Difference between revisions of "OWASP Hacking-the Pentest Tutor Game"

Latest revision as of 22:44, 19 March 2015

Main
FAQs
Acknowledgements
Road Map and Getting Involved
Minimum Viable Product

OWASP Pentest Tutor Game Project

This is a pentest tutor/training game. It was started because of the lack of games related to information security. We are trying to improve the awareness of information security through this game. Make the learning fun. Help people get started with pentest more easily. Also, demonstrate the process for a bad guy to compromise others' PC's, mobile devices, workstations by exploiting the low-hanging fruits.

Nowadays, it's getting cheaper and easier to launch websites and other internet services. However, many site/service admin/owner don't understand or even be aware of the security risks. Those sites/hosts rarely get maintained/upgraded. That leaves tons of vulnerable sites/hosts open on the Internet.

Recently, there are several fun games & applications sprung out for learning programming. Why don't we make it fun to learn security as well?

Meanwhile, by modeling the environment, the simulation engine could serve as a lightweight lab. Pentester could practise on the platform. It also eliminates the risk of being involved in any legal issues.

Description

Hacking is an open-source pentest tutor/training game. It simulates the environments and the processes of hacking/pentest. The purpose of this game is to:

Educate people, developers, ops, and system admins about hacking/pentest;
Provide pentesters a simulation environment to prectise pentest;
Security experts & professors to develop, test, and evaluate pentest automation/semi-automation tools.

In this game, player can learn and explore the basis of pentest, including some essential concepts & tools:

Concepts: reconnaissance, scanning, exploitation, maintaining access, (social engineering - TO-DO)
Tools: host, ping, telnet, Nmap, OpenVAS, Metasploit, Meterpreter

Player will also be able to levarage one or more planners to automation robots which can aid the players in the game process.

Licensing

Apache 2.0

Project Resources

https://github.com/StaymanHou/Hacking-the-Pentest-Tutor-Game

Project Leader

Stayman Hou

Related Projects

Classifications



	Apache 2.0

News and Events

Project offically started - Mar 11, 2015

TO-DO

Contributors

Stayman Hou

Roadmap

2nd Quarter: Beta release. Game should be playable in general.

3rd Quarter: Bug fix and enhancement. Game should be able to run smoothly in most occations.

4th Quarter: First release. Improve details, implement AI engine, automate/semi-automate the build & deliver process.

Getting Involved

Everyone is welcomed to contribute to this project. The primary repository is hosted on github - https://github.com/StaymanHou/Hacking-the-Pentest-Tutor-Game

You can contribute by testing the game on your devices, reporting bugs, developing the game, and making documentations. You may fork and make pull requests, open issues, and request new features. If you want to make pull requests, it's recommended to run the tests before you do it.

For any other issues, please contact Stayman Hou.

A set of executable binaries for a variety of platforms, including Windows, Mac, Linux, iOS & Andriod

@@ Line 6: / Line 6: @@
 | valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
-<span style="color:#ff0000">
+==OWASP Pentest Tutor Game Project==
-Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.
+This is a pentest tutor/training game. It was started because of the lack of games related to information security. We are trying to improve the awareness of information security through this game. Make the learning fun. Help people get started with pentest more easily. Also, demonstrate the process for a bad guy to compromise others' PC's, mobile devices, workstations by exploiting the low-hanging fruits.
-</span>
-==OWASP Pentest Tutor Game Project==
+Nowadays, it's getting cheaper and easier to launch websites and other internet services. However, many site/service admin/owner don't understand or even be aware of the security risks. Those sites/hosts rarely get maintained/upgraded. That leaves tons of vulnerable sites/hosts open on the Internet.
-<span style="color:#ff0000">
-	This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.
-</span>
+Recently, there are several fun games & applications sprung out for learning programming. Why don't we make it fun to learn security as well?
+Meanwhile, by modeling the environment, the simulation engine could serve as a lightweight lab. Pentester could practise on the platform. It also eliminates the risk of being involved in any legal issues.
 ==Description==
-Hacking is an open-source pentest tutor/training game. It simulates the environments and processes of hacking/pentest. The purpose of this game is to:
+Hacking is an open-source pentest tutor/training game. It simulates the environments and the processes of hacking/pentest. The purpose of this game is to:
-. Educate people
+* Educate people, developers, ops, and system admins about hacking/pentest;
-. Provide a simulation environment
+* Provide pentesters a simulation environment to prectise pentest;
-. Help developing auto/semi-auto atk planner
+* Security experts & professors to develop, test, and evaluate pentest automation/semi-automation tools.
+In this game, player can learn and explore the basis of pentest, including some essential concepts & tools:
+* Concepts: reconnaissance, scanning, exploitation, maintaining access, (social engineering - TO-DO)
+* Tools: host, ping, telnet, Nmap, OpenVAS, Metasploit, Meterpreter
+Player will also be able to levarage one or more planners to automation robots which can aid the players in the game process.
 ==Licensing==
@@ Line 29: / Line 33: @@
 == Project Resources ==
-[https://github.com/skavanagh/KeyBox/releases Consumer Download Package]
+https://github.com/StaymanHou/Hacking-the-Pentest-Tutor-Game
 == Project Leader ==
-[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]
+[mailto:stayman.hou@gmail.com Stayman Hou]
 == Related Projects ==
@@ Line 51: / Line 56: @@
 == News and Events ==
-<span style="color:#ff0000">
+Project offically started - Mar 11, 2015
-	This is where you can provide project updates, links to any events like conference presentations, Project Leader interviews, case studies on successful project implementations, and articles written about your project.
-</span>
 |}
@@ Line 59: / Line 62: @@
 =FAQs=
-<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
+TO-DO
-<span style="color:#ff0000">
-	Many projects have "Frequently Asked Questions" documents or pages. However, the point of such a document is not the questions. ''The point of a document like this are the '''answers'''''. The document contains the answers that people would otherwise find themselves giving over and over again. The idea is that rather than laboriously compose and post the same answers repeatedly, people can refer to this page with pre-prepared answers. Use this space to communicate your projects 'Frequent Answers.'
-</span>
@@ Line 68: / Line 68: @@
 ==Contributors==
-[mailto:sean.p.kavanagh6@gmail.com Sean Kavanagh]
+[mailto:stayman.hou@gmail.com Stayman Hou]
 = Road Map and Getting Involved =
-<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
-<span style="color:#ff0000">
-	A project roadmap is the envisioned plan for the project. The purpose of the roadmap is to help others understand where the project is going as well as areas that volunteers may contribute. It gives the community a chance to understand the context and the vision for the goal of the project. Additionally, if a project becomes inactive, or if the project is abandoned, a roadmap can help ensure a project can be adopted and continued under new leadership.
-	Roadmaps vary in detail from a broad outline to a fully detailed project charter. Generally speaking, projects with detailed roadmaps have tended to develop into successful projects. Some details that leaders may consider placing in the roadmap include: envisioned milestones, planned feature enhancements, essential conditions, project assumptions, development timelines, etc. You are required to have at least 4 milestones for every year the project is active.
-</span>
 ==Roadmap==
-Add ability to save session and command line information to a large data store so it can be audited and reviewed.  Compute and flag irregularities that could point security issues or improper use.  Deploy to embedded network devices to act as a proxy for SSH connections.
+nd Quarter: Beta release. Game should be playable in general.
+rd Quarter: Bug fix and enhancement. Game should be able to run smoothly in most occations.
+th Quarter: First release. Improve details, implement AI engine, automate/semi-automate the build & deliver process.
 ==Getting Involved==
+Everyone is welcomed to contribute to this project. The primary repository is hosted on github - https://github.com/StaymanHou/Hacking-the-Pentest-Tutor-Game
+You can contribute by testing the game on your devices, reporting bugs, developing the game, and making documentations.
+You may fork and make pull requests, open issues, and request new features. If you want to make pull requests, it's recommended to run the tests before you do it.
+For any other issues, please contact [mailto:[email protected] Stayman Hou].
 =Minimum Viable Product=
-<!-- Instructions are in RED and should be removed from your document by deleting the text with the span tags.-->
-<span style="color:#ff0000">
-This page is where you should indicate what is the minimum set of functionality that is required to make this a useful product that addresses your core security concern.
-Defining this information helps the project leader to think about what is the critical functionality that a user needs for this project to be useful, thereby helping determine what the priorities should be on the roadmap.  And it also helps reviewers who are evaluating the project to determine if the functionality sufficiently provides the critical functionality to determine if the project should be promoted to the next project category.
-</span>
-This project has a downloadable package for consumers
+A set of executable binaries for a variety of platforms, including Windows, Mac, Linux, iOS & Andriod

Difference between revisions of "OWASP Hacking-the Pentest Tutor Game"

Latest revision as of 22:44, 19 March 2015

OWASP Pentest Tutor Game Project

Description

Licensing

Project Resources

Project Leader

Related Projects

Classifications

News and Events

Contributors

Roadmap

Getting Involved

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools