| Faced with the increasing complexity of Internet threats as well as a growing demand for Internet security,we are prompted to find ways to improve relevant security technologies.Hence it is necessary to develop a penetration test platform which will have such functions as attacking the rival computer system,pinpointing the loopholes of the test system and measuring the impact of the new attacking technologies.Taking advantages of the services provided by the platform,users will be able to launch a mock attack and assess the safety degree of the system and its equipments.The thesis consists of the following parts:An extensive study of similar test platforms,which summarizes their main functions and drawbacks;A detailed introduction of the key technologies during the application of the penetration test platform,including penetration test technologies,Metasploit test framework,virtual technologies and commonly used penetration test tools,etc.An exposition concerning the general requirements,function demands,design and working principles,and system modules,etc.Moreover,it also discusses methods to apply the above-mentioned technologies to the design of the security penetration test platform and introduces the key technologies in realizing the functions of each module.From the perspective of the module of the attacking side,the thesis expounds upon the design and realization of the Http version scanning,Ftp service recognition,Http service recognition,buffer overrun and disabled system drive;the paper also contains a detailed introduction of the structure design and function realization of the targeted computer from the angles of calculation,network,storage and security.Hence a testing environment is created to access the system's function and quality.The result indicates that the platform can meet the design requirements in both aspects.The attacking side provides penetration capacity while the target terminal can imitate the test scene and provide a proper environment.In conclusion,the platform achieves the desired results in terms of design and application.The penetration test platform will support further developments of the penetrating function module,support the mock mainstream penetration testing scene and the swift building of the test environment;it also possesses typical attacking means,supports the research of relevant security technologies,thus through such a platform,researchers can improve their capacity to guard against security risks posed to the system and equipments,as well as the emergency response capability. |
PDF Full Text Request