slaider
Monitoring cyberspace and an early warning tool

card product

Penetration Test System

Automatic penetration test system focuses on automatic simulation of hacker penetration and integrates functions modules such as automatic penetration, vulnerability verification and social engineering. It is used for red team to test defense result of security system and for improving employees’ security awareness.

 

Features

 

Three dimensional

Possess the largest vulnerability validation database (3100+) in the world, covering mainstream operation system, network device, Web application, mobile terminal and industrial control equipment

 

Module import

It allows importing self-written module or module downloaded from internet to system framework for better vulnerability scan and verification

 

Safety controllable

Proprietary intellectual property rights, own all source code and copyright of the product, product safety is controllable

 

Powerful function

It supports advanced penetration technology such as quick automatic penetration, manual penetration, APT attack test, Web penetration test, VPN springboard and Socks proxy.

 

Convenient and efficient

Web graphic interface, simple operation, one task can penetrate 10,000 sets of host, and product authorization has no IP quantity limit.

 

Functions

 

Automatic penetration

system allows scan test on operation system (Windows, Linux, Solaris, Mac, BSD, Cisco iOS, IBM iSeries), network device (switch, router, firewall, IPSIDS), database (MSSQL, Oracle, MySQL, DB2 PostgreSQL), web application and service (IIS, Apache, WebLogic, Nginx). It supports automatic penetration test and manual vulnerability verification.

 

WEB application penetration

it integrates Web scan, test and audit function, which allows easy scan audit on Web application. It supports SQL injection, XSS, upload vulnerability, command execution vulnerability test and verification, and generates Web audit report. And the system contains modules used by CMS and frame in China (e.g., dedecms, phpcms, umail, eyou, thinkphp).

 

Smart vulnerability verification:

it supports import of scan result of a number of the third party security scan tool and vulnerability verification, e.g. AppScan, NeXpose, Acunetix, Core Impact, Nessus, NetSparker, Nmap. When scan result of the third party software is exported to XML or certain format, system will identify automatically and import to report, then perform penetration verification on imported host computer and its vulnerability in the system and confirm if vulnerability is real and can be attacked.

 

Mobile terminal penetration

it integrates vulnerability exploitation module of Android and iOS and supports online Android remote control generation.

 

Evidence gathering

for successfully penetrated target, it supports automatic evidence gathering after setting up conversation connection. Based on vulnerability conversation generation authority and possibility of authority improvement, information collected for Windows target may include screenshot, important configuration file, keyboard input record and file operation.

 

Post-penetration module

successfully penetrated target can select one or several post-penetration modules for post-penetration operation, such as authority improvement and information gathering.

 

Social engineering

integrated social engineering module allows security awareness test on enterprise employees. Attack project of social engineering can monitor objects’ actions of view email and open link. It can analyze attack progress and count attack data. The system divides social engineering function into three components: email, Web page, and portable file.

 

Penetration Test System
Write the E-Mail, we will contact you within days.



Write the E-Mail, we will contact you within days.