Scribd Logo
Upload

Welcome to Scribd!

  • Automating Metasploit Framework: Abstract

    Uploaded by

    Vijayudu Maheza
    6 views2 pages

    Original Title

    Document (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views2 pages

    Automating Metasploit Framework: Abstract

    Uploaded by

    Vijayudu Maheza

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Automating Metasploit Framework

    Abstract:

    vulnerability assessment (va) and penetration test (pentest) are required by many organizations
    to satisfy their security auditing and compliance. Va and pentest are conducted in the different
    stage and they are done through the software tools. Implementing the system that is able to
    convert the va scan result to be rendered in the pentest tool is a real challenge. This paper
    proposes a design and development of a system called vape-bridge that provides the automatic
    conversion of the scan result of open vulnerability assessment scanner (openvas) to be the
    exploitable scripts that will be executed in the metasploit which is a widely-used opensource
    pentest program. Specifically, the tool is designed to automatically extract the vulnerabilities
    listed in open web application security project 10 (owasp 10) and exploit them to be tested in
    the metasploit. Our vape-bridge encompasses three main components including (1) scan result
    extraction responsible for extracting the va scan results related to owasp10 (2) target list
    repository responsible for retaining lists of vulnerabilities to be used in the process of
    metasploit, and (3) automated shell scripts exploitation responsible for generating the script to
    render the exploit module to be executed in metasploit. For the implementation, the vape-
    bridge protype system was tested with a number of test cases in converting the scan results
    into shell code and rendering results to be tested in metasploit. The experimental results
    showed that the system is functionally correct for all cases.

    The Metasploit Project is a computer security project that provides information about
    security vulnerabilities and aids in penetration testing and IDS signature development. It is
    owned by Boston, Massachusetts-based security company Rapid7.
    Its best-known sub-project is the open-source[2] Metasploit Framework, a tool for developing
    and executing exploit code against a remote target machine. Other important sub-projects
    include the Opcode Database, shellcode archive and related research.
    The Metasploit Project includes anti-forensic and evasion tools, some of which are built into
    the Metasploit Framework. Metasploit is pre-installed in the Kali Linux operating system.[3]

    You might also like