Automating Penetration Testing with MeTeOr

Notoriously, penetration testing is an extremely challenging activity that takes a long time and effort from skilled analysts. The reasons behind this complexity are manifold, but a prominent one is the lack of reliable automation strategies. Indeed, human intuition is still irreplaceable despite the abundance of penetration testing tools. In particular, two tasks tend to require human intervention: (i) the strategical prioritization of targets and (ii) the synthesis of novel attack vectors and payloads. Although (ii) may seem reasonable, as vulnerability exploitation may vary from context to context, (i) is often addressed by adopting predefined testing guides and methodologies. Nonetheless, the burden of implementing the testing guide is still on humans' shoulders. In this paper we present MeTeOr, an automated framework designed to alleviate much of the manual effort human analysts expend on the strategic planning and execution of tests. The inspiring principle behind MeTeOr is that human analysts should only focus on the tasks that truly require their skills. The main feature of MeTeOr is that it relies on a knowledge base synthesizing all previous findings. The knowledge base is a cornerstone for two crucial activities: identifying test targets and automating test execution. To assess the benefits of using MeTeOr, we apply it to a case study including real vulnerabilities.