Project Address: https://github.com/catsploit/catsploit#
CATSploit is an automated penetration testing tool based on CATS, which implements its functionality based on the Cyber Attack Testing Scores (CATS) method. It can automatically perform security penetration testing on target applications without the need for penetration testers to operate.
CATSploit can automatically perform penetration testing tasks according to the following operation sequence:
-
Information gathering and input of previously collected information: First, the tool will collect relevant information about the target system. CATSploit not only supports using nmap and OpenVAS to gather information about the target system but also supports inputting pre-collected information about the target system;
-
Calculate penetration testing technology score values: Using the information obtained in the previous stage and the penetration testing technology database, calculate the assessment values of the exploitability (eVc) and detectability (eVd) of each penetration testing technology. For each target device, calculate the value of each penetration testing technology;
-
Penetration testing technology selection: By using the previous ratings and predefined policies, select penetration testing technologies and create penetration testing scenarios;
-
Penetration testing execution: CATSploit can execute penetration testing technologies based on the penetration testing scenarios built in the previous stage. In addition, CATSploit will also use the Metasploit framework and Metasploit API to perform actual penetration testing;
Tool Requirements
Kali Linux 2023.2a
Python
Tool Installation
The Kali Linux distribution will come pre-installed with Metasploit, Nmap, OpenVAS, and the Python environment.
Researchers can directly clone the source code of this project to their local machine using the following command.