Abstract
Nowadays, many network security related personnel are accustomed to using simple passwords or default passwords set by system. Based on this kind of weak password vulnerabilities, the hackers can gain access to the systems easily. Weak password scanning is an important part of penetration testing. In order to enable penetration testers to discover weak passwords in the system more conveniently, this paper proposes a system for weak password scanning. This system includes five modules, namely the interface module, data reading processing module, IP address survival detection module, task scheduling module, and the weak password scanning plugin module. Furthermore, this system is developed based on the Go language, which has the characteristics of supporting high concurrency from the language level. We test this system by using the environment built by Docker. The experimental results validate the effectiveness of this system. In the actual penetration testing, this system can save a lot of time and energy for personnel, and has a certain practical value.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Yu, H., Peng, G., Cai, K.: Research on file recovery method against ransomware using hybrid pattern cryptographic system. Comput. Eng. Appl. 55(10), 96–102 (2019)
Li, Y., Huang, C., Wang, Z., Yuan, L., Wang, X.: Survey of software vulnerability mining methods based on machine learning. J. Softw. 31(07), 2040–2061 (2020)
Spafford, E.H.: Preventing weak password choices. In: Proceedings of the 14th National Computer Security Conference, pp. 446–455. Springer, Heidelberg (1992)
Weber, J.E., Guster, D., Safonov, P., Schmidt, M.B.: Weak password security: an empirical study. Inf. Secur. J. Glob. Perspect. 17(1), 45–54 (2008)
Zhang, Z., Wang, M.: Survey on blockchain wallet scheme. Comput. Eng. Appl. 56(06), 28–38 (2020)
Xie, K.: Study on evolution of digital currency based on blockchain. Appl. Res. Comput. 36(07), 1935–1939 (2019)
Xu, B., He, G.: Penetration testing method for cyber-physical system based on attack graph. Comput. Sci. 45(11), 143–148 (2018)
Le, D., Gong, S., Wu, S., Liu, W.: Penetration test method using blind SQL injection based on second-order fragment and reassembly. J. Commun. 38(S1), 77–86 (2017)
Zhou, W., Yang, W., Wang, X., Ma, B.: Research on penetration testing tool for industrial control system. Comput. Eng. 45(08), 92–101 (2019)
Halfond, W.G.J., Choudhary, S.R., Orso, A.: Improving penetration testing through static and dynamic analysis. Softw. Test. Verification Reliab. 21(3), 195–214 (2011)
Antunes, N., Vieira, M.: Penetration testing for web services. Computer 47(2), 30–36 (2014)
Al-Ahmad, A.S., Kahtan, H., Hujainah, F., Jalab, H.A.: Systematic literature review on penetration testing for mobile cloud computing applications. IEEE Access 7, 173524–173540 (2019)
Zhou, T., Zang, Y., Zhu, J., Wang, Q.: NIG-AP: A new method for automated penetration testing. Front. Inf. Technol. Electron. Eng. 20(9), 1277–1288 (2019)
Tian, W., Yang, J.F., Xu, J., Si, G.N.: Attack model based penetration test for SQL injection vulnerability. In: Proceedings of the 2012 IEEE 36th Annual Computer Software and Applications Conference Workshops, pp. 589–594. IEEE Computer Society, Washington D.C., United States (2012)
Shah, S., Mehtre, B.M.: An overview of vulnerability assessment and penetration testing techniques. J. Comput. Virol. Hacking Tech. 11(1), 27–49 (2014). https://doi.org/10.1007/s11416-014-0231-x
Wang, J., Hu, W., Zhang, Y., et al.: Trusted container based on docker. J. Wuhan Univ. (Sci. Edn.) 63(2), 102–108 (2017)
Ceron, W., de-Lima-Santos, M.F., Quiles, M.G.: Fake news agenda in the era of COVID-19: identifying trends through fact-checking content, Online Soc. Networks Media 21, 100116 (2021)
Acknowledgments
This work is supported by the Guangdong Basic and Applied Basic Research Foundation (Grant No. 2018A0303130045), the Science and Technology Program of Guangzhou (Grant No. 201904010334).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Xie, B., Li, Q., Qian, H. (2022). Weak Password Scanning System for Penetration Testing. In: Meng, W., Conti, M. (eds) Cyberspace Safety and Security. CSS 2021. Lecture Notes in Computer Science(), vol 13172. Springer, Cham. https://doi.org/10.1007/978-3-030-94029-4_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-94029-4_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-94028-7
Online ISBN: 978-3-030-94029-4
eBook Packages: Computer ScienceComputer Science (R0)