基于 Python 的自动化渗透工具的设计与实现 Design and I mplementation of A utomatic P enetration T ool based on Python 摘 要近些年来网络安全形势变得越来越严峻,全球数百万个政企遭遇过不同程度的网络攻击。渗透测试是一种对目标进行信息安全评估的方法,而目前该行业仍在存在着安全服务行业价格昂贵,安全人才缺口巨大,在渗透测试时步骤繁琐、效率低下等问题。且现阶段的渗透测试工具存在着学习成本高,自动化程度低,功能难以扩展等问题。针对以上问题,本文设计了一款基于 Python 编程语言的自动化渗透测试工具,面向的主要群体是爱好漏洞挖掘的 SRC 白帽子们和专业的渗透测试人员。这款工具会自动模拟人工渗透测试的过程,对目标网站进行分步进行信息收集、漏洞检测、报告输出等步骤,并在检测网站安全性的同时,实时打印出相关的信息。最后再按测试人员意愿进行漏洞的利用等操作,可以大大减轻渗透测试人员在渗透测试的各个阶段所需要的工作量,方便测试人员快速地完成典型的渗透测试任务。关键词:自动化 渗透测试 漏洞扫描 ABSTRACTIn recent years, millions of governments and enterprises around the world have encountered different degrees of network attacks, and the situation of network security has become more and more serious. Penetration test is a method to evaluate the information security of the target. At present, there are still many problems in this industry, such as the high price of security service industry, the huge shortage of security talents, the tedious steps and low efficiency in penetration test. At present, the penetration testing tools still have many problems, such as low automation, learning cost expensively and difficult to expand functions.In order to solve the above problems, this paper designs an automatic penetration testing tool based on python programming language. The main group is SRC white hats who are fond of vulnerability mining and professional penetration testers. This tool will automatically simulate the process of manual p...
