Project Address: https://github.com/catsploit/catsploit#
CATSploit is an automated penetration testing tool based on CATS, which implements its functionality based on the Cyber Attack Testing Score (CATS) method. It can automatically perform security penetration testing on target applications without the need for penetration testing personnel to operate.
CATSploit can automatically perform penetration testing tasks in the following sequence:
-
Information gathering and input of previously collected information: First, the tool collects relevant information about the target system. CATSploit not only supports using nmap and OpenVAS to gather information about the target system but also supports inputting pre-collected information about the target system;
-
Calculate penetration testing technology score values: Using the information obtained in the previous stage and the penetration testing technology database, calculate the assessment values of the exploitability (eVc) and detectability (eVd) of each penetration testing technology. For each target device, calculate the value of each penetration testing technology;
-
Penetration testing technology selection: By using the previous scores and predefined policies, select penetration testing technologies and create penetration testing scenarios;
-
Penetration testing execution: CATSploit can execute penetration testing technologies based on the penetration testing scenarios built in the previous stage. In addition, CATSploit will also use the Metasploit framework and Metasploit API to perform actual penetration testing;
Tool Requirements
Kali Linux 2023.2a
Python
Tool Installation
The Kali Linux distribution will come pre-installed with Metasploit, Nmap, OpenVAS, and Python environments.
Researchers can directly clone the source code of this project using the following command.