A Framework for Automated and Visualized Penetration Testing
Tóm tắt
Từ khóa
#Penetration Testing #Security vulnerability #Automation #YAML workflow #VisualizationTài liệu tham khảo
H. M. Adam, W. Widyawan, and G. D. Putra, “A review of penetration testing frameworks, tools, and application areas,” in Proc. 2023 IEEE 7th Int. Conf. on Information Technology, Information Systems and Electrical Engineering (ICITISEE), Nov. 2023, pp. 416–421, doi: 10.1109/ICITISEE58992.2023.10404397.
Faraday Security, “Faraday: Collaborative penetration testing platform,” 2025. [Online]. Available: https://faradaysec.com
A. Muharrom and R. Saktiansyah, “Analysis of vulnerability assessment technique implementation on network using OpenVAS,” Int. J. Eng. Comput. Sci. Appl. (IJECSA), 2023.
K. Abdulghaffar, N. Elmrabit, and M. Yousefi, “Enhancing web application security through automated penetration testing with multiple vulnerability scanners,” Computers, vol. 12, no. 11, art. no. 235, Nov. 2023, doi: 10.3390/computers12110235.
C. Skandylas and M. Asplund, “Automated penetration testing: Formalization and realization,” Comput. Security, vol. 155, art. no. 104454, 2025, doi: 10.1016/j.cose.2025.104454.
ProjectDiscovery, “Nuclei: Fast and customizable vulnerability scanner based on templates.” [Online]. Available: https://nuclei.projectdiscovery.io/
PTES, “The penetration testing execution standard (PTES) technical guidelines.” [Online]. Available: http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
National Institute of Standards and Technology, “Technical guide to information security testing and assessment,” NIST Special Publication 800-115, 2008. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
ISECOM, “The open source security testing methodology manual (OSSTMM) 3.0,” 2015. [Online]. Available: http://www.osstmm.org/OSSTMM.3.pdf
ISSAF, “The information systems security assessment framework (ISSAF) overview.” [Online]. Available: http://www.issaftesting.org/ISSAF_Overview.pdf
Tenable, “Nessus Professional.” [Online]. Available: https://www.tenable.com/products/nessus
N. P. Kumar, “AIPenTool: A unified approach to automated penetration testing for enhanced network and web application security,” in Proc. 2025 Int. Conf. on Intelligent and Innovative Technologies in Computing, Electrical and Electronics (IITCEE), Jan. 2025, doi: 10.1109/IITCEE64140.2025.10915305.
W. Pan, J. Han, and M. Y. Yin, “Scorpio: An automated penetration testing tool and its integration with a cyber range,” in Proc. 2021 2nd Int. Conf. on Electronics, Communications and Information Technology (CECIT), 2021, doi: 10.1109/CECIT53797.2021.00197.
M. C. Ghanem and T. M. Chen, “Reinforcement learning for intelligent penetration testing,” in Proc. 2018 2nd World Conf. on Smart Trends in Systems, Security and Sustainability (WorldS4), Oct. 2018, pp. 185–192, doi: 10.1109/WorldS4.2018.8611595.
T. Huizinga, “Using machine learning in network traffic analysis for penetration testing auditability,” Nov. 2019. [Online]. Available: https://rp.os3.nl/2018-2019/p39/report.pdf
D. Suhartono, “The usage of machine learning on penetration testing automation,” Aug. 2023, doi: 10.1109/ICE3IS59323.2023.10335188.
Acunetix, “Acunetix web vulnerability scanner.” [Online]. Available: https://www.acunetix.com/
Digininja, “Damn Vulnerable Web Application (DVWA).” [Online]. Available: https://github.com/digininja/DVWA
MME, “bWAPP (buggy web application).” [Online]. Available: http://www.itsecgames.com/