Adding Metasploit to HuntDown

In the rapidly changing realm of cybersecurity, there has been a marked increase in the demand for effective and user-friendly penetration testing tools. This dissertation endeavors to introduce an automated penetration testing tool that is seamlessly incorporated with the Metasploit Framework. The...

Descripción completa

Detalles Bibliográficos
Autor: Stanescu, Horia Andrei
Tipo de recurso: tesis de maestría
Fecha de publicación:2024
País:España
Institución:Universitat Politècnica de Catalunya (UPC)
Repositorio:UPCommons. Portal del coneixement obert de la UPC
Idioma:inglés
OAI Identifier:oai:upcommons.upc.edu:2117/420733
Acceso en línea:https://hdl.handle.net/2117/420733
Access Level:acceso abierto
Palabra clave:Computer security
Penetration testing (Computer security)
Cybersecurity
Metasploit
Automated Penetration Testing
HuntDown
Exploits
Seguretat informàtica
Prova de penetració (Seguretat informàtica)
Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica
Descripción
Sumario:In the rapidly changing realm of cybersecurity, there has been a marked increase in the demand for effective and user-friendly penetration testing tools. This dissertation endeavors to introduce an automated penetration testing tool that is seamlessly incorporated with the Metasploit Framework. The tool is designed to be accessible to individuals with limited technical proficiency, featuring a simplified and intuitive interface. Developed using Go and integrated into the HuntDown application, it aims to automate the execution of exploits against target servers, thus minimizing the necessity for manual intervention. This automation assumes particular significance in light of the escalating intricacy of security environments, the frequency of requisite testing, and the burgeoning skills gap in the industry. The architectural framework of this tool encompasses several pivotal technologies, including a Metasploit RPC server for attack execution, a JSON parser for data management, and a user interface based on React.js to facilitate user interaction. The tool’s functionality was rigorously assessed and validated through the utilization of a vulnerable Metasploitable virtual machine, conclusively demonstrating its ability to exploit known vulnerabilities with consistent success. A comparative analysis with prevalent penetration testing tools, such as Nessus, OpenVAS, and Burp Suite, accentuates this tool’s distinctive strengths, particularly its seamless integration with Metasploit for exploitation and post-exploitation activities. Notwithstanding certain limitations, such as its reliance on the Metasploit framework and a narrower scope of vulnerability scanning in comparison to competitors, this tool proves to be a valuable inclusion in the cybersecurity arsenal.