Showing posts from June, 2011

Automating Penetration Tests - Part 2

This is part 2 of the article, click here to read part 1 of the article. Modern Approaches to Attack Graphs Generation and Analysis In the modern approach, attack graphs are generated without the full knowledge about the network – which represents real-world scenarios. Then during the attack phase, the rest of the information is learned and the attack graph is altered accordingly. A planner or an intelligent mechanism such as a neural network is used to analyze the graphs and then to generate attacks. There are two notable research papers that discuss on attack planning. Ghosh and Ghosh proposed a new approach to attack planning using a planner [35]. Then Obes et al. have used the same concept and integrated the planner to a penetration testing framework to successfully conduct a penetration test [36].

Automating Penetration Tests - Part 1

This article is written based on the literature survey of my Master's theses on Automating Penetration Tests. The main objective of this research is to look into ways that penetration tests can be automated. However, I strongly believe that the capabilities of a good penetration tester cannot be automated using a computer program. So the intention is to automate systematic steps of penetration tests to save time and effort for the penetration tester. Basic Automation of Penetration tests There have been various attempts to simplify penetration tests by automating various steps of the penetration test. The simplest attempt is Autopwn [3] in the Metasploit framework [4]. The first penteser gathers information about target systems using Nmap or Nessus. This information is imported to a database using a database module in Metasploit. Autopwn query the database for open ports and services. Then it loads the exploits in Metasploit that match these services and launch them against