I. Research & Engineering Projects
Jan 2012 - Apr 2012
BUAA, Key Laboratory of Beijing Network Technology
Project Description: The project mainly researched on the automatic generation and execution of penetration test scheme, during the scheme enforcement, vulnerability and penetration process can be combined and springboard technique is utilized for further penetration.
Responsibility: I am In charge of the development team which consists of three postgraduate members.
Introduction: PenetrationTest is a project of KLBNT. Its main purpose is to integrate vulnerablility scanning with penetration. PenetrationTest uses Nessus for vulnerability scanning and Metasploit Framework for penetration. After port scanning, Nessus will genrate a XML format scanning report. And we develop a ruby software to Parse the report and generate a penetration test scheme which adopts the pts file format. We also developed a MFC software named PenetrationTest to parse the pts file and send instructions to Metasploit server-side daemon process. Metasploit will implement the penetration and send back the results to PenetrationTest. PenetrationTest is able to draw a penetration graph which shows the penetration path according to the results returned from Metasploit.
Languages used by PenetrationTest are:
Techniques used by PenetrationTest are:
MFC for UI
Winsock API for communications with Metasploit
GDI API for drawing penetration graph
Download source from GitHub
Metasploit official website
Nessus official website
Ruby official website