System for penetrating computer or computer network
First Claim
1. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
- a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output.
4 Assignments
0 Petitions
Accused Products
Abstract
A computer network penetration test discovers vulnerabilities in the network using a number of scan modules. The scan modules perform their scanning of the network separately but in parallel. A scan engine controller oversees the data fed to and received from the scan modules, and controls the sharing of information among the modules according to data records and configuration files that specify how a user-selected set of penetration objectives should be carried out. The system allows for penetration strategies to be attempted simultaneously and independently. Information from each strategy is shared with other strategies so each can be more effective, and together they form a very comprehensive approach to network penetration. The strategies can be throttled at different levels to allow for those that are more likely to achieve success to run at the highest speeds. While most strategies collect information from the network, at least one dedicated one analyzes the data produced by the others according to a series of rules. This analysis reduces and refines data and simplifies the design of the various strategies. Data obtained through the various strategies are stored in such a way that new data types can be stored and processed without all the strategies having to be adjusted. Strategies are run according to whether or not they can help in achieving a specified objectives. The vulnerability scan is initiated by a user who specifies what targeted network resources to scan. From that point on, the scan is data driven and models how an unwanted attacker would gain unauthorized access to the system.
268 Citations
22 Claims
-
1. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
-
a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output. - View Dependent Claims (2, 3, 4)
-
-
5. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
-
a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output; and
a user interface operatively connected to said controller for allowing a user to input a desired network penetration objective, wherein said controller selects said plurality of scan modules from a set of available scan modules based on the input penetration objective.
-
-
6. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
-
a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output;
a user interface operatively connected to said controller for allowing a user to input a desired network penetration objective, wherein said controller selects said plurality of scan modules from a set of available scan modules based on the input penetration objective; and
an objective configuration file for each respective penetration objective input by the user, said objective configuration file identifying at least one scan module needed to achieve the corresponding penetration objective, wherein said controller selects said plurality of scan modules by accessing objective configuration files corresponding to the input penetration objectives.
-
-
7. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
-
a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output;
a user interface operatively connected to said controller for allowing a user to input a desired network penetration objective, wherein said controller selects said plurality of scan modules from a set of available scan modules based on the input penetration objective;
an objective configuration file for each respective penetration objective input by the user, said objective configuration file identifying at least one scan module needed to achieve the corresponding penetration objective, wherein said controller selects said plurality of scan modules by accessing objective configuration files corresponding to the input penetration objectives; and
wherein at least one of said objective configuration files identifies an auxiliary objective to pursue, and said controller accesses an objective configuration file corresponding to the auxiliary objective, said set of scan modules including a scan module identified in said objective configuration file corresponding to the auxiliary objective.
-
-
8. A computer network penetration test system including at least one software medium having software recorded thereon, the software comprising:
-
a plurality of scan modules for scanning a computer to learn vulnerabilities that the computer has to unwanted access, at least one of said scan modules producing an output based on a scan of the computer;
a controller for instructing said one scan module to perform a scan of the computer and to produce an output, and for producing an input to another of the scan modules based on said output;
wherein said input produced by said controller is identical to said output from said one scan module; and
wherein said output from said one scan module is a data record having fields, each of said fields identifying at least one piece of information about the scan performed by said one scan module.
-
-
9. A method of performing a penetration test on a computer network, comprising:
-
(a) performing a first computer network scan to gather information about a secured network resource in the computer network;
(b) performing a second computer network scan to gather information about a second secured network resource in the computer network; and
(c) automatically sharing output data from the first computer network scan with the second computer network scan. - View Dependent Claims (10, 11, 12, 13)
(d) performing a third computer network scan to gather information about a third secured network resource in the computer network, said step (d) being performed at the same time as at least one of said steps (a) and (b).
-
-
11. The method of claim 10, wherein the third network resource is the same resource as the first or second network resource.
-
12. The method of claim 10, wherein the third network resource is not the same resource as the first or second network resource.
-
13. The method of claim 10, wherein each of said steps (a), (b), and (c) is performed from a location remote from the computer network being scanned.
-
14. A method of performing a penetration test on a computer network, comprising:
-
(a) performing a first computer network scan to gather information about a secured network resource in the computer network;
(b) performing a second computer network scan to gather information about a second secured network resource in the computer network;
(c) automatically sharing output data from the first computer network scan with the second computer network scan; and
prior to said steps (a) through (c); (d) selecting at least one objective for the penetration test; and
(e) determining, based upon the at least one objective, a set of scan modules to use during the penetration test, the set of scan modules including first and second modules for respectively performing the first and second computer network scans of steps (a) and (b).
-
-
15. An article of manufacture bearing a machine readable program for carrying out the steps of:
-
scanning a computer network using a plurality of scan modules; and
automatically sharing information from at least one of the scan modules to at least one other of the scan modules. - View Dependent Claims (16, 17)
-
-
18. An article of manufacture bearing a machine readable program for carrying out the steps of:
-
scanning a computer network using a plurality of scan modules;
automatically sharing information from at least one of the scan modules to at least one other of the scan modules; and
wherein said step of automatically sharing information includes modifying contents of an output data record from one of the scan modules to form a modified data record, and passing the modified data record to another of the scan modules.
-
-
19. A computer network penetration test embodied in at least one carrier wave comprising:
-
a plurality of first signal segments constituting scan modules for scanning a network resource on a computer network to learn vulnerabilities that the network resource has to unwanted access;
a second signal segment defining instructions for one of the scan modules to perform a scan of the computer network and to produce an output based on the scan, and for producing an input to an other of the scan modules based on the output.
-
-
20. A computer network penetration test embodied in at least one carrier wave comprising:
-
a plurality of first signal segments constituting scan modules for scanning a network resource on a computer network to learn vulnerabilities that the network resource has to unwanted access;
a second signal segment defining instructions for one of the scan modules to perform a scan of the computer network and to produce an output based on the scan, and for producing an input to an other of the scan modules based on the output; and
a third signal segment constituting instructions for formatting the output in the form of a data record having a plurality of data fields, and for formatting the input to the other scan module in the form of a second data record having a plurality of second data fields.
-
-
21. A software medium having software recorded thereon, the software written to be executed by a processor, for procuring information relating to access of a secured computer system for any purpose whatsoever, the software comprising:
-
a first set of machine readable instructions for attempting to determine a first item of information relating to access of the secured computer system;
a second set of machine readable instructions for attempting to determine a second item of information relating to access of the secured computer system; and
information sharing instructions for making the first item available for use by the processor during execution of the second set of machine readable instructions. - View Dependent Claims (22)
-
Specification