Vulsploit: A Module for Semi-automatic Exploitation of Vulnerabilities - Testing Software and Systems
Conference Papers Year : 2020

Vulsploit: A Module for Semi-automatic Exploitation of Vulnerabilities

Abstract

Penetration testing (PT) is nowadays one of the most common and used activities to evaluate a given asset’s security status. Penetration testing aims to secure networks and highlights the security issues of such networks. More precisely, PT, which is used for proactive defense and information systems protection, is a structured process, made up of various phases that typically needs to be carried out within a limited period.In this work, we first define a modular semi-automatic approach, which allows us to collect and integrate data from various exploit repositories. These data are then used to provide the penetration tester (i.e., the pentester) with information on the best available tools (i.e., exploits) to conduct the exploitation phase effectively. Also, the proposed approach has been implemented through a proof of concept based on the Nmap Scripting Engine (NSE), which integrates the features provided by the Nmap Vulscan vulnerability scanner, and allows, for each vulnerability detected, to find the most suitable exploits for this vulnerability. We remark that the proposed approach is not focused on the vulnerability mapping phase, which is carried out through Vulscan. Instead, it is focused on the automatic finding of the exploits that can be used to take advantage of the results achieved by such a phase.
Fichier principal
Vignette du fichier
497758_1_En_6_Chapter.pdf (442.5 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03239821 , version 1 (27-05-2021)

Licence

Identifiers

Cite

Arcangelo Castiglione, Francesco Palmieri, Mariangela Petraglia, Raffaele Pizzolante. Vulsploit: A Module for Semi-automatic Exploitation of Vulnerabilities. 32th IFIP International Conference on Testing Software and Systems (ICTSS), Dec 2020, Naples, Italy. pp.89-103, ⟨10.1007/978-3-030-64881-7_6⟩. ⟨hal-03239821⟩
69 View
135 Download

Altmetric

Share

More