中圖分類號： TP309
文獻(xiàn)標(biāo)識碼： A
DOI： 10.19358/j.issn.2096-5133.2020.06.007
引用格式： 范晶，焦運(yùn)良，戴貽康. 基于TrackRay的滲透測試平臺設(shè)計(jì)[J].信息技術(shù)與網(wǎng)絡(luò)安全，2020，39(6)：38-43.

Design of penetration test platform based on TrackRay

Abstract： Today，how to ensure information security is an important problem in the Internet. Penetration test is a common network security assessment method. Because using different security tools are too complicated, this paper designs a penetration testing platform based on TrackRay, with built-in vulnerability scanner and web service interface. It also integrates the advantages of various security tools, which makes it powerful and easy to use. In particular, the framework supports Java, Python, JSON and other ways to write plug-ins and calling various types of plug-ins to take penetration testing. And its portability is greatly improved. From the experimental results, it shows that the penetration testing platform designed in this paper is simple and convenient to build, can be used in Windows and Linux systems, and can be flexible to write plug-ins to achieve rapid detection of web security vulnerabilities.

Key words : information security；penetration testing；TrackRay；portability