The Design And Implementation Of Network Security Assessment System Based On Metasploit

With the outbreak of the Prism event and the disclosure of OpenSSL Heartbleed bug events, the information security is becoming more and more important and it will become the focus point for nation, enterprises and research institutions. In order to effectively reduce such information security incidents to the individuals, businesses and the whole country, vulnerability assessment and penetration testing and other network security assessment method have become one of the most effective way to assess information system security status. However, compared with the other countries, our country lacks of security assessment technology resources. Although there are many kinds of security assessment tools, most of them are difficult to be operated and their functions are limited, and the assessment process usually lacks of continuity, automation and intellectualization. As a result, many security problems in the information system can not be found as early as possible.On the basis of this, we use Metasploit Framework as the core of the assessment system, and then develop the Metasploit existing interfaces. We integrate the most popular security tools. Furthermore, we use the modularization and plug-in based approach and convert the C/S structure to B/S architecture. The function of the system is divided into host scanning, password cracking, Web scanning, vulnerability scanning, session controlling and reporting generation. Finally, all the modulars are assembling together, presenting the analysis results to the user in a black-box based approach so as to hide the complexity of the security assessment process. The final results are based on Web. This thesis presents the function verification to this assessment system. Through the contrast experiment, it is clear that this system has obvious advantages in terms of ef?ciency, success rate and scan rate. This system can reduce the burden of the administrator, increase the security of information systems, and reduce the probability of sensitive information leakage.