Automatic penetration test system focuses on automatic simulation of hacker penetration and integrates functions modules such as automatic penetration, vulnerability verification and social engineering. It is used for red team to test defense result of security system and for improving employees’ security awareness.
Possess the largest vulnerability validation database (3100+) in the world, covering mainstream operation system, network device, Web application, mobile terminal and industrial control equipment
It allows importing self-written module or module downloaded from internet to system framework for better vulnerability scan and verification
Proprietary intellectual property rights, own all source code and copyright of the product, product safety is controllable
It supports advanced penetration technology such as quick automatic penetration, manual penetration, APT attack test, Web penetration test, VPN springboard and Socks proxy.
Convenient and efficient
Web graphic interface, simple operation, one task can penetrate 10,000 sets of host, and product authorization has no IP quantity limit.
system allows scan test on operation system (Windows, Linux, Solaris, Mac, BSD, Cisco iOS, IBM iSeries), network device (switch, router, firewall, IPSIDS), database (MSSQL, Oracle, MySQL, DB2 PostgreSQL), web application and service (IIS, Apache, WebLogic, Nginx). It supports automatic penetration test and manual vulnerability verification.
WEB application penetration
it integrates Web scan, test and audit function, which allows easy scan audit on Web application. It supports SQL injection, XSS, upload vulnerability, command execution vulnerability test and verification, and generates Web audit report. And the system contains modules used by CMS and frame in China (e.g., dedecms, phpcms, umail, eyou, thinkphp).
Smart vulnerability verification:
it supports import of scan result of a number of the third party security scan tool and vulnerability verification, e.g. AppScan, NeXpose, Acunetix, Core Impact, Nessus, NetSparker, Nmap. When scan result of the third party software is exported to XML or certain format, system will identify automatically and import to report, then perform penetration verification on imported host computer and its vulnerability in the system and confirm if vulnerability is real and can be attacked.
Mobile terminal penetration
it integrates vulnerability exploitation module of Android and iOS and supports online Android remote control generation.
for successfully penetrated target, it supports automatic evidence gathering after setting up conversation connection. Based on vulnerability conversation generation authority and possibility of authority improvement, information collected for Windows target may include screenshot, important configuration file, keyboard input record and file operation.
successfully penetrated target can select one or several post-penetration modules for post-penetration operation, such as authority improvement and information gathering.
integrated social engineering module allows security awareness test on enterprise employees. Attack project of social engineering can monitor objects’ actions of view email and open link. It can analyze attack progress and count attack data. The system divides social engineering function into three components: email, Web page, and portable file.