Penetration testing in a box

Abstract

Network and application vulnerability assessments have a tendency to be difficult and costly; however, failing to have an assessment done and fixing security loopholes may result in a security breach by malicious attackers. A security breach can cost an organization time and money remediating the damage, such as lost confidential business information, which far exceeds the cost of a security assessment. Our solution for this problem is a semi-automated system that can help a penetration tester, security professional, or systems administrator, scan and report on the vulnerabilities of a network and services running on the network. It is also able to perform some simulated attacks. This system relies on a miniaturized computer to host the necessary components to conduct a security assessment. This system has been done in an open source manner to allow others to contribute and benefit from a community effort in the name of security.