infrascan screen

The main objective of Ethical Hacking (ethical hacking) is to exploit existing vulnerabilities in intrusion Using test systems that verify and evaluate the physical and logical security of information systems, computer networks, web applications, databases, servers, etc. There are many cases where organizations suffer incidents that could have been avoided if the protection mechanisms had been reinforced at the time. The analysis of the protection mechanisms must be a proactive task allowing pentester (person who conducts the audit) to find vulnerabilities within them and provide a solution before an attacker exploited this weakness.

To ensure the security it requires a set of systems, methods and tools for protecting information, which is why our team of experts has developed a powerful tool for this purpose called INFRA, which in addition to automatically test smart penetration collects information on corporations that possibly could be used to mount attacks against information systems, corporate image and reputation, or their employees, this being its differential factor over other commercial tools.

FEATURES

The Intelligence Framework (INFRA) is a powerful engine for gathering information, assessing vulnerabilities and analysis. It has added support for several commercial and open source, custom modules and modular extensibility scanners, making virtually unlimited frame.

INFRA not only searching for vulnerabilities, also releases all known security scanners, commercial and gratuisos, so you can compare.

Makes automatic analysis of information systems allowing the researcher to obtain real-time data, including DNS, network, databases, web applications, social, commercial and financial records among other things.

Finally, it all comes together with custom reporting engine that filters and organizes intelligence into a clean, structured report, available in English and Spanish. The report is based on detailed descriptions written as including explanations, visual and textual evidence, and recommended solutions, along with external links where you can get more information .

ADVANTAGES

The advantages of INFRA before any tool is its ability to automatically collect information on smart corporations that possibly could be used to mount attacks against information systems, corporate image and reputation or its employees. That is, the focus of INFRA is no penetration testing techniques, but look for gaps in the whole business model that could allow important gaps in the client security.

INFRA makes automatic analysis of information systems allowing the researcher to obtain real-time data, including DNS, network, databases, web applications, social, commercial and financial records among other things.

Finally, it all comes together with custom reporting engine that filters and organizes intelligence into a clean and structured, available in English and Spanish report. The report is based on detailed descriptions written as including explanations, visual and textual evidence, and recommended solutions, along with external links where you can get more information.

informe2 infra reports
informe4 infra reports
informe1 infra reports
informe3 infra reports

The service runs from Seed Security servers. The customer buys a temporary license to use the tool in some way (eg modules or amount of resources used).

MODULES

The INFRA modules and the programs which make each test possible and are divided in 8 groups:

  1. IG – Information Gathering
    This group contains all the modules which make the search of the necessary information in the other security modules possible and also the intelligence modules to carry out deeper analysis of the targets and the company.
  2. SA – Service Assessment
    This group contains all the modules destined to find information necessary to the other security modules,identifying gates, services, operative systems, versions of installed software and creating rules to launch the other modules on the services revealed.
  3. US – User & Session
    This group contains all the modules which are used for finding vulnerabilities related to the users, cookies, login, multisession, etc.
  4. VA – Vulnerability Assessment
    This group contains all the modules which are used for finding vulnerabilities related to the systems and network, such as vulnerabilities of configuration, buffer overflow, software obsolescence and problems related to systems, services and network.
  5. WA – Web Assessment
    This group contains all the modules used for finding vulnerabilities related to the servers, services and web applications. All the OWASP Top 10 vulnerabilities are tested with detailed attention.
  6. DB – DataBase Assessment
    This group contains all the modules used for finding vulnerabilities related to databases.
  7. IF – Intelligence Framework extra modules
    This group contains all the modules used for finding information necessary to the other security modules.
  8. EM – External Modules
    INFRA can also connect to other vulnerability scanning software, private and OpenSource in order to obtain more information which will be used in its modules, providing a unique report as a final result and thus effect a deeper and more correct analysis which checks the vulnerabilities more times.

Among others, INFRA can connect to the following software:

  • Network Penetration Test: Metasploit
  • Network VA: Nessus, OpenVas, Rapid7 Nexpose
  • Web App/ServicesVA: Acunetix WVS, Nikto, OWASP ZAP, Burp Suite, DirBuster
  • URL Manipulation: Burp Suite, OWASP ZAP, Acunetix WVS, w3af
  • DataBase Security: Inguma, SQLninja, SQLmap
  • Password guessing: THC Hydra, Medusa, Wfuzz, nmap
  • Password cracking: John the Ripper

Not all software are cited here and other software and modules will be added in the future as INFRA is continually developing.

INFRA potential is obvious: not only can make security scans and tests of intelligence, something for which marks the difference from other, but can also use other scanners for a truly profound result.