CONTENTS

Abstract: ........................................................................................................................................................ 2
Chapter 1: Introduction: ................................................................................................................................ 3
1.1 Project Topic and rationale: .......................................................................................................... 3
1.2 Project Aims and Objectives: ........................................................................................................ 4
1.3 Methodology: ................................................................................................................................ 5
1.4 Report Structure: ........................................................................................................................... 5
2 Chapter 2: Background Research .......................................................................................................... 6
2.1 Literature Review: ........................................................................................................................ 6
2.2 Critical Evaluation: ....................................................................................................................... 7
2.3 Scope of the Project: ..................................................................................................................... 7
2.4 Review and Justification: .............................................................................................................. 8
3 Chapter 3: Requirement Analysis and Specifications ........................................................................... 9
3.1 Python Penetration Testing and Installation: ................................................................................ 9
3.2 Python Penetration Testing and Vulnerabilities:......................................................................... 10
3.3 Python Penetration Testing and Ports: ........................................................................................ 10
3.4 Python Penetration Testing and Sockets: .................................................................................... 10
4 Chapter 4: Design ............................................................................................................................... 12
4.1 Research Design Methodology: .................................................................................................. 13
4.1.1 Applications for the chosen method: ............................................................................... 13
4.2 Result Analysis: .......................................................................................................................... 13
5 Chapter 5: Summary ........................................................................................................................... 15
Appendex .................................................................................................................................................... 16
Project WBS Activities ........................................................................................................................... 16
Gantt Chart:............................................................................................................................................. 17
References .................................................................................................................................................. 18
Penetration Testing Automation

Abstract:

The use of the information is rapidly increasing and using on the large sector in the various

organization, business sector and in the different government sectors. This arise the various

attacks and threats through which the information can be leaked. To prevent this Penetration

testing helps to secure the organization system in an effective manner where the different threats

and vulnerabilities are being test in effective way. It is one of the most important task to protect

the data from the unauthorized access and security measures are applied to protect the

information. It provides the security to the network communication system and business sections.

It also helps the developer to build the protected system and through the penetration testing they

can monitor the different activities.

Penetration testing is classified in to the three levels gray hat, white hat and white hat. It ensures

in an efficient manner that weather the system is secure or not. The main objective is to find the

vulnerabilities in the system. This helps to secure the networks and maintain the integrity of the

system.

Penetration testing helps to find the new threats by the attackers. It enhances the management of

the system and accurately mange the security of the system. Using the python and java

penetration testing is performed and obtained the results for port scanning and Secure Shell

password. As the infrastructure is getting more complex so and the communication system is
getting wider. This increase the threats of getting virus and other harmful risks, so the

penetration testing plays the important to role for the testing of the data.

Chapter 1: Introduction:

The use of the IoT devices is rapidly increasing and this is generating the huge amount of data.

The contains the sensitive information of the user that must be protected from the unauthorized

user and from the external attacks as well. Software’s are being tested to check the security level

of the systems that enable the user to identify the weak area (Nagpure & Kurkure, 2017 ). For

this process penetration testing is being used to identify the bugs and automatically detects the

attacks in the system.

1.1 Project Topic and rationale:

There are different threats and risks in the systems and to check the security of the system

penetration testing helps to detect the unusual activity in the system. The bug and external

attacks destroy the system badly as it contains the huge amount of data and this data contains the

all type of information. To avoid the attacks penetration testing is being used in the different

organizations to protect the organization core unit in an effective manner.

It is most important task to protect the data from the unauthorized access so that only the valid

users can only access the data and generate the useful information from the stored data. For the

protection of the data security measures are being applied with the encryption codes so that only

the valid user can access the data (Chu & Lisitsa, 2018).
In the organization the penetration testing is being tested and after the evaluation of the results

that provide the precise report to each section. This helps to apply the security manner

accordingly and security is being applied to the communication networks and other business

section as well.

Through the penetration testing different activities can be evaluated in an effective manner and

security checks are being applied to ensure the privacy of the different users. Different risks and

predicted threats can be measured in an effective way that helps to bring out the weak area of the

system and work on them accordingly.

Penetration testing is divided in to the different layer that include the black hat, grey hat and

white hat. Each one is used for the different purpose and algorithms are being applied in an

effective manner.

1.2 Project Aims and Objectives:

The main of this project is to test the penetration testing in the different systems and ensure the

security of the effective manage the data under the strong security measures. system in an

effective manner. It helps to protect the system in an effective manner where the validity of the

system is being testing. The detected areas are the being settled at the other side without

disturbing the other members of the organization.

This project aims to secure the data of the organization and security is being applied to

communication networks so that eternal attacks can be avoided, and system is being secured.

Security measure are to the resources so that the authenticity of the system can be measured in a

way where the risks are being predicted. This helps to make the complex algorithm so that

attacks can be avoided, and system is being secured from the external and internal attacks.
Objective of this project is to ensure the security level and threats can be avoided in an efficient

manner. The penetration testing helps to secure the system in an effective manner. The huge

amount of data is being secured from the unauthorized access and this can be used for the strong

encryption process.

1.3 Methodology:

Python or Java is being used for the penetration testing. Research has been conducted to test the

system infrastructure in an effective way so that breaching of the information can be avoided.

Moreover, computational model has been used to evaluate the performance of the system in an

effective manner. Moreover, Data has been taken from the secondary resources and techniques

have been applied to protect the system. Using the python algorithms are used to protect the data

from the unauthorized access and user can access the required data after the proper verification

and validation process.

1.4 Report Structure:

Chapter one describes the details of the penetration testing in which the aims and objects are

defined. The chapter 2 gives the details of literature review. In which the research background is

defined, the flaws of the system and gaps are defined. Relevant theories are also discussed in

detail. Chapter 3 gives the details of the requirement analysis and specifications. In which the

penetration testing is defined in detail. The requirement of the system is proposed. Chapter 4

discuss the software design and evaluated results are concluded from the applied methodology.

Chapter 5 describes the summary of the whole the system.

2 CHAPTER 2: BACKGROUND RESEARCH

The main purpose of the penetration testing is to find the threats and risks in the systems.

Penetration Testing helps in finding the flaws and security issues in the existing systems and

programs. The system is thoroughly being checked and effectively tested through the different

phases (Shebli & Beheshti, 2018). The modification in the system helps to improve the security

of the whole system. Penetration testing is conducted by the ethical hackers that helps the

organization to find the flaws and weaknesses in the system. Different vulnerabilities can be

detected and helps the organization to double check the security purpose.

2.1 Literature Review:

Matt Bishop stated that penetration testing helps to under the problem in an effective manner. As

the flaws can be detected and testing helps to protect the information. Through the different

resources the information can be shared through the different places that increases the risk of

hacking. Through the penetration testing different the confidentiality of the system is being more

protective.

Penetration testing integrate the system in a manner where the communication can be made

protected. DoS attacks can be detected in an effective manner and protective measures can be

applied to produce the better communication systems. When the security concerns are raising,

penetration testing was performed to evaluate the faults in the system.

Earlier it’s very difficult to protect the system from the attacks and security measures can’t be

applied to protect the system from the unauthorized access. Security threats can’t be evaluated in

an effective manner and DoS attacks makes the system so weak where all of the confidential

information can be gained.

2.2 Critical Evaluation:

Before penetration testing the security, measure can’t be applied according to the exact

requirement of the user and the system. The flaws in the system is very difficult to detect. As

penetration testing is the ethical hacking that hacks the system to check the threats and flaws in

the system. Using the penetration testing different techniques and tools are used that helps to

automate the system and security points can be checked.

Through the penetration testing the vulnerabilities can be evaluated and damage can be detected

with the efficient approach. Assessments can be made where the threats can be evaluated, and

solution are applied to protect the data.

Through the IP addressing the tests are being made that helps to identify the different attacks in

the systems. Using the penetration testing different protocols are being tested through which the

complete structure of the network system can be evaluated, and privacy check points are being

made through which the identified user can access the system in a manageable way (Stefinko, et

al., 2016).

2.3 Scope of the Project:

Penetration testing helps to protect the system in an effective manner where the attacks can be

detected, and security can be improved in a manner where the check points are made to protect

the system. As the penetration testing consists of white test box testing and black test box testing.
Using the different resources, the testing can be performed, and architecture of the system can be

improved in an effective manner. Penetration testing helps to protect the system in an efficient

manner and IP addressing can be made secure that denied the unknown access instantly.

The network structure can be improved as vulnerabilities and threats are detected and using the

valuable software the system can be protected through the destructive attacks. Security is the one

of the most prominent issue and through the penetration testing comprehensive methods are used

that helps to integrate the system (Hudic, et al., 2012). Operational and functional tasks can be

performed, and generated data can be keep safe as the risks are evaluated and can be used for the

useful purpose.

2.4 Review and Justification:

Using the penetration testing the architecture of the system can be improved in an effective

manner where the test is performed in the automatic manner and better results can be performed.

It provides the resources through which the testing can be performed in a productive manner.

Different tools are provided through which the penetration testing can be performed in an

efficient manner. Vulnerability scanner is essentially used through which the security threats can

be scanned in an effective manner. It also helps to detect the configuration issues in the system.
3 CHAPTER 3: REQUIREMENT ANALYSIS AND SPECIFICATIONS

Using the python, the penetration testing is being performed as it is one the best language to

perform the penetration testing and per freed a lot. It provided the best structure to pen test the

different ports and evaluates the performance of the system.

Python penetration testing performed the multiple platform through which the different tasks can

be performed effectively. Python penetration testing includes the prototypes and poof of concept

through which the ports can be scanned.

Moreover, different tools are used for the penetration testing that includes the Scapy, FiMap and

XSScrapy. These tools help in detecting the different network channels and vulnerabilities.

Moreover, the existing system can be tested in an effective manner.

Python penetration testing helps in the security of the organization, protects the confidentiality of

data that is present at the different places. Penetration testing ensure the security polices of the

system. It helps to make the network efficiency and integrate the different network for the

communication to exchange the data under the secure system.

3.1 Python Penetration Testing and Installation:

For the penetration testing python setup is being setup on the VMware player and kali Linux is

also being setup that helps to use the different tools and techniques. Samurai web testing frame

work is installed to do the penetration testing.

Using the python penetration testing cyber criminals can be detected in an effective manner and

provide the security where the attacks can be detected before violating the whole system. Using

the penetration testing different network slots can be tested and evaluates the threats risks in the

system.

3.2 Python Penetration Testing and Vulnerabilities:

Using the python penetration testing automation vulnerabilities can be tested in an effective

manner and analysis can be made. Different flaws can be detected, and vulnerabilities can be

detected. It involves the active and passive testing that helps to test the security vulnerabilities.

The active testing helps to detect the active responses during the communication and determine

the vulnerabilities.

3.3 Python Penetration Testing and Ports:

TCP ports can be detected, and automated tools can be used to check the security level and ports

can be scanned in an effective manner. Using the automated tools coded by python can save a lot

of time. Using the passive penetration testing can be done using the metadata analysis and traffic

monitoring. The TCP header architecture is a communication protocol that is tested using the

python penetration testing that uses the three-handshake flag set technique is being used. Source

ports, destination ports and sequence ports are being tested for the flaws and risks in the system.

3.4 Python Penetration Testing and Sockets:

Python penetration testing provide the best assurance security for the sockets as these are the end

points that helps to secure the system in a manner where the flaws and threats can be detected

instantly. It also tests the network sockets and protect them by giving the extra security measure
as the weaknesses are evaluated (Chen, et al., 2018). Python provide the python security module

for the testing of the sockets and evaluates the performance accordingly.
4 CHAPTER 4: DESIGN

The testing is being implemented using the python and ports are scanned that detects the threats.

Access points and being used to check the client side. The wireless systems are being scanned

and the communication between the clients is secured in a manner where the powerful hacking

attacks can be avoided.

Fig. 1

The beacon frame sends the AP periodically to show the presence and the channel number is

being associated. The probe request is being sent to check the AP and it contains the information

of the network. The response is being back given to support the data rate. The authenticate
request and response is being given so that network channel is being protected from the external

attacks and detect the threat instantly.

The associate request and response indicate the rejection and acceptance of the data. The whole

system uses the Service Set Identifier (SSID) that is implemented using the python. The SSID

sniffer and scapy is used to protect the network (Büchler, 2013). The access points navigate and

capture the different actions through which the different activities can be evaluated.

4.1 Research Design Methodology:

4.1.1 Applications for the chosen method:

Different applications are used for the testing of the different ports and web pages. This include

the port scanner, vulnerability scanner, application scanner and web application assessment

proxy. Using the port scanner application open ports can be scanned and this detects the different

risks. Network mapper is used for the scanning of open ports and discovers the different

networks thoroughly scanned them from the different viruses.

4.2 Result Analysis:

Using the python penetration testing applications, the performance can be evaluated through the

productivity. The techniques and designed algorithms are applied in a manner that shows the

effective performance and threats can be avoided.

Python penetration testing automation can be used for the Single IP multiple port and code

design implementation is encoded that produce the productive results. With the help of Scapy

this is implement where the threats and flaws in the architecture is detected in the effective

manner.
Moreover, this can also be used for the Multiple IP single port and as the large number of data

packets are sent to the web server and python uses the Scapy to test the port and weak areas are

detected.
5 CHAPTER 5: SUMMARY

Penetration testing automation helps to identify the different threats and risks in an effective

manner. It is also known as ethical hacking. It helps the organization to identify the different

aspects and infrastructure of the organization can be made strong as the flaws in the system are

identified. The tester includes the white hat, black hat and grey hat penetration testing. Each of

them is used according to the different situation and available resources (Casola, et al., 2018).

The external and internal penetration testing can also be used to test the system and made sure

the security checkpoints. Using the python for the penetration testing helps to protect the system

and different network ports can be tested. Operational and functional tasks can be performed, and

generated data can be keep safe as the risks are evaluated and can be used for the useful purpose.

The design system ensures the security of the system in an effective manner and produce the

productive results where the efficiency of the system can be shown in the best possible manner.

Using the different applications, the detection process can be made, and IP ports can also be

analyzed (Haubris & Pauli, 2013). Using the python implemented penetration testing the flaws in

the system can be evaluated in the effective manner and infrastructure of the organization can be

made strong.
APPENDEX

Project WBS Activities

Activities Estimation Task Report

Penetration Testing 10 Days Achieved

Introduction

Methodology 15 Days Achieved

Designing

Python 10 Days Achieved

Implementation for

Penetration Testing

Ports penetration 3 Days Achieved

Testing
Gantt Chart:
REFERENCES
Almubairik, N. A. & Wills, G., 2016. Automated penetration testing based on a threat model. 2016 11th
International Conference for Internet Technology and Secured Transactions (ICITST), pp. 413 - 414.

Büchler, M., 2013. Security Testing with Fault-Models and Properties. 2013 IEEE Sixth International
Conference on Software Testing, Verification and Validation, pp. 501 - 502.

Casola, V., Benedictis, A. D., Rak, M. & Villano, U., 2018. Towards Automated Penetration Testing for Cloud
Applications. 2018 IEEE 27th International Conference on Enabling Technologies: Infrastructure for
Collaborative Enterprises (WETICE), pp. 24 - 29.

Chen, C.-K., Zhang, Z.-K., Lee, S.-H. & Shieh, S., 2018. Penetration Testing in the IoT Age. ieee, 51(4), pp.
82 - 85.

Chu, G. & Lisitsa, A., 2018. Poster: Agent-based (BDI) modeling for automation of penetration testing.
2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1 - 2.

Goel, J. N., Asghar, M. H., Kumar, V. & Pandey, S. K., 2016. Ensemble based approach to increase
vulnerability assessment and penetration testing accuracy. 2016 International Conference on Innovation
and Challenges in Cyber Security (ICICCS-INBUSH), pp. 330 - 335.
Haubris, K. P. & Pauli, J. J., 2013. Improving the Efficiency and Effectiveness of Penetration Test
Automation. 2013 10th International Conference on Information Technology: New Generations, pp. 387 -
391.

Hudic, A. et al., 2012. Towards a Unified Penetration Testing Taxonomy. 2012 International Conference on
Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing, pp. 811 - 812.

Liu, L. et al., 2017. An Inferential Metamorphic Testing Approach to Reduce False Positives in SQLIV
Penetration Test. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC),
Volume 1, pp. 675 - 680.

Miao, Y., Liu, S., Wang, H. & Wang, S., 2011. Predicting the vertical bearing capacity of single piles based
on SCPTU test. 2011 International Conference on Remote Sensing, Environment and Transportation
Engineering, pp. 2306 - 2309.
Nagpure, S. & Kurkure, S., 2017 . Vulnerability Assessment and Penetration Testing of Web Application.
2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA), pp. 1
- 6.

Shebli, H. M. Z. A. & Beheshti, B. D., 2018. A study on penetration testing process and tools. 2018 IEEE
Long Island Systems, Applications and Technology Conference (LISAT), pp. 1 - 7.

Stefinko, Y., Piskozub, A. & Banakh, R., 2016. Manual and automated penetration testing. Benefits and
drawbacks. Modern tendency. 2016 13th International Conference on Modern Problems of Radio
Engineering, Telecommunications and Computer Science (TCSET), pp. 488 - 491.

Türpe, S. & Eichler, J., 2009 . Testing Production Systems Safely: Common Precautions in Penetration
Testing. 2009 Testing: Academic and Industrial Conference - Practice and Research Techniques, pp. 205 -
209.