Sunday, June 12, 2011

Automating Penetration Tests - Part 2

This is the part 2 of the article, click here to read part 1 of the article.

Modern Approaches to Attack Graphs Generation and Analysis

In the modern approach, attack graphs are generated without the full knowledge about the network – which represents real-world scenarios. Then during the attack phase rest of the information is learned and the attack graph is altered accordingly. A planner or an intelligent mechanism such as neural network is used to analysis the graphs and then to generate attacks.

There are two notable researches papers that discusses on attack planning. Ghosh and Ghosh proposed a new approach to attack planning using a planner [35]. Then Obes et al. have used the same concept and integrated the planner to a penetration testing framework to successfully conduct a penetration test [36].

Friday, June 10, 2011

Automating Penetration Tests - Part 1

This article is written based on the literature survey of my Masters theses on Automating Penetration Tests. The main objective of this research is to look into ways that penetration tests can be automated. However I strongly believe that capabilities of a god penetration tester can not be automated using a computer program. So the intention is to automate systematic steps of penetration tests to save time and effort for the penetration tester.

Basic Automation of Penetration tests

There have been various attempts to simplify penetration tests by automating various steps of the penetration test. The simplest attempt is Autopwn [3] in Metasploit framework [4]. First penteser gathers information about target systems using Nmap or Nessus. This information is imported to a database using database module in Metasploit. Autopwn query the database for open ports and services. Then it loads the exploits in Metasploit that matches these services and launch them against the target systems.