BASTAERT, M. Clément (2023) Evaluation and comparison of automated pentesting tools PRE - Research Project, ENSTA.

[img]PDF
Restricted to Registered users only

948Kb

Abstract

This paper is about automated penetration testing (pentesting) tools. The goal of my internship was to evaluate and compare some of these tools - MITRE Caldera, Metasploit Framework, and Infection Monkey - within the context of the "Ethical Hacking" course at KTH. The report highlights the importance of automated pentesting for companies and organizations. The aim was to test the performance of each of the three tools on the network, trying to exploit as many vulnerabilities as possible. The study focuses on multiple scenarios involving various hacking techniques like password cracking, web hacking, hash cracking, SQL injection, and privilege escalation. In addition to the exploits themselves, the study assesses them more generally in terms of ease of use, number of exploits and attack scenarios available, and adaptability. Results indicate that each tool demonstrates distinct strengths and limitations. MITRE Caldera stands out for its flexibility in customizability and operation creation but lacks autonomy and built-in exploit modules for many vulnerabilities. Metasploit Framework offers a wide range of exploits but lacks autonomy and faces challenges with SQL injection and certain privilege escalation exploits. Infection Monkey offers an easy-to-use interface but falls short due to limited exploit capabilities. Overall, this research provides insights into the performance and adaptability of automated pentesting tools and gives thought to their future improvements.

Item Type:Thesis (PRE - Research Project)
Uncontrolled Keywords:Penetration test - Automation - Hacking - MITRE Caldera - Metasploit Framework - Infection Monkey - Exploits
Subjects:Information and Communication Sciences and Technologies
ID Code:9707
Deposited By:Clément BASTAERT
Deposited On:01 sept. 2023 14:17
Dernière modification:01 sept. 2023 14:17

Repository Staff Only: item control page