Data processing systems during penetration testing

When conducting penetration testing, it is necessary to aggregate data from several sources and compare the results of periodic tests. For this purpose, specialized frameworks will be used, which will be discussed in this article.

When testing for penetration of a large project or by a team of participants, the question of team interaction and systematization of the results is raised — these are reports of various analysis tools and vulnerabilities revealed in manual mode — all this is a huge amount of information in which approach, you can miss something important or "rake" possible doubles. There is also a need to consolidate reports and normalize them and bring them to a single form. To solve these problems, there are several popular products.
')

Trello

One of the popular solutions from the development world has come to the world of information security. Trello helps to see all the details of the project at a glance. The main advantage of Trello is the ability to see several simultaneously running projects and their status at the current time. If you lead a group of developers or other artists working on projects with a deadline or a fixed goal, then this system can give you an idea of ​​the progress of the projects at any time. This is well applicable when conducting audits by several employees. This system is often used by CTF players to coordinate actions.

Official website: trello.com

Magictree

MagicTree stores data in a tree structure. A rather convenient view for presenting information that is collected during network testing: host, ports, services, applications, vulnerabilities, etc.

The storage scheme is quite flexible for adding new information without disturbing the existing data of the structure: for example, you need to add the host MAC address — to do this, add a child node to the host node.

MagicTree allows you to retrieve data in a table or list. The query interface uses XPath expressions to extract data. Also, this program allows you to use variables to interact with external components, such as nmap or nessus, and enter data directly into the tree of hosts:



Official website: www.gremwell.com/what_is_magictree

Dradis

One of the oldest and most popular frameworks. Natively installed in Linux Linux. Dradis Framework is an open source platform to simplify collaboration and reporting in the field of information security.

Dradis is a standalone web application that provides centralized storage of information. There are two versions - Community Edition (free) and Professional Edition (from $ 59). In the pro version, there is more functionality, including integration capabilities, a reporting system, support (including priority), available methodologies, etc. Expansion of functionality in the form of plug-ins / add-ons is possible.



Supports work with the following utilities:

• Acunetix
• Brakeman
• Burp suite
• Metasploit
• Nessus
• Nexpose
• Nikto
• Nmap
• NTOspider
• Openvas
• OSVDB
• Qualys
• Retina
• Suurecheck
• VulnDB
• w3af
• Mediawiki
• wXf
• Zed attack proxy

There are versions for Linux / Mac, you can install from the git repository. There is also a virtual applines under the cloud provider Cloud9.

The project has a good community that allows you to improve and expand the capabilities of the framework.

Official site: dradisframework.org

Faraday

Faraday is the most powerful collaboration environment, true multiplayer penetration testing. Supports work in ArchAssault, Archlinux, Debian, Kali, OSX, Debian. It works in real time, instantly processing the results sent by one or another pentester. In this framework, the concept of gamification is laid, specialists are given the opportunity to try on skills according to the quantity and quality of the vulnerabilities fixed.



In this framework, there is a risk assessment system in financial terms (which is personally rather subjective for me - author's note), but can provide adequate information for business owners or top management of the company.



There are also additional Workspaces for BugBounty members of the following vendors' programs:

• Airbnb
• Facebook
• Github
• Google
• Imgur
• Mozilla
• ownCloud
• Pinterest
• Twitter
• Vimeo
• Western Union
• Yahoo

The framework is distinguished by a rather thoughtful interface that allows intuitive understanding of the functionality (the screenshots show the web version of the client).





The framework is available in 3 editions: Community, Professional and Corporate.


Faraday exists as a client service and server (in the Professional and Corporate versions). Customer service exists in the form:

QT GUI


GTK GUI


ZSH UI


Web UI


CLI

ZSH web


This framework can interact with the following utilities (both as an import and as an API or as a plug-in):

• Acunetix (REPORT) (XML)
• Amap (CONSOLE)
• Arachni (REPORT, CONSOLE) (XML)
• arp-scan (CONSOLE)
• BeEF (API)
• Burp, BurpPro (REPORT, API) (XML)
• Core Impact, Core Impact (REPORT) (XML)
• Dig (CONSOLE)
• Dnsenum (CONSOLE)
• Dnsmap (CONSOLE)
• Dnsrecon (CONSOLE)
• Dnswalk (CONSOLE)
• evilgrade (API)
• Fierce (CONSOLE)
• ftp (CONSOLE)
• Goohost (CONSOLE)
• Hydra (CONSOLE) (XML)
• Immunity Canvas (API)
• Listurls (CONSOLE)
• Maltego (REPORT)
• masscan (REPORT, CONSOLE) (XML)
• Medusa (CONSOLE)
• Metagoofil (CONSOLE)
• Metasploit, (REPORT, API) (XML) XML report
• Nessus, (REPORT) (XML .nessus)
• Netsparker (REPORT) (XML)
• Nexpose, Nexpose Enterprise, (REPORT) (simple XML, XML Export plugin (2.0))
• Nikto (REPORT, CONSOLE) (XML)
• Nmap (REPORT, CONSOLE) (XML)
• Openvas (REPORT) (XML)
• PasteAnalyzer (CONSOLE)
• Peeping Tom (CONSOLE)
• ping (CONSOLE)
• propecia (CONSOLE)
• Qualysguard (REPORT) (XML)
• Retina (REPORT) (XML)
• Reverseraider (CONSOLE)
• Shodan (API)
• Skipfish (CONSOLE)
• Sqlmap (CONSOLE)
• SSHdefaultscan (CONSOLE)
• Telnet (CONSOLE)
• Theharvester (CONSOLE)
• Traceroute (CONSOLE)
• W3af (REPORT) (XML)
• Wapiti (CONSOLE)
• Webfuzzer (CONSOLE)
• whois (CONSOLE)
• X1, Onapsis (REPORT) (XML)
• Zap (REPORT) (XML)

Sometimes there is a need to write your own plugin - for there is documentation for their creation and integration into the system. It is also possible to debug the plug-in using the live debug mechanism.

Official website: www.faradaysec.com

Conclusion

Some frameworks are specific and narrowly focused, some, like Faraday, have excessive functionality and powerful capabilities for expansion, but all of them are designed to fulfill one role - to process the results in a qualitative and structured manner.

Conducting a full-scale information security audit with the involvement of highly qualified specialists will help you avoid incidents that could undermine the reputation of your organization and cause you significant losses.