You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

4.3 KiB

General

Check the Repo Content.

Files that must be inside the repository:

  • Detailed documentation in the README.md file.
  • Source code for the PentestKit tools.
  • Any required configuration files and scripts for running the tools.
Are all the required files present?
Play the Role of a Stakeholder

Organize a simulated scenario where the student takes on the role of Cyber Security Experts and explains their solution and knowledge to a team or stakeholder. Evaluate their grasp of the concepts and technologies used in the project, their communication efficacy, and their critical thinking about their solution and knowledge behind this project.

Suggested role play questions include:

  • What is penetration testing and why is it important in cybersecurity?
  • How do the penetration testing tools contribute to identifying vulnerabilities?
  • What challenges did you face while developing the PentestKit tools, and how did you address them?
  • How does the PentestKit help in conducting thorough security assessments?
  • How can these tools be used in a real-life pentesting scenario?
  • How do you ensure the ethical and legal use of these pentesting tools?
Were the students able to answer all the questions?
Did the students demonstrate a thorough understanding of the concepts and technologies used in the project?
Were the students able to communicate effectively and justify their decisions and explain the knowledge behind this project?
Were the students able to evaluate the value of this project in real-life scenarios?
Check the Student Documentation in the README.md File
Does the README.md file contain all the necessary information about the tools (prerequisites, setup, configuration, usage, ...)?
Review the Tools' Design and Implementation
  1. Help Command:
$> pentestkit --help
Does the output include an explanation of how to use the tools?
  1. TinyScanner (Port Scanning) Option:
$> pentestkit -t 192.168.1.1 -p 22,80,443 -o result1.txt
Does the output correctly show whether the ports are open or closed?
Is the output stored in the file specified in the output parameter?
  1. DirFinder (Directory Brute-forcing) Option:
$> pentestkit -d http://example.com -w /path/to/wordlist.txt -o result2.txt
Does the output correctly list the directories and their HTTP status codes?
Is the output stored in the file specified in the output parameter?
  1. HostMapper (Network Mapping) Option:
$> pentestkit -h 192.168.1.0/24 -o result3.txt
Does the output correctly identify live hosts on the subnet?
Is the output stored in the file specified in the output parameter?
  1. HeaderGrabber (HTTP Header Analysis) Option:
$> pentestkit -g http://example.com -o result4.txt
Does the output correctly retrieve and analyze HTTP headers?
Is the output stored in the file specified in the output parameter?
Ensure that the student submission meets the project requirements:
  1. Functionality: Do the tools perform their intended functions accurately (e.g., port scanning, directory brute-forcing, network mapping, HTTP header analysis)?

  2. Data Accuracy: Is the retrieved information accurate and relevant?

  3. Ethical Considerations: Are there clear guidelines and warnings about the ethical and legal use of the tools?

  4. Usability: Are the tools user-friendly and well-documented?

You can compare the results of the student's tool with another tool to to prove the output match with the expected one if needed!

Are all the tools implemented from scratch? Can you confirm that no external CLI are called to perform the checks described in the subject?
Did the tool design and implementation align with all the project requirements above?
Were the students able to implement functional and reliable tools that meet the project requirements?

Bonus

+ Did the student implement additional valuable features?
+ Is this project an outstanding project that exceeds the basic requirements?