WEB APP BUG HUNTING ASSISTANT (WABUHA): A COMPREHENSIVE TOOLKIT FOR GUIDED RECONNAISSANCE AND EXPLOITATION FOR BEGINNER PENETRATION TESTERS
Loading...
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Universiti Malaysia Sarawak (UNIMAS)
Abstract
Description
Cybersecurity threats to web applications are constantly evolving, requiring robust penetration testing to identify and remediate vulnerabilities. Traditional penetration testing tools often provide a steeper learning curve for beginner penetration testers, causing them difficulty in performing thorough assessments. This project addresses this challenge by developing the Web App Bug Hunting Assistant (WABUHA). It is a comprehensive toolkit designed to provide guided reconnaissance and exploitation specifically for beginner penetration testers. WABUHA integrates streamlined processes for scope management, information gathering, vulnerability scanning, exploitation, and reporting. Key features include risk categorisation, Common Weakness Enumeration (CWE) mapping for better understanding, and explanations of detected vulnerabilities are powered by the Gemini 2.0 Flash model. The developed tool simplifies complex penetration testing workflows, making it more convenient and in progressive manner. The automated identification and successful exploitation of common web vulnerabilities by WABUHA demonstrated its effectiveness in guiding beginners through the reconnaissance and exploitation phases. This enhances their learning experience and improves the quality of web application security assessments. This tool significantly contributes to guiding new talent in the cybersecurity field by lowering the entry barrier to practical penetration testing.