-
Notifications
You must be signed in to change notification settings - Fork 318
SecGen overview
What is SecGen?
What problem does SecGen solve?
How does SecGen work?
Planned future development
SecGen, or Security Scenario Generator, is a platform for creating vulnerable virtual machine targets for practising and learning penetration testing techniques against.
The application is written in Ruby makes use of Vagrant and Puppet in order to create and configure the virtual machines.
Computer Security beginners often cut their teeth on pre-built virtual machine boxes, such as Metasploitable2 or those found at vulnhub. Boxes like this are great for self directed learning and are generally well documented with plenty of solutions and walk-through guides available online.
Although pre-built boxes benefit students' extra-curricular learning, the fact they are well documented poses a problem for use in formal education. Professors and lecturers time is generally stretched thin and vetting potential candidate boxes for use in an assignment is time which could be better spent elsewhere.
SecGen aims to solve this issue by introducing a random element into the content of the boxes generated. The modular nature of the services and vulnerabilities contained within SecGen means there can be a great number of different configurations.
The metadata held about each module contains information such as the type of software/vulnerability, difficulty of exploitation, any CVE numbers held about the vulnerability, any hints required etc. (See secgen_metadata.xml for more). This metadata is used during the selection process and the user can be as specific or vague about their requirements as they wish.
For example the default_scenario.xml specifies that the user wants a linux basebox with 2 vulnerabilities, 1 service and 1 network. The first vulnerability needs to be a user privilege, remotely accessible vulnerability and the second needs a root-level local vulnerability and the service module has no constraints.
SecGen will filter through it's modules using the secgen_metadata.xml contents and select appropriate services and vulnerabilities. If more than 1 module fits the criteria specified in the scenario the module selected will be random. As the service module in the default_scenario example has no constraints SecGen will select any random service module for installation/configuration, as long as there are no conflicts between the selected modules.
- CTF capabilities
- Improved reporting functionality
- Web frontend
- etc.