To read this content please select one of the options below:

Automation of post‐exploitation

Mohammad Tabatabai Irani (Secure Business Austria, Vienna, Austria)
Edgar R. Weippl (Secure Business Austria, Vienna, Austria)

International Journal of Web Information Systems

ISSN: 1744-0084

Article publication date: 20 November 2009




The purpose of this paper is to describe the improvements achieved in automating post‐exploit activities


Based on existing frameworks such as Metasploit and Meterpreter the paper develops a prototype and uses this to automate typical post‐exploitation activities.


Using a multi‐step approach of pivoting this paper can automate the cascaded attacks on computers not directly routable.

Practical implications

Based on the findings and developed prototypes penetration tests can be made more efficient since many manual exploitation activities can now be scripted.


The main contribution of the paper is to extend Metapreter‐scripts so that post‐exploitation can be scripted. Moreover, using a multi‐step approach (pivoting), it can automatically exploit machines that are not directly routable



Tabatabai Irani, M. and Weippl, E.R. (2009), "Automation of post‐exploitation", International Journal of Web Information Systems, Vol. 5 No. 4, pp. 518-536.



Emerald Group Publishing Limited

Copyright © 2009, Emerald Group Publishing Limited

Related articles