Integration of Shodan in HuntDown
Nowadays, with the widespread of internet and online services, the need to protect these systems is increasing. One of the key and most used methods to evaluate, protect and improve security of systems is penetration testing or pentesting. Pentesting is a service consisting on attempting to access s...
| Autor: | |
|---|---|
| Tipo de recurso: | tesis de maestría |
| Fecha de publicación: | 2025 |
| País: | España |
| Institución: | Universitat Politècnica de Catalunya (UPC) |
| Repositorio: | UPCommons. Portal del coneixement obert de la UPC |
| Idioma: | inglés |
| OAI Identifier: | oai:upcommons.upc.edu:2117/450984 |
| Acceso en línea: | https://hdl.handle.net/2117/450984 |
| Access Level: | acceso abierto |
| Palabra clave: | Penetration testing (Computer security) Shodan Pentesting HuntDown Cybersecurity JSON Reconnaissance Prova de penetració (Seguretat informàtica) Àrees temàtiques de la UPC::Informàtica::Seguretat informàtica |
| Sumario: | Nowadays, with the widespread of internet and online services, the need to protect these systems is increasing. One of the key and most used methods to evaluate, protect and improve security of systems is penetration testing or pentesting. Pentesting is a service consisting on attempting to access systems and obtain as much information and as many sensitive assets as possible. In this project, we extend an existing open-source pentesting application by integrating a new attack module, Shodan, a web-based search engine for internet-connected devices. With this addition, users can leverage Shodan to analyze public devices on the internet or within their own networks by searching for open ports, services, and other relevant information. Shodan supports a wide variety of queries, and in our implementation, we have integrated the most useful ones for practical pentesting scenarios. After the executing a query, the application provides users a summarized result in the form of a synthesized table and a report, tailored to the specific search performed. This enhancement provides a crucial and valuable tool for the reconnaissance phase of an attack, which is often considered the most critical step in the pentesting process. |
|---|