Automated Penetration Tester in a Telecommunication Network

Abstract

In the modern world of networks, there are a plethora of vulnerabilities present in every possible part of software and hardware. Companies can never claim that their product or service is secure, it is impossible to prove. With this, malicious actors can exploit the system to their advantage gain information or capital, and disrupt the service. This poses a threat to organizations and users since confidential information could be compromised.

To prevent vulnerabilities in systems, penetration testing is implemented: ethical hackers looking for exploits that can later be patched to secure the system. Penetration testing is a manual task utilizing automated tools to speed up repetitive work to focus on other parts that demand creativity or human intuition. There is a vast amount of tools that contribute to improving testing. Many of the tools are designed to work against one host at a time and only hosts directly connected to the tool host. There are relevant studies on automating penetration testing, an example is with AI agents learning vulnerabilities and exploiting them have been successful. There is also relevant research in enabling agents to spread to multiple nodes performing actions controlled by a master, mimicking distributed attack patterns closer to human behavior.

This paper aims to develop an automated penetration tester with the ability to perform tests on nodes indirectly to enable widespread testing on multiple machines. The goal with this is to increase testing and allow usability. To test this we have developed a proof of concept, a modular tool named Hinser, capable of performing attacks on targets from an intermediate host relaying executions sent from the tool host. This includes: gathering information about a target; scanning a target internally and externally with known tools to analyze vulnerabilities; exploiting the target; returning successful results; creating regression tests for future testing. Hinser was successful at the tasks and could perform indirect testing against the targets.