Weak Password Scanning System for Penetration Testing

Weak Password Scanning System for Penetration Testing

연구 분야: Strategies

학회: International Symposium on Cyberspace Safety and Security

Nowadays, many network security related personnel are accustomed to using simple passwords or default passwords set by system. Based on this kind of weak password vulnerabilities, the hackers can gain access to the systems easily. Weak password scanning is an important part of penetration testing. In order to enable penetration testers to discover weak passwords in the system more conveniently, this paper proposes a system for weak password scanning. This system includes five modules, namely the interface module, data reading processing module, IP address survival detection module, task scheduling module, and the weak password scanning plugin module. Furthermore, this system is developed based on the Go language, which has the characteristics of supporting high concurrency from the language level. We test this system by using the environment built by Docker. The experimental results validate the effectiveness of this system. In the actual penetration testing, this system can save a lot of time and energy for personnel, and has a certain practical value.