Adding web pentesting functionality to PTHelper

TL;DR

This paper discusses extending the open-source PTHelper tool to include web pentesting capabilities, aiming to automate vulnerability detection and improve web application security testing.

Contribution

The paper introduces new web pentesting functionalities to PTHelper, enhancing its ability to detect and report web vulnerabilities automatically.

Findings

Expanded PTHelper with web vulnerability detection features

Improved automation in web application security testing

Enhanced ability to identify emerging web threats

Abstract

Web application pentesting is a crucial component in the offensive cybersecurity area, whose aim is to safeguard web applications and web services as the majority of the web applications are mounted in publicly accessible web environments. This method requires that the cybersecurity experts pretend and act as real attackers to identify all the errors and vulnerabilities in web applications with the objective of preventing and reducing damages. As this process may be quite complex and the amount of information pentesters need may be big, being able to automate it will help them to easily discover the vulnerabilities given. This project is the direct continuation of the previous initiative called PThelper: An open source tool to support the Penetration Testing process. This continuation is focused on expanding PThelper with the functionality to detect and later report web vulnerabilities in order to address emerging threats and strengthen the ability of the organizations to protect their web applications against potential cyber-attacks.