System and method for providing network penetration testing
First Claim
1. A method for performing penetration testing in a network from an end-user computer, wherein the method comprises the steps of:
- gathering valid email addresses from a server;
transmitting at least one determination email, wherein the determination email contains computer code, to at least one of the gathered email addresses, wherein the determination email is transmitted to a target computer associated with the at least one gathered email address, and wherein the determination email determines at least one application running on the target computer using the computer code of the determination email;
determining, by use of the determination email, at least one application running on the target computer, by the determination email containing a placeholder for content hosted in a server controlled by the penetration tester, wherein the at least one application is used to load the content in the placeholder in the target computer, thereby identifying the at least one application;
determining at least one vulnerability of the at least one determined application running on the target computer; and
generating at least one exploit for exploiting the determined at least one vulnerability of the application, thereby allowing for compromising of the target computer.
13 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing network penetration testing from an end-user computer is provided. The method includes the step of determining at least one of a version of a Web browser of a target computer, contact information associated with an end-user that uses the target computer, and applications running on the target computer. The method also includes the steps of determining exploits that are associated with the running applications and that can be used to compromise the target computer, and launching the exploits to compromise the target computer. Network penetration testing may also be provided by performing the steps of determining an operating system of a target computer, selecting one of a group of modules to use in detecting services of the target computer, and detecting the services of the target computer.
-
Citations
13 Claims
-
1. A method for performing penetration testing in a network from an end-user computer, wherein the method comprises the steps of:
-
gathering valid email addresses from a server; transmitting at least one determination email, wherein the determination email contains computer code, to at least one of the gathered email addresses, wherein the determination email is transmitted to a target computer associated with the at least one gathered email address, and wherein the determination email determines at least one application running on the target computer using the computer code of the determination email; determining, by use of the determination email, at least one application running on the target computer, by the determination email containing a placeholder for content hosted in a server controlled by the penetration tester, wherein the at least one application is used to load the content in the placeholder in the target computer, thereby identifying the at least one application; determining at least one vulnerability of the at least one determined application running on the target computer; and generating at least one exploit for exploiting the determined at least one vulnerability of the application, thereby allowing for compromising of the target computer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for providing network penetration testing, comprising:
-
a first module implemented via hardware logic circuitry configured to gather valid email addresses from a server; a second module implemented via hardware logic circuitry configured to transmit at least one determination email containing computer code to at least one of the gathered email addresses, wherein the determination email is transmitted to a target computer associated with the at least one gathered email address, and wherein the determination email determines at least one application running on the target computer using the computer code of the determination email; a third module implemented via hardware logic circuitry configured to determine, by use of the determination email, at least one application running on the target computer, by the determination email containing a placeholder for content hosted in a server controlled by a penetration tester, wherein the at least one application is used to load the content in the placeholder in the target computer, thereby identifying the at least one application; a fourth module implemented via hardware logic circuitry configured to determine at least one vulnerability of the at least one determined application running on the target computer; and a fifth module implemented via hardware logic circuitry configured to generate at least one exploit for exploiting the determined at least one vulnerability of the application, thereby allowing for compromising of the target computer. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable medium having a program for providing network penetration testing within a network, the program configured to perform the steps of:
-
gathering valid email addresses from a server; transmitting at least one determination email containing computer code to at least one of the gathered email addresses, wherein the determination email is transmitted to a target computer associated with the at least one gathered email address, and wherein the determination email determines at least one application running on the target computer using the computer code of the determination email; determining, by use of the determination email, at least one application running on the target computer, by the determination email containing a placeholder for content hosted in a server controlled by the penetration tester, wherein the at least one application is used to load the content in the placeholder in the target computer, thereby identifying the at least one application; determining at least one vulnerability of the at least one determined application running on the target computer; and generating at least one exploit for exploiting the determined at least one vulnerability of the application, thereby allowing for compromising of the target computer.
-
Specification