Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Abstract: ........................................................................................................................................................ 2
Chapter 1: Introduction: ................................................................................................................................ 3
1.1 Project Topic and rationale: .......................................................................................................... 3
1.2 Project Aims and Objectives: ........................................................................................................ 4
1.3 Methodology: ................................................................................................................................ 5
1.4 Report Structure: ........................................................................................................................... 5
2 Chapter 2: Background Research .......................................................................................................... 6
2.1 Literature Review: ........................................................................................................................ 6
2.2 Critical Evaluation: ....................................................................................................................... 7
2.3 Scope of the Project: ..................................................................................................................... 7
2.4 Review and Justification: .............................................................................................................. 8
3 Chapter 3: Requirement Analysis and Specifications ........................................................................... 9
3.1 Python Penetration Testing and Installation: ................................................................................ 9
3.2 Python Penetration Testing and Vulnerabilities:......................................................................... 10
3.3 Python Penetration Testing and Ports: ........................................................................................ 10
3.4 Python Penetration Testing and Sockets: .................................................................................... 10
4 Chapter 4: Design ............................................................................................................................... 12
4.1 Research Design Methodology: .................................................................................................. 13
4.1.1 Applications for the chosen method: ............................................................................... 13
4.2 Result Analysis: .......................................................................................................................... 13
5 Chapter 5: Summary ........................................................................................................................... 15
Appendex .................................................................................................................................................... 16
Project WBS Activities ........................................................................................................................... 16
Gantt Chart:............................................................................................................................................. 17
References .................................................................................................................................................. 18
Penetration Testing Automation
Abstract:
The use of the information is rapidly increasing and using on the large sector in the various
organization, business sector and in the different government sectors. This arise the various
attacks and threats through which the information can be leaked. To prevent this Penetration
testing helps to secure the organization system in an effective manner where the different threats
and vulnerabilities are being test in effective way. It is one of the most important task to protect
the data from the unauthorized access and security measures are applied to protect the
information. It provides the security to the network communication system and business sections.
It also helps the developer to build the protected system and through the penetration testing they
Penetration testing is classified in to the three levels gray hat, white hat and white hat. It ensures
in an efficient manner that weather the system is secure or not. The main objective is to find the
vulnerabilities in the system. This helps to secure the networks and maintain the integrity of the
system.
Penetration testing helps to find the new threats by the attackers. It enhances the management of
the system and accurately mange the security of the system. Using the python and java
penetration testing is performed and obtained the results for port scanning and Secure Shell
password. As the infrastructure is getting more complex so and the communication system is
getting wider. This increase the threats of getting virus and other harmful risks, so the
penetration testing plays the important to role for the testing of the data.
Chapter 1: Introduction:
The use of the IoT devices is rapidly increasing and this is generating the huge amount of data.
The contains the sensitive information of the user that must be protected from the unauthorized
user and from the external attacks as well. Software’s are being tested to check the security level
of the systems that enable the user to identify the weak area (Nagpure & Kurkure, 2017 ). For
this process penetration testing is being used to identify the bugs and automatically detects the
There are different threats and risks in the systems and to check the security of the system
penetration testing helps to detect the unusual activity in the system. The bug and external
attacks destroy the system badly as it contains the huge amount of data and this data contains the
all type of information. To avoid the attacks penetration testing is being used in the different
It is most important task to protect the data from the unauthorized access so that only the valid
users can only access the data and generate the useful information from the stored data. For the
protection of the data security measures are being applied with the encryption codes so that only
the valid user can access the data (Chu & Lisitsa, 2018).
In the organization the penetration testing is being tested and after the evaluation of the results
that provide the precise report to each section. This helps to apply the security manner
accordingly and security is being applied to the communication networks and other business
section as well.
Through the penetration testing different activities can be evaluated in an effective manner and
security checks are being applied to ensure the privacy of the different users. Different risks and
predicted threats can be measured in an effective way that helps to bring out the weak area of the
Penetration testing is divided in to the different layer that include the black hat, grey hat and
white hat. Each one is used for the different purpose and algorithms are being applied in an
effective manner.
The main of this project is to test the penetration testing in the different systems and ensure the
security of the effective manage the data under the strong security measures. system in an
effective manner. It helps to protect the system in an effective manner where the validity of the
system is being testing. The detected areas are the being settled at the other side without
This project aims to secure the data of the organization and security is being applied to
communication networks so that eternal attacks can be avoided, and system is being secured.
Security measure are to the resources so that the authenticity of the system can be measured in a
way where the risks are being predicted. This helps to make the complex algorithm so that
attacks can be avoided, and system is being secured from the external and internal attacks.
Objective of this project is to ensure the security level and threats can be avoided in an efficient
manner. The penetration testing helps to secure the system in an effective manner. The huge
amount of data is being secured from the unauthorized access and this can be used for the strong
encryption process.
1.3 Methodology:
Python or Java is being used for the penetration testing. Research has been conducted to test the
system infrastructure in an effective way so that breaching of the information can be avoided.
Moreover, computational model has been used to evaluate the performance of the system in an
effective manner. Moreover, Data has been taken from the secondary resources and techniques
have been applied to protect the system. Using the python algorithms are used to protect the data
from the unauthorized access and user can access the required data after the proper verification
Chapter one describes the details of the penetration testing in which the aims and objects are
defined. The chapter 2 gives the details of literature review. In which the research background is
defined, the flaws of the system and gaps are defined. Relevant theories are also discussed in
detail. Chapter 3 gives the details of the requirement analysis and specifications. In which the
penetration testing is defined in detail. The requirement of the system is proposed. Chapter 4
discuss the software design and evaluated results are concluded from the applied methodology.
The main purpose of the penetration testing is to find the threats and risks in the systems.
Penetration Testing helps in finding the flaws and security issues in the existing systems and
programs. The system is thoroughly being checked and effectively tested through the different
phases (Shebli & Beheshti, 2018). The modification in the system helps to improve the security
of the whole system. Penetration testing is conducted by the ethical hackers that helps the
organization to find the flaws and weaknesses in the system. Different vulnerabilities can be
detected and helps the organization to double check the security purpose.
Matt Bishop stated that penetration testing helps to under the problem in an effective manner. As
the flaws can be detected and testing helps to protect the information. Through the different
resources the information can be shared through the different places that increases the risk of
hacking. Through the penetration testing different the confidentiality of the system is being more
protective.
Penetration testing integrate the system in a manner where the communication can be made
protected. DoS attacks can be detected in an effective manner and protective measures can be
applied to produce the better communication systems. When the security concerns are raising,
applied to protect the system from the unauthorized access. Security threats can’t be evaluated in
an effective manner and DoS attacks makes the system so weak where all of the confidential
Before penetration testing the security, measure can’t be applied according to the exact
requirement of the user and the system. The flaws in the system is very difficult to detect. As
penetration testing is the ethical hacking that hacks the system to check the threats and flaws in
the system. Using the penetration testing different techniques and tools are used that helps to
Through the penetration testing the vulnerabilities can be evaluated and damage can be detected
with the efficient approach. Assessments can be made where the threats can be evaluated, and
Through the IP addressing the tests are being made that helps to identify the different attacks in
the systems. Using the penetration testing different protocols are being tested through which the
complete structure of the network system can be evaluated, and privacy check points are being
made through which the identified user can access the system in a manageable way (Stefinko, et
al., 2016).
Penetration testing helps to protect the system in an effective manner where the attacks can be
detected, and security can be improved in a manner where the check points are made to protect
the system. As the penetration testing consists of white test box testing and black test box testing.
Using the different resources, the testing can be performed, and architecture of the system can be
improved in an effective manner. Penetration testing helps to protect the system in an efficient
manner and IP addressing can be made secure that denied the unknown access instantly.
The network structure can be improved as vulnerabilities and threats are detected and using the
valuable software the system can be protected through the destructive attacks. Security is the one
of the most prominent issue and through the penetration testing comprehensive methods are used
that helps to integrate the system (Hudic, et al., 2012). Operational and functional tasks can be
performed, and generated data can be keep safe as the risks are evaluated and can be used for the
useful purpose.
Using the penetration testing the architecture of the system can be improved in an effective
manner where the test is performed in the automatic manner and better results can be performed.
It provides the resources through which the testing can be performed in a productive manner.
Different tools are provided through which the penetration testing can be performed in an
efficient manner. Vulnerability scanner is essentially used through which the security threats can
be scanned in an effective manner. It also helps to detect the configuration issues in the system.
3 CHAPTER 3: REQUIREMENT ANALYSIS AND SPECIFICATIONS
Using the python, the penetration testing is being performed as it is one the best language to
perform the penetration testing and per freed a lot. It provided the best structure to pen test the
Python penetration testing performed the multiple platform through which the different tasks can
be performed effectively. Python penetration testing includes the prototypes and poof of concept
Moreover, different tools are used for the penetration testing that includes the Scapy, FiMap and
XSScrapy. These tools help in detecting the different network channels and vulnerabilities.
Python penetration testing helps in the security of the organization, protects the confidentiality of
data that is present at the different places. Penetration testing ensure the security polices of the
system. It helps to make the network efficiency and integrate the different network for the
For the penetration testing python setup is being setup on the VMware player and kali Linux is
also being setup that helps to use the different tools and techniques. Samurai web testing frame
provide the security where the attacks can be detected before violating the whole system. Using
the penetration testing different network slots can be tested and evaluates the threats risks in the
system.
Using the python penetration testing automation vulnerabilities can be tested in an effective
manner and analysis can be made. Different flaws can be detected, and vulnerabilities can be
detected. It involves the active and passive testing that helps to test the security vulnerabilities.
The active testing helps to detect the active responses during the communication and determine
the vulnerabilities.
TCP ports can be detected, and automated tools can be used to check the security level and ports
can be scanned in an effective manner. Using the automated tools coded by python can save a lot
of time. Using the passive penetration testing can be done using the metadata analysis and traffic
monitoring. The TCP header architecture is a communication protocol that is tested using the
python penetration testing that uses the three-handshake flag set technique is being used. Source
ports, destination ports and sequence ports are being tested for the flaws and risks in the system.
Python penetration testing provide the best assurance security for the sockets as these are the end
points that helps to secure the system in a manner where the flaws and threats can be detected
instantly. It also tests the network sockets and protect them by giving the extra security measure
as the weaknesses are evaluated (Chen, et al., 2018). Python provide the python security module
for the testing of the sockets and evaluates the performance accordingly.
4 CHAPTER 4: DESIGN
The testing is being implemented using the python and ports are scanned that detects the threats.
Access points and being used to check the client side. The wireless systems are being scanned
and the communication between the clients is secured in a manner where the powerful hacking
Fig. 1
The beacon frame sends the AP periodically to show the presence and the channel number is
being associated. The probe request is being sent to check the AP and it contains the information
of the network. The response is being back given to support the data rate. The authenticate
request and response is being given so that network channel is being protected from the external
The associate request and response indicate the rejection and acceptance of the data. The whole
system uses the Service Set Identifier (SSID) that is implemented using the python. The SSID
sniffer and scapy is used to protect the network (Büchler, 2013). The access points navigate and
capture the different actions through which the different activities can be evaluated.
Different applications are used for the testing of the different ports and web pages. This include
the port scanner, vulnerability scanner, application scanner and web application assessment
proxy. Using the port scanner application open ports can be scanned and this detects the different
risks. Network mapper is used for the scanning of open ports and discovers the different
Using the python penetration testing applications, the performance can be evaluated through the
productivity. The techniques and designed algorithms are applied in a manner that shows the
Python penetration testing automation can be used for the Single IP multiple port and code
design implementation is encoded that produce the productive results. With the help of Scapy
this is implement where the threats and flaws in the architecture is detected in the effective
manner.
Moreover, this can also be used for the Multiple IP single port and as the large number of data
packets are sent to the web server and python uses the Scapy to test the port and weak areas are
detected.
5 CHAPTER 5: SUMMARY
Penetration testing automation helps to identify the different threats and risks in an effective
manner. It is also known as ethical hacking. It helps the organization to identify the different
aspects and infrastructure of the organization can be made strong as the flaws in the system are
identified. The tester includes the white hat, black hat and grey hat penetration testing. Each of
them is used according to the different situation and available resources (Casola, et al., 2018).
The external and internal penetration testing can also be used to test the system and made sure
the security checkpoints. Using the python for the penetration testing helps to protect the system
and different network ports can be tested. Operational and functional tasks can be performed, and
generated data can be keep safe as the risks are evaluated and can be used for the useful purpose.
The design system ensures the security of the system in an effective manner and produce the
productive results where the efficiency of the system can be shown in the best possible manner.
Using the different applications, the detection process can be made, and IP ports can also be
analyzed (Haubris & Pauli, 2013). Using the python implemented penetration testing the flaws in
the system can be evaluated in the effective manner and infrastructure of the organization can be
made strong.
APPENDEX
Introduction
Designing
Implementation for
Penetration Testing
Testing
Gantt Chart:
REFERENCES
Almubairik, N. A. & Wills, G., 2016. Automated penetration testing based on a threat model. 2016 11th
International Conference for Internet Technology and Secured Transactions (ICITST), pp. 413 - 414.
Büchler, M., 2013. Security Testing with Fault-Models and Properties. 2013 IEEE Sixth International
Conference on Software Testing, Verification and Validation, pp. 501 - 502.
Casola, V., Benedictis, A. D., Rak, M. & Villano, U., 2018. Towards Automated Penetration Testing for Cloud
Applications. 2018 IEEE 27th International Conference on Enabling Technologies: Infrastructure for
Collaborative Enterprises (WETICE), pp. 24 - 29.
Chen, C.-K., Zhang, Z.-K., Lee, S.-H. & Shieh, S., 2018. Penetration Testing in the IoT Age. ieee, 51(4), pp.
82 - 85.
Chu, G. & Lisitsa, A., 2018. Poster: Agent-based (BDI) modeling for automation of penetration testing.
2018 16th Annual Conference on Privacy, Security and Trust (PST), pp. 1 - 2.
Goel, J. N., Asghar, M. H., Kumar, V. & Pandey, S. K., 2016. Ensemble based approach to increase
vulnerability assessment and penetration testing accuracy. 2016 International Conference on Innovation
and Challenges in Cyber Security (ICICCS-INBUSH), pp. 330 - 335.
Haubris, K. P. & Pauli, J. J., 2013. Improving the Efficiency and Effectiveness of Penetration Test
Automation. 2013 10th International Conference on Information Technology: New Generations, pp. 387 -
391.
Hudic, A. et al., 2012. Towards a Unified Penetration Testing Taxonomy. 2012 International Conference on
Privacy, Security, Risk and Trust and 2012 International Confernece on Social Computing, pp. 811 - 812.
Liu, L. et al., 2017. An Inferential Metamorphic Testing Approach to Reduce False Positives in SQLIV
Penetration Test. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC),
Volume 1, pp. 675 - 680.
Miao, Y., Liu, S., Wang, H. & Wang, S., 2011. Predicting the vertical bearing capacity of single piles based
on SCPTU test. 2011 International Conference on Remote Sensing, Environment and Transportation
Engineering, pp. 2306 - 2309.
Nagpure, S. & Kurkure, S., 2017 . Vulnerability Assessment and Penetration Testing of Web Application.
2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA), pp. 1
- 6.
Shebli, H. M. Z. A. & Beheshti, B. D., 2018. A study on penetration testing process and tools. 2018 IEEE
Long Island Systems, Applications and Technology Conference (LISAT), pp. 1 - 7.
Stefinko, Y., Piskozub, A. & Banakh, R., 2016. Manual and automated penetration testing. Benefits and
drawbacks. Modern tendency. 2016 13th International Conference on Modern Problems of Radio
Engineering, Telecommunications and Computer Science (TCSET), pp. 488 - 491.
Türpe, S. & Eichler, J., 2009 . Testing Production Systems Safely: Common Precautions in Penetration
Testing. 2009 Testing: Academic and Industrial Conference - Practice and Research Techniques, pp. 205 -
209.