| Abstrakt: |
Penetration testing is an important tool used by a variety of organizations to ensure a proper, working cybersecurity infrastructure. However, these tools come with limited automation abilities that require manual intervention or interpretation. Ideally, pentesters should have access to equally sophisticated tools, as do the intruders that are exposing daily vulnerabilities. A significant portion of pentesting is focused on reconnaissance and enumeration. In other words, the better the pentester can map out the security landscape of the target network, the better and more specific any attacks can be designed. Since the early stages of penetration testing are arguably the most important, where vulnerabilities can be exploited through social engineering, recon and enumeration demand a significant amount of creativity. Machine learning is proving to be an essential tool to carry out sophisticated functions and learns from previous data or experiences. Research using machine learning could be beneficial to cybersecurity professionals tasked with testing and securing precious assets. However, there seems to be a relative scarcity of research that combines machine learning and pentesting. In this context, one of the most comprehensive pentesting tool suites, Metasploit, provides the user with the ability to integrate additional modules. Therefore, it is conceivable that machine learning algorithms could be integrated into the Metasploit framework, allowing for an improved pentesting approach. The research presented in this work assesses and compares existing tools for manual penetration testing, focusing on efficiency, precision, accuracy, and scope. Ultimately, by implementing an automated machine learning cyber penetration system, manually intensive and expensive cyber penetration testing can be simplified by reducing the amount of time and resources needed for current tests. [ABSTRACT FROM AUTHOR] |
