%0 Conference Proceedings
%T Vulsploit: A Module for Semi-automatic Exploitation of Vulnerabilities
%+ Università degli Studi di Salerno = University of Salerno (UNISA)
%A Castiglione, Arcangelo
%A Palmieri, Francesco
%A Petraglia, Mariangela
%A Pizzolante, Raffaele
%Z Part 2: Security Testing
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 32th IFIP International Conference on Testing Software and Systems (ICTSS)
%C Naples, Italy
%Y Valentina Casola
%Y Alessandra De Benedictis
%Y Massimiliano Rak
%I Springer International Publishing
%3 Testing Software and Systems
%V LNCS-12543
%P 89-103
%8 2020-12-09
%D 2020
%R 10.1007/978-3-030-64881-7_6
%K Penetration testing
%K Automation of security testing
%K Security assessment
%K Security monitoring
%K Nmap
%K Nmap Scripting Engine (NSE)
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X Penetration testing (PT) is nowadays one of the most common and used activities to evaluate a given asset’s security status. Penetration testing aims to secure networks and highlights the security issues of such networks. More precisely, PT, which is used for proactive defense and information systems protection, is a structured process, made up of various phases that typically needs to be carried out within a limited period.In this work, we first define a modular semi-automatic approach, which allows us to collect and integrate data from various exploit repositories. These data are then used to provide the penetration tester (i.e., the pentester) with information on the best available tools (i.e., exploits) to conduct the exploitation phase effectively. Also, the proposed approach has been implemented through a proof of concept based on the Nmap Scripting Engine (NSE), which integrates the features provided by the Nmap Vulscan vulnerability scanner, and allows, for each vulnerability detected, to find the most suitable exploits for this vulnerability. We remark that the proposed approach is not focused on the vulnerability mapping phase, which is carried out through Vulscan. Instead, it is focused on the automatic finding of the exploits that can be used to take advantage of the results achieved by such a phase.
%G English
%Z TC 6
%Z WG 6.1
%2 https://inria.hal.science/hal-03239821/document
%2 https://inria.hal.science/hal-03239821/file/497758_1_En_6_Chapter.pdf
%L hal-03239821
%U https://inria.hal.science/hal-03239821
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC6
%~ IFIP-WG6-1
%~ IFIP-ICTSS
%~ IFIP-LNCS-12543