Abstract
Assets identification is an important aspect of penetration test on which security practitioner develop their defense mechanism. In addition, assets identification is an essential piece of information for penetration testers to find a weakness in the targeted organization. Information gathering is the process of extracting knowledge to recognize the organizations' assets available on the internet. There are many open source tools available for information gathering. However, penetration tester needs to put manual effort (during several hours to multiple days) to extract useful knowledge from the output of one tool and integrate that knowledge in another tool. Penetration tester can increase speed and accuracy of the overall information gathering process by automating the knowledge extraction and integration. This paper review and identify open source subdomain enumeration and service scanning tools and present an approach to integrate and automate identified tools. The result reveals that there is a significant improvement of the information gathering process by using our approach due to the reduction of manual tasks.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call