Towards Lightweight Mobile Pentesting Tools to Quickly Assess Machine Security Levels
Keywords:
Mobile device, customization, pentesting, lightweight, reflectionAbstract
Maintaining an appropriate security level on computing device infrastructures requires periodic audits to check for potential vulnerabilities. To do this, appropriate security tools are needed. Sometimes these tools turn difficult to deploy or use in scenarios where the infrastructure location, resource availability or general status do not suit their resource needs or features. This paper describes Lightpen, a security audit tool able to perform a fully customizable suite of lightweight security tests from a mobile device. Lightpen allows users to perform pentesting tasks at any place, choosing only the type of tests that are judged as the most adequate for the type of infrastructure to be audited. This way, resource and time usage is optimized, enabling security audits whenever they are needed. The tool is also very modular, using reflection to add more types of scans easily, without modifying the application core.