| As a primary approach for students to deeply understand and learn penetration testing techniques, the experiments of penetration testing on network play an important role in the experiment teaching of network security technology that can improve effectively their practical abilities of penetration testing. There are several stages in the penetration testing on network, such as information gathering, network scanning, vulnerability scanning, and exploiting etc., and lots of attacking skills are involved. The complexity of penetration testing technologies greatly increases the difficulty of successfully develop the experiment teaching of network security technology. In practice, the existing tools are powerful on specific functions for penetration testing. There are few integrated tools developed for experiment teaching of network security technology now. Meanwhile, the automatic methods of vulnerability information gathering are lacking. In a word, a comprehensive experiment teaching platform of penetration testing on network is in dire need.In this thesis, an integrated experiment platform of penetration testing on network is presented to remedy the drawback that vulnerability information updates is not timely and the functions of penetration testing tools are scattered in the experiment teaching of network security technology. There are two components in the platform, one is a vulnerability information gathering system based on topic crawler and the other is an integrated design objectives system. It aims to establish a flexible and easy to use penetration testing platform for integrated experiment teaching.The main work of this thesis is as following:1.An integrated platform for penetration testing on network is designed to meet the requirement of the experiment teaching of network security technology through a lot of theoretical research, and the detailed design of the platform structure and application are depicted.2. To solve the problem of complex penetration test processes in network security teaching, an integrated approach of navigational process has been put forward to achieve the guided operation and visual display of the network penetration testing process, and that has helped to provide a powerful, simple and practical user-friendly interface for penetration experiments.3. Testing tools don’t have a full coverage of the functions, to solve this problem, firstly the characteristics of scanning function in NMap and Nessure are analyzed, as well as the principles and basic process of penetration testing in Metasploit, on the basis of the analysis, an extension method of Metasploit using remote API interface to support the tool integration is implemented.4. Considering the low efficiency in gathering vulnerability information, an automated theme-based crawler system to collect vulnerability information is proposed. As well, the framework and operation processes of the system are designed to help achieve a real-time update of the vulnerabilities.5. Based on UML modeling analysis, the framework of the platform, the details of the modules and related implementation specifications which are depicted below are designed. At last, a prototype system based on Django framework has been implemented.Several tests have been conducted on the prototype to see if the functions work well. The tests have convinced the reliability and scalability of the platform, showing that the problems lists above are effectively solved in our prototype, and have shown that the prototype works well in teaching practices, and has the ability to provide better supports for the students to study and master penetration technologies. |
PDF Full Text Request