The Research Of Penetration Testing And Attack Method Based On Metasploit

With the improvement of network security technology,hacker attack technology also has been further improved.According to the official statistics of the United States,more and more network attack frequency is high,resulting in huge economic loss.Therefore,the world is very concerned about the network information security to prevent information leakage caused irreparable damage,checking the system security has become an indispensable part of the protection of information security.Penetration testing is a way of obtaining the security of the target system by authorization and reasonable penetration.In this way,the security situation of the target system can be obtained scientifically.At present,the mainstream penetration test module is metasploit framework,and metasploit framework has good compatibility,scalability and automation performance.Escape technique avoids the network intrusion detection system in a variety of ways,and se cretly sends the attack data stream to the target system.The combination of the two can more effectively detect the security of the target system.Mainstream escape module is fagroute,fagroute framework contains the majority of atoms found in escape mode.At present,the market does not have the mature standards and programs to test the network protection equipment.In this paper,the use of open source Metasploit and fragroute in the domestic initiative the design and device to effectively test network protection equipment.This paper describes the present situation of current domestic and foreign penetration testing and escape technology,select ing the Metasploit penetration testing framework and fragroute module as a platform and analyzing the penetration of Metasploit framework modules and fragroute codes.This paper comprehensively introduces the main technical means of vulnerability mining.Then,the Metasploit penetration test framework and the fragroute module are extended,and on this basis,the escape test is carried out to complete the detection of the attack success rate of the infiltration module and the escape module.The network protection equipment is tested with the instrument which has the attack mode of escape technology.The results show that the network protection equipment can be effectively detected.