Automated Penetration Testing: RidgeBot

RidgeBot automates the entire ethical hacking process. Once it connects to an organisation's environment, it automatically identifies various types of network assets using its vulnerability knowledge base. Once RidgeBot locates a vulnerability, it uses built-in hacking techniques and exploit libraries, launching an actual ethical attack against the vulnerability. If the attack is successful, the vulnerability is confirmed and the entire sequence of events is thoroughly documented.

RidgeBot, unlike its competitors, provides us with undeniable measurable proof of an attack path against a given resource in the form of terminal access, database views, etc. Thanks to the zero false positive approach in the exploration path, we cannot talk about false positives and waste time identifying real problems.

RidgeBot can integrate with vulnerability scanners to analyse the vulnerability report and sift it from false positives. Additionally, RidgeBot has native integrations with SIEM and ePO class systems, giving the user also an open REST FULL API with swagger.

RidgeBot has an additional mode to emulate adversary behaviour, mimicking likely attack paths and techniques. This increases the visibility of potential attack vectors and improves communication between security systems. RidgeBot ACE adapts to the MITRE ATT&CK framework and maps its test scripts to the tactics and techniques listed in MITRE ATT&CK.

RidgeBot is able to prioritise security vulnerabilities based on the knowledge gained from the penetration test, comparing their real impact on the network infrastructure and the measurable benefits on the scale of the overall penetration test set up, not on the scale of a single endpoint.

All functionalities of the tool are available in a single user menu.