PENETRATION TEST ATTACK TREE GENERATOR

摘要

Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for receiving goal data and start-up information, the goal data indicating a goal to be achieved during a penetration test, the start-up information indicating initial data for beginning the penetration test, receiving tool data from a register of tools, the tool data including one or more tools that can be used during the penetration test, and, for each tool, input data required to execute the tool and output data provided by the tool, processing the goal data, the start-up information and the tool data to automatically generate attack tree data, the attack tree data including a plurality of data sets and links between data sets, and providing the attack tree data to display a graphical representation of an attack tree on a display.

主权项

1. A computer-implemented method executed by one or more processors, the method comprising:
receiving, by the one or more processors, goal data and start-up information, the goal data indicating a goal to be achieved during a penetration test, the start-up information indicating initial data for beginning the penetration test; receiving, by the one or more processors, tool data from a register of tools, the tool data comprising one or more tools that can be used during the penetration test, and, for each tool, input data required to execute the tool and output data provided by the tool; processing, by the one or more processors, the goal data, the start-up information and the tool data to automatically generate attack tree data, the attack tree data comprising a plurality of data sets and links between data sets; and providing, by the one or more processors, the attack tree data to display a graphical representation of an attack tree on a display.