Implementasi Modul Otomatisasi Penetration Testing Menggunakan Bourne Again Shell Scripting pada Website Aplikasi Stream PT. Intikom Berlian Mustika Berbasis Kali Linux
DOI:
https://doi.org/10.26418/justin.v11i3.67468Keywords:
Otomatisasi, Penetration Testing, Kali LinuxAbstract
Kejahatan dunia maya merupakan suatu jenis kejahatan yang dapat terjadi pada siapa saja dan kapan saja. Kejahatan dunia maya dapat dilakukan melalui jaringan internet dan pada umumnya dilakukan menggunakan perangkat keras komputer sebagai alat untuk melakukan kejahatan. PT. Intikom Berlian Mustika baru saja merilis Website Aplikasi Stream yang belum diketahui kerentanan yang dimiliki. Berdasarkan persoalan yang ada, diperlukan adanya pengujian kerentanan dengan melakukan Penetration Testing pada website tersebut. Saat ini, efisiensi waktu dalam melaksanakan suatu pengujian sistem sangat dibutuhkan. Otomatisasi dapat menjadi sebuah kegiatan untuk dapat mengimplementasikan hal tersebut. Penelitian ini dilakukan untuk melakukan otomatisasi pada pengujian serangan yang akan dilakukan pada Website Aplikasi Stream guna mengetahui hasil kerentanan dari uji serangan yang dilakukan. Alat dan bahan utama yang digunakan pada penelitian ini adalah laptop dan Kali Linux yang sudah dilakukan instalasi pada VirtualBox. Pengujian yang dilakukan adalah dengan melakukan 3 (tiga) jenis serangan yaitu SQL Injection, XSS (Cross-Site Scripting), dan DDoS (Distributed Denial of Service). Jenis serangan yang dilakukan akan diimplementasikan pada otomatisasi dalam bentuk modul atau file menggunakan bash scripting pada Kali Linux. Implementasi otomatisasi tersebut dilakukan perhitungan waktu dalam 10 (sepuluh) kali tahap percobaan. Penelitian ini menyimpulkan bahwa teknik otomatisasi bash scripting dapat mempermudah proses kinerja yaitu hanya dengan melakukan satu kali proses saja dan mempersingkat waktu implememtasi Penetration Testing dengan adanya penurunan waktu riil sebesar 13.82% dibandingan dengan implementasi secara manual.References
Akmal, Alif Muhammad., et al. Pendidikan, J., & Konseling, D. (n.d.). Analisis Keamanan Website Universitas Singaperbangsa Karawang Menggunakan Metode Vulnerability Assessment (Vol. 4).
Auricchio, N., Cappuccio, A., Caturano, F., Perrone, G., & Pietro Romano, S. (n.d.). An automated approach to Web Offensive Security. https://www.exploit-db.com/
Sembiring, R. G., Ablisar, M., Mulyadi, M., & Leviza, J. (2023). Penegakan Hukum Cybercrime di Wilayah Hukum Kepolisian Daerah Sumatera Utara. Locus Journal of Academic Literature Review, 2(3). https://doi.org/10.56128/ljoalr.v2i3.145
Setiawan, Muhammad Farizqi et al. Penutupan Celah Keamanan Menggunakan Metode Hardening Studi Kasus: Cloudfri Closing Security Vocations Using The Hardening Method Case Study: Cloudfri. (n.d.).
Tudosi, A. D., Graur, A., Balan, D. G., & Potorac, A. D. (2023). Research on Security Weakness Using Penetration Testing in a Distributed Firewall. Sensors, 23(5). https://doi.org/10.3390/s23052683
Yamin, M. M., Katt, B., & Gkioulos, V. (2020). Cyber ranges and security testbeds: Scenarios, functions, tools and architecture. In Computers and Security (Vol. 88). Elsevier Ltd. https://doi.org/10.1016/j.cose.2019.101636
Wicaksono, Bagus. (n.d.). 2020. MENGGUNAKAN TEKNIK PENETRATION TESTING DAN DAST (DYNAMIC APPLICATION SECURITY TESTING) TESTING OF SECURITY GAP APPLICATION BASED ON WEB USING PENETRATION TESTING AND DAST (DYNAMIC APPLICATION SECURITY TESTING) TECHNIQUES. Yogyakarta
John Wiley., Sons Inc. (2021). Pentest Automation with Python, 1–16.
Choudhary, A., Chaudhary, A., & Devi, S. (2022). Cyber Security With Emerging Technologies & Challenges. Proceedings - 2022 4th International Conference on Advances in Computing, Communication Control and Networking, ICAC3N 2022, 1875–1879. https://doi.org/10.1109/ICAC3N56670.2022.10074579
Kumar, T., & Kaur, S. (2022). Cyber Security in Businesses: Challenges and Recovery Modes. 2022 2nd International Conference on Emerging Smart Technologies and Applications, ESmarTA 2022. https://doi.org/10.1109/eSmarTA56775.2022.9935439
Jurnal, H., Putra, Ananda., Ananta, G., Maheswara, C., Luh, N., Putri, L., Dewi, M., Ramdhani, I., Listartha, M. E., Arna, D. G., & Saskara, J. (n.d.). ANALISA PERBANDINGAN TOOLS CEWL,CRUNCH,CUPP DALAM PENGUJIAN PASSWORD CRACKING.
Aibekova, A., & Selvarajah, V. (2022). Offensive Security: Study on Penetration Testing Attacks, Methods, and their Types. IEEE International Conference on Distributed Computing and Electrical Circuits and Electronics, ICDCECE 2022. https://doi.org/10.1109/ICDCECE53908.2022.9792772
Imam, T., Pratama, M., Danni, M., Songida, F., Gunawan, I., Teknik, J., Sekolah, E., Ronggolawe, T. T., Informatika, J., Tinggi, S., & Ronggolawe, T. (n.d.). J I I F K O M ( J u r n a l I l m i a h I n f o r m a t JIIFKOM (Jurnal Ilmiah Informatika & Komputer) STTR Cepu Analisis Serangan dan Keamanan pada SQL Injection: Sebuah Review Sistematik.
Mahdi Maulana Lubis, M., Handoko, D., & Wulan, N. (2022). Analisis Implementasi Laravel 9 Pada Website E-Book Dalam Mengatasi N+1 Problem Serta Penyerangan Csrf dan Xss. In Januari (Vol. 2023, Issue 2). https://jurnal.unity-academy.sch.id/index.php/jirsi/index
Choudhary, A., Chaudhary, A., & Devi, S. (2022). Cyber Security With Emerging Technologies & Challenges. Proceedings - 2022 4th International Conference on Advances in Computing, Communication Control and Networking, ICAC3N 2022, 1875–1879. https://doi.org/10.1109/ICAC3N56670.2022.10074579
Yu, C., Yang, G., Chen, X., Liu, K., & Zhou, Y. (2022). BashExplainer: Retrieval-Augmented Bash Code Comment Generation based on Fine-tuned CodeBERT. Proceedings - 2022 IEEE International Conference on Software Maintenance and Evolution, ICSME 2022, 82–93. https://doi.org/10.1109/ICSME55016.2022.00016
Andrade-Chaico, F., & Andrade-Arenas, L. (2020a, December 1). Automation of the short message service (SMS) delivery in a telecommunication company with Python and batch files. 2020 IEEE Congreso Bienal de Argentina, ARGENCON 2020 - 2020 IEEE Biennial Congress of Argentina, ARGENCON 2020. https://doi.org/10.1109/ARGENCON49523.2020.9505514
Downloads
Published
Issue
Section
License
Copyright (c) 2023 JUSTIN (Jurnal Sistem dan Teknologi Informasi)

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
The author owns the copyright in his paper and agrees to publish his paper to JUSTIN by giving the rights to the first publication of his paper which is simultaneously licensed under the Creative Commons Attribution License, namely the Similar International 4.0 license (CC BY-NC-SA 4.0).

This is a human-readable summary of (and not a substitute for) the license. Disclaimer.
You are free to:Share "” copy and redistribute the material in any medium or format
Adapt "” remix, transform, and build upon the material
The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
Attribution "” You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
NonCommercial "” You may not use the material for commercial purposes.
ShareAlike "” If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.
No additional restrictions "” You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation.
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.