Towards Pentesting Automation Using the Metasploit Framework | IEEE Conference Publication | IEEE Xplore

Towards Pentesting Automation Using the Metasploit Framework


Abstract:

Penetration testing is a well known methodology assessing security vulnerabilities by executing complex steps which form an attack. Professional pentesting is an expensiv...Show More

Abstract:

Penetration testing is a well known methodology assessing security vulnerabilities by executing complex steps which form an attack. Professional pentesting is an expensive service that sometimes cannot fit in the budget of Small and Medium Enterprises. Automating this process means it can be executed even by inexperienced system administrators while it saves time for professionals. The difficulty of this problem consists in the heterogeneity of networks and systems so the techniques need to be adapted each time. Our approach is based on identifying system characteristics, search for existing vulnerabilities and applying machine learning for selecting the most appropriate exploit. The model was trained using data collected from exploited machines on the “Hack the Box” learning platform and delivers exploits from the Metasploit framework. The evaluation shows that the proposed framework can exploit a fair number of systems and can be extended to support new classes of exploits and new pentesting methodologies.
Date of Conference: 03-05 September 2020
Date Added to IEEE Xplore: 26 November 2020
ISBN Information:
Conference Location: Cluj-Napoca, Romania

Contact IEEE to Subscribe

References

References is not available for this document.