Browse Source

CON-3103 feat(pentest-kit) add cyber security project

pull/2701/head
Zouhair AMAZZAL 3 months ago committed by Zouhair AMAZZAL
parent
commit
d3b5db8460
  1. 182
      subjects/cybersecurity/pentest-kit/README.md
  2. 110
      subjects/cybersecurity/pentest-kit/audit/README.md
  3. BIN
      subjects/cybersecurity/pentest-kit/resources/pentest-meme.jpg

182
subjects/cybersecurity/pentest-kit/README.md

@ -0,0 +1,182 @@
## Pentest-kit
<center>
<img src="./resources/pentest-meme.jpg?raw=true" style = "width: 700px !important; height: 464px !important;"/>
</center>
### Introduction:
Penetration testing (pen-testing) is a critical process in cybersecurity, involving the use of specialized tools to identify and exploit vulnerabilities in systems and networks. Pentest tools are essential for conducting thorough security assessments, helping to safeguard against potential threats.
### Objective:
Using a programming language from your choice you will create a a multi-functional tool for penetration testing, similar to popular security tools like `Nmap`, and `Dirsearch`. This project aims to give hands-on experience in understanding and developing security tools and building a practical toolkit for various pen-testing tasks.
By completing this project, You will:
- Gain practical experience in developing custom pentesting tools.
- Understand the core functionalities of port scanning, directory brute-forcing, network mapping, and HTTP header analysis.
- Learn how to build a cohesive set of utilities for penetration testing.
- Enhance your understanding of ethical considerations in cybersecurity.
### Resources
Some useful resources:
- [Penetration testing](https://en.wikipedia.org/wiki/Penetration_test)
- [Dirsearch](https://www.kali.org/tools/dirsearch/)
- [Port Scanning](https://en.wikipedia.org/wiki/Port_scanner)
- [HTTP headers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers)
Before asking for help, ask yourself if you have really thought about all the possibilities.
### Role play
To enhance the learning experience and assess your knowledge, a role play question session will be included as part of this project. This section will involve answering a series of questions in a simulated real-world scenario where you assume the role of a Cyber Security Expert explaining how to use pentesting tools to a team or stakeholder.
The goal of the role play question session is to:
- Assess your understanding of pentesting tools and techniques.
- Test your ability to communicate effectively and explain security measures related to this project.
- Challenge you to think critically about the importance of penetration testing and consider alternative approaches.
Prepare for a role play question session in the audit.
### Project Requirements
#### Tool Development:
You will develop the following tools:
1. **TinyScanner (Simple Port Scanner):**
- Create a tool that checks for open, closed, or filtered ports on a target host.
- The tool should support TCP scanning and the ability to scan a range of ports.
2. **DirFinder (Small Dirsearch):**
- Develop a tool to discover hidden directories and files on a web server by brute-forcing common paths using a wordlist.
3. **HostMapper:**
- Build a tool to perform a ping sweep to identify live hosts on a subnet.
4. **HeaderGrabber:**
- Implement a tool that retrieves and analyzes HTTP headers from a web server.
#### Input Handling:
Each tool should accept the relevant input parameters, such as IP addresses, URLs, and port ranges.
#### Output Management:
Store the results in a well-organized file format.
### Usage Examples
#### Command Line Interface:
```sh
$> pentestkit --help
Welcome to PentestKit
OPTIONS:
-t TinyScanner Run the simple port scanner.
Use this option to specify the target IP address and the ports you wish to scan.
Example: -t 192.168.1.1 -p 22,80,443
-d DirFinder Run the directory brute-forcer.
Use this option to specify the target URL and the path to a wordlist for discovering hidden directories.
Example: -d http://example.com -w /path/to/wordlist.txt
-h HostMapper Run the network host mapper.
Use this option to perform a ping sweep on a specified subnet to identify live hosts.
Example: -h 192.168.1.0/24
-g HeaderGrabber Run the HTTP header analyzer.
Use this option to retrieve and analyze HTTP headers from a specified URL, useful for identifying security headers.
Example: -g http://example.com
-o "FileName" File name to save output.
Use this option to specify the file name where the results of the scan or analysis will be saved.
Example: -o result.txt
```
#### Example Outputs:
1. **TinyScanner (Simple Port Scanner):**
```sh
$> pentestkit -t 192.168.1.1 -p 22,80,443 -o result1.txt
Port 22 is open (SSH)
Port 80 is open (HTTP)
Port 443 is closed
Data Saved in result1.txt
```
2. **DirFinder (Small Dirsearch):**
```sh
$> pentestkit -d http://example.com -w /path/to/wordlist.txt -o result2.txt
/admin [Status: 200]
/uploads [Status: 403]
/login [Status: 200]
Data Saved in result2.txt
```
3. **HostMapper:**
```sh
$> pentestkit -h 192.168.1.0/24 -o result3.txt
Live hosts found:
192.168.1.1
192.168.1.10
192.168.1.15
Data Saved in result3.txt
```
4. **HeaderGrabber:**
```sh
$> pentestkit -g http://example.com -o result4.txt
HTTP/1.1 200 OK
Date: Mon, 01 Jan 2022 12:00:00 GMT
Server: Apache/2.4.41 (Ubuntu)
X-Powered-By: PHP/7.4.3
Warning: Missing Security Headers - X-Content-Type-Options, X-Frame-Options
Data saved in result4.txt
```
### Bonus
If you complete the mandatory part successfully, and you still have free time, you can implement anything that you feel deserves to be a bonus, for example:
- Adding a graphical user interface (GUI) for better user accessibility.
- Implementing advanced scanning techniques like SYN scans in TinyScanner.
Challenge yourself!
### Documentation
Create a `README.md` file that provides comprehensive documentation for your tools (prerequisites, setup, configuration, usage, ...). This file must be submitted as part of the solution for the project.
Include clear guidelines and warnings about the ethical and legal use of the tools in your documentation.
### Ethical and Legal Considerations
- Get Permission: Always obtain explicit permission before scanning or testing any network or system.
- Respect Privacy: Collect only necessary data and store it securely.
- Follow Laws: Adhere to relevant laws such as GDPR and CFAA.
- Report Responsibly: Notify affected parties privately if you identify vulnerabilities.
- Educational Use Only: Use these tools solely for learning and improving security.
> ⚠️ Disclaimer: This project is for educational purposes only. Ensure all activities comply with legal and ethical standards. The institution is not responsible for misuse of the techniques and tools demonstrated.
### Submission and Audit
Upon completing this project, you should submit the following:
- Your documentation in the `README.md` file.
- The source code for your tool.
- Any required files to run your tool.

110
subjects/cybersecurity/pentest-kit/audit/README.md

@ -0,0 +1,110 @@
#### General
##### Check the Repo Content.
Files that must be inside the repository:
- Detailed documentation in the `README.md` file.
- Source code for the PentestKit tools.
- Any required configuration files and scripts for running the tools.
###### Are all the required files present?
##### Play the Role of a Stakeholder
Organize a simulated scenario where the student takes on the role of Cyber Security Experts and explains their solution and knowledge to a team or stakeholder. Evaluate their grasp of the concepts and technologies used in the project, their communication efficacy, and their critical thinking about their solution and knowledge behind this project.
Suggested role play questions include:
- What is penetration testing and why is it important in cybersecurity?
- How do the penetration testing tools contribute to identifying vulnerabilities?
- What challenges did you face while developing the PentestKit tools, and how did you address them?
- How does the PentestKit help in conducting thorough security assessments?
- How can these tools be used in a real-life pentesting scenario?
- How do you ensure the ethical and legal use of these pentesting tools?
###### Were the students able to answer all the questions?
###### Did the students demonstrate a thorough understanding of the concepts and technologies used in the project?
###### Were the students able to communicate effectively and justify their decisions and explain the knowledge behind this project?
###### Were the students able to evaluate the value of this project in real-life scenarios?
###### Did the students demonstrate an understanding of ethical and legal considerations related to pentesting?
##### Check the Student Documentation in the `README.md` File
###### Does the `README.md` file contain all the necessary information about the tools (prerequisites, setup, configuration, usage, ...)?
###### Does the `README.md` file contain clear guidelines and warnings about the ethical and legal use of the tools?
##### Review the Tools' Design and Implementation
1. **Help Command:**
```sh
$> pentestkit --help
```
###### Does the output include an explanation of how to use the tools?
2. **TinyScanner (Port Scanning) Option:**
```sh
$> pentestkit -t 192.168.1.1 -p 22,80,443 -o result1.txt
```
###### Does the output correctly show whether the ports are open or closed?
###### Is the output stored in the file specified in the output parameter?
3. **DirFinder (Directory Brute-forcing) Option:**
```sh
$> pentestkit -d http://example.com -w /path/to/wordlist.txt -o result2.txt
```
###### Does the output correctly list the directories and their HTTP status codes?
###### Is the output stored in the file specified in the output parameter?
4. **HostMapper (Network Mapping) Option:**
```sh
$> pentestkit -h 192.168.1.0/24 -o result3.txt
```
###### Does the output correctly identify live hosts on the subnet?
###### Is the output stored in the file specified in the output parameter?
4. **HeaderGrabber (HTTP Header Analysis) Option:**
```sh
$> pentestkit -g http://example.com -o result4.txt
```
###### Does the output correctly retrieve and analyze HTTP headers?
###### Is the output stored in the file specified in the output parameter?
##### Ensure that the student submission meets the project requirements:
1. **Functionality:** Do the tools perform their intended functions accurately (e.g., port scanning, directory brute-forcing, network mapping, HTTP header analysis)?
2. **Data Accuracy:** Is the retrieved information accurate and relevant?
3. **Ethical Considerations:** Are there clear guidelines and warnings about the ethical and legal use of the tools?
4. **Usability:** Are the tools user-friendly and well-documented?
###### Did the tool design and implementation align with all the project requirements above?
###### Were the students able to implement functional and reliable tools that meet the project requirements?
#### Bonus
###### + Did the student implement additional valuable features?
###### + Is this project an outstanding project that exceeds the basic requirements?

BIN
subjects/cybersecurity/pentest-kit/resources/pentest-meme.jpg

diff.bin_not_shown

After

Width:  |  Height:  |  Size: 465 KiB

Loading…
Cancel
Save