HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation
Conference papers

Vulsploit: A Module for Semi-automatic Exploitation of Vulnerabilities

Abstract : Penetration testing (PT) is nowadays one of the most common and used activities to evaluate a given asset’s security status. Penetration testing aims to secure networks and highlights the security issues of such networks. More precisely, PT, which is used for proactive defense and information systems protection, is a structured process, made up of various phases that typically needs to be carried out within a limited period.In this work, we first define a modular semi-automatic approach, which allows us to collect and integrate data from various exploit repositories. These data are then used to provide the penetration tester (i.e., the pentester) with information on the best available tools (i.e., exploits) to conduct the exploitation phase effectively. Also, the proposed approach has been implemented through a proof of concept based on the Nmap Scripting Engine (NSE), which integrates the features provided by the Nmap Vulscan vulnerability scanner, and allows, for each vulnerability detected, to find the most suitable exploits for this vulnerability. We remark that the proposed approach is not focused on the vulnerability mapping phase, which is carried out through Vulscan. Instead, it is focused on the automatic finding of the exploits that can be used to take advantage of the results achieved by such a phase.
Complete list of metadata

https://hal.inria.fr/hal-03239821
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Thursday, May 27, 2021 - 4:42:48 PM
Last modification on : Thursday, May 27, 2021 - 4:58:39 PM
Long-term archiving on: : Saturday, August 28, 2021 - 7:59:32 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2023-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Arcangelo Castiglione, Francesco Palmieri, Mariangela Petraglia, Raffaele Pizzolante. Vulsploit: A Module for Semi-automatic Exploitation of Vulnerabilities. 32th IFIP International Conference on Testing Software and Systems (ICTSS), Dec 2020, Naples, Italy. pp.89-103, ⟨10.1007/978-3-030-64881-7_6⟩. ⟨hal-03239821⟩

Share

Metrics

Record views

23