tipo de recurso: | tesis de maestría |
| Fecha de publicación: | 2024 |
| País: | España |
| Institución: | Universitat Politècnica de Catalunya (UPC) |
| Repositorio: | UPCommons. Portal del coneixement obert de la UPC |
| Idioma: | inglés |
| OAI Identifier: | oai:upcommons.upc.edu:2117/420733 |
| Acceso en línea: | https://hdl.handle.net/2117/420733 |
| Access Level: | acceso abierto |
| Palabra clave: | Computer security Penetration testing (Computer security) Cybersecurity Metasploit Automated Penetration Testing HuntDown Exploits Seguretat informàtica Prova de penetració (Seguretat informàtica) Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica |
| Sumario: | In the rapidly changing realm of cybersecurity, there has been a marked increase in the demand for effective and user-friendly penetration testing tools. This dissertation endeavors to introduce an automated penetration testing tool that is seamlessly incorporated with the Metasploit Framework. The tool is designed to be accessible to individuals with limited technical proficiency, featuring a simplified and intuitive interface. Developed using Go and integrated into the HuntDown application, it aims to automate the execution of exploits against target servers, thus minimizing the necessity for manual intervention. This automation assumes particular significance in light of the escalating intricacy of security environments, the frequency of requisite testing, and the burgeoning skills gap in the industry. The architectural framework of this tool encompasses several pivotal technologies, including a Metasploit RPC server for attack execution, a JSON parser for data management, and a user interface based on React.js to facilitate user interaction. The tool’s functionality was rigorously assessed and validated through the utilization of a vulnerable Metasploitable virtual machine, conclusively demonstrating its ability to exploit known vulnerabilities with consistent success. A comparative analysis with prevalent penetration testing tools, such as Nessus, OpenVAS, and Burp Suite, accentuates this tool’s distinctive strengths, particularly its seamless integration with Metasploit for exploitation and post-exploitation activities. Notwithstanding certain limitations, such as its reliance on the Metasploit framework and a narrower scope of vulnerability scanning in comparison to competitors, this tool proves to be a valuable inclusion in the cybersecurity arsenal. |
|---|