ExeKaliBurr: uma Ferramenta Exploratória Auxiliar para o Levantamento de Informações em Pentests Web
Abstract
The Pentest is one of the main approaches within the Offensive Security area, an important sector of Cybersecurity that seeks to improve the protection and reliability of virtual systems through proactive security checks. During the execution of a Pentest, the security professional carries out a series of steps to perform the procedures, and one of these steps is called the Information Gathering phase. This work proposes an exploratory tool capable of working together with security professionals to facilitate and automate the manual searches that are carried out during the execution of the Information Gathering phase, thus providing greater convenience during the completion of this stage.References
Dewan, P., Kashyap, A., and Kumaraguru, P. (2014). Analyzing social and stylometric features to identify spear phishing emails. In 2014 apwg symposium on electronic crime research (ecrime), pages 1–13. IEEE.
Edwards, P. L. (2019). Cyber Automated Red Team Tool. PhD thesis, Monterey, CA; Naval Postgraduate School.
Force, J. T. (2018). Risk management framework for information systems and organizations. NIST Special Publication, 800:37.
Laxmi Kowta, A. S., Bhowmick, K., Kaur, J. R., and Jeyanthi, N. (2021). Analysis and overview of information gathering & tools for pentesting. In 2021 International Conference on Computer Communication and Informatics (ICCCI), pages 1–13.
Mulholland, C. S. (2018). Dados pessoais sensíveis e a tutela de direitos fundamentais: uma análise à luz da lei geral de proteção de dados (lei 13.709/18). Revista de Direitos e Garantias Fundamentais, 19(3):159–180.
Stuttard, Dafydd; Pinto, M. (2011). The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws. Wiley.
Walker, M. (2013). Certified Ethical Hacker Practice Exams. McGraw-Hill Osborne Media.
Weidman, G. (2014). Penetration Testing: A Hands-on Introduction to Hacking. Novatec.
Edwards, P. L. (2019). Cyber Automated Red Team Tool. PhD thesis, Monterey, CA; Naval Postgraduate School.
Force, J. T. (2018). Risk management framework for information systems and organizations. NIST Special Publication, 800:37.
Laxmi Kowta, A. S., Bhowmick, K., Kaur, J. R., and Jeyanthi, N. (2021). Analysis and overview of information gathering & tools for pentesting. In 2021 International Conference on Computer Communication and Informatics (ICCCI), pages 1–13.
Mulholland, C. S. (2018). Dados pessoais sensíveis e a tutela de direitos fundamentais: uma análise à luz da lei geral de proteção de dados (lei 13.709/18). Revista de Direitos e Garantias Fundamentais, 19(3):159–180.
Stuttard, Dafydd; Pinto, M. (2011). The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws. Wiley.
Walker, M. (2013). Certified Ethical Hacker Practice Exams. McGraw-Hill Osborne Media.
Weidman, G. (2014). Penetration Testing: A Hands-on Introduction to Hacking. Novatec.
Published
2023-09-18
How to Cite
BARROS, Daniel R.; PIMENTA, Saskya A.; ROCHA, Lincoln S.; MONTEIRO, José M..
ExeKaliBurr: uma Ferramenta Exploratória Auxiliar para o Levantamento de Informações em Pentests Web. In: TOOLS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 1-8.
DOI: https://doi.org/10.5753/sbseg_estendido.2023.235547.
