中图分类号： TP309 文献标识码： A DOI： 10.19358/j.issn.2096-5133.2020.06.007 引用格式： 范晶，焦运良，戴贻康. 基于TrackRay的渗透测试平台设计[J].信息技术与网络安全，2020，39(6)：38-43.
Design of penetration test platform based on TrackRay
Fan Jing，Jiao Yunliang，Dai Yikang
National Computer System Engineering Research Institute of China，Beijing 100083，China
Abstract： Today，how to ensure information security is an important problem in the Internet. Penetration test is a common network security assessment method. Because using different security tools are too complicated, this paper designs a penetration testing platform based on TrackRay, with built-in vulnerability scanner and web service interface. It also integrates the advantages of various security tools, which makes it powerful and easy to use. In particular, the framework supports Java, Python, JSON and other ways to write plug-ins and calling various types of plug-ins to take penetration testing. And its portability is greatly improved. From the experimental results, it shows that the penetration testing platform designed in this paper is simple and convenient to build, can be used in Windows and Linux systems, and can be flexible to write plug-ins to achieve rapid detection of web security vulnerabilities.
Key words : information security；penetration testing；TrackRay；portability