An automated approach to Vulnerability Assessment and Penetration Testing using Net-Nirikshak 1.0

Abstract

With increasing world-wide connectivity of Information systems, and growth in accessibility of data resources, the threat to the Integrity and Confidentiality of Data and Services has also increased. Every now and then cases of Hacking and Exploitation are being observed. So in order to remain immune and minimize such threats, the Organizations conduct regular Vulnerability Assessment and Penetration Testing (VAPT) on their Technical Assets [1]. We at IDRBT have developed a new automated VAPT Testing Tool named Net-Nirikshak 1.0 which will help the Organizations to assess their Application/Services and analyze their Security Posture. Net-Nirikshak 1.0 detects the vulnerabilities based on the applications and Services being used on the target system. Apart from these it detects the SQL Injection vulnerabilities and reports all the Identified vulnerable links on the Target. Further the tool can also exploit the identified SQLI vulnerable links and grab confidential information from Target.The automated VAPT report generated by the tool is sent to the specified Email and all the traces of Scan along with the Report are removed from the Hard disk so as to ensure the Confidentiality of the VAPT Report. All the Technical and Operational aspects of Net-Nirikshak 1.0 are described in this paper along with the Outputs of a sample VAPT Test conducted on www.webscantest.com using Net-Nirikshak 1.0.