This project aims to develop a penetration testing tool designed to identify and assess vulnerabilities in a software system housed in a contained environment. Our focus is on leveraging open-source tools and frameworks, guided by the OWASP standards.
A vulnerability is a weakness or flaw in a system, application, or network that can be exploited by an attacker to gain unauthorized access or cause damage. Vulnerabilities can arise from various factors, including coding errors, configuration issues, or insufficient security controls. Identifying and mitigating vulnerabilities is crucial for maintaining the security and integrity in information systems.
The following table lists the vulnerabilities identified and targeted in this project:
- Metasploit Framework: For developing and executing exploit code against a target system.
- Nmap Scripting Engine: For automating a wide variety of networking tasks, including vulnerability detection.
- SQLMap: For automating the process of detecting and exploiting SQL Injection flaws.
- Commix: For testing web applications for Command Injection vulnerabilities.
- Pradhumna Dhungana
- Bhavya
- Susanta Bhujel