Projekt reaguje na současný nedostatek nástrojů pro správu a komplexní realizaci penetračního testování a to systematicky, týmově, dle metodologie a kombinující automatické a manuální testování. Penterep je zcela revoluční platforma, která provede testera jednotlivými body kontrolního seznamu tak, aby vždy věděl, jaký test má právě vykonat, přičemž mu k tomu poskytne detailní návody a přímé propojení na podpůrné nástroje. V rámci projektu budou vyvinuty celkem 3 softwarové moduly do platformy, které umožní potřebnou efektivní realizaci bezpečnostního testování aplikačního serveru a síťové infrastruktury včetně statické a dynamické bezpečnostní analýzy. Výsledky bude možné aplikovat v praxi pro potřeby bezpečnostních složek státu (NÚKIB, PČR) i komerčních subjektů (např. Seznam.cz, RB aj.).

Description in English
The project addresses the current shortage of tools for the management and comprehensive realization of penetration testing in a systematic way, team-based, methodology and combines automated and manual testing. Penterep is a revolutionary platform that guides the tester through each item on the checklist, he always knows which test to perform according to detailed instructions and direct links to supporting tools. The main project results are 3 software modules to enable the necessary efficient implementation of security testing of the application server and network infrastructure, including static and dynamic security analysis. The results will be possible to apply in practice to the needs of state security forces (NUKIB or PCR) and commercial entities (e.g. Seznam.cz, RB, etc.).

Keywords
penetrační testy, kybernetická bezpečnost, SAST, DAST, aplikační server

Key words in English
Penetration testing, security, checklists, methodology, SAST, DAST, cybersecurity

VK01030019

Czech

Martinásek Zdeněk, doc. Ing., Ph.D. - principal person responsible
Jeřábek Jan, doc. Ing., Ph.D. - fellow researcher
Lazarov Willi, Ing. - fellow researcher
Lieskovan Tomáš, Ing., Ph.D. - fellow researcher
Šeda Pavel, RNDr. Ing., Ph.D. - fellow researcher

Department of Telecommunications
- responsible department (24.5.2022 - not assigned)
Department of Telecommunications
- beneficiary (24.5.2022 - not assigned)

JEŘÁBEK, J.; PHAN, V.; MARTINÁSEK, Z.; LAZAROV, W.; KÜMMEL, R.; KÜMMEL, D.: Interaktivní kontrolní seznam pro testování bezpečnosti síťové infrastruktury. URL: https://www.penterep.com/cs/penterep/moduly/. (Software)
Detail

PÍŠ, P.; LAZAROV, W. Utilizing Dynamic Analysis for Web Application Penetration Testing. In Proceedings II of the 30th Conference STUDENT EEICT 2024. 1. Brno: Brno University of Technology, Faculty of Electrical Engineering and Communication, 2024. p. 92-95. ISBN: 978-80-214-6230-4.
Detail

PHAN, V.; JEŘÁBEK, J. Evasive IPv6 Covert Channels: Design, Machine Learning Detection, and Explainable AI Evaluation. In Proceedings of the International Conference on Security and Cryptography. 1. Bilbao, Spain: SciTePress, 2025. p. 666-675. ISBN: 978-989-758-760-3.
Detail

PHAN, V.; JEŘÁBEK, J.; KÜMMEL, R. ptnetinspector: A Practical IPv6 Scanner for Network Reconnaissance. In Proceedings II of the 31st Conference STUDENT EEICT 2025. Proceedings II of the Conference STUDENT EEICT. 1. Brno: Brno University of Technology, Faculty of Electrical Engineering and Communication, 2025. p. 165-169. ISBN: 978-80-214-6320-2. ISSN: 2788-1334.
Detail

PHAN, V.; JEŘÁBEK, J.; MALINA, L. Comparison of Multiple Feature Selection Techniques for Machine Learning-Based Detection of IoT Attacks. In ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security. New York, NY, USA: Association for Computing Machinery, 2024. p. 1-10. ISBN: 979-8-4007-1718-5.
Detail

ŽÁČEK, D.; LAZAROV, W. Application of Optimization Algorithms to Support Penetration Testing. In Proceedings I of the 30th Conference STUDENT EEICT 2024: General Papers. 1. Brno: Brno University of Technology, Faculty of Electrical Engineering and Communication, 2024. p. 143-146. ISBN: 978-80-214-6231-1.
Detail

KÜMMEL, R.; LAZAROV, W.; MARTINÁSEK, Z. Penterep – inovativní platforma pro podporu manuálního penetračního testování. Sborník 25. konference ISSS. Hradec Králové: 2023. s. 37-41. ISBN: 978-80-907164-5-2.
Detail

LAZAROV, W.; ŠEDA, P.; MARTINÁSEK, Z.; KÜMMEL, R. Penterep: Comprehensive Penetration Testing with Adaptable Interactive Checklists. COMPUTERS & SECURITY, 2025, vol. 154, no. 7, p. 1-16. ISSN: 1872-6208.
Detail

PHAN, V.; JEŘÁBEK, J.; LE, D.; GÖTTHANS, T. New Approach to Shorten Feature Set via TF-IDF for Machine Learning-Based Webshell Detection. In 2024 IEEE International Conference on Cyber Security and Resilience (CSR). London, United Kingdom: IEEE, 2024. p. 1-6. ISBN: 979-8-3503-7536-7.
Detail

LAZAROV, W.; MARTINÁSEK, Z. Efficient Web Application Mapping During the Reconnaissance Phase of Penetration Testing. In 2023 15th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops (ICUMT). Ghent, Belgium: IEEE, 2023. p. 146-151. ISBN: 979-8-3503-9328-6.
Detail

PHAN, V.; JEŘÁBEK, J.; MALINA, L. Optimizing IoT Attack Detection in Edge AI: A Comparison of Lightweight Machine Learning Models and Feature Reduction Techniques. In Availability, Reliability and Security. ARES 2025. Lecture Notes in Computer Science, vol 15998. Ghent, Belgium: Springer, Cham, 2025. p. 325-342. ISBN: 978-3-032-00642-4.
Detail

LAZAROV, W.; MARTINÁSEK, Z. Data Clustering and Categorization for Processing Results from Penetration Testing. In ICUMT 2024; 16th International Congress on Ultra Modern Telecommunications and Control Systems and Workshops. Meloneras, Gran Canaria, Spain: VDE, 2024. p. 131-136. ISBN: 978-3-8007-6544-7.
Detail

Responsibility: Martinásek Zdeněk, doc. Ing., Ph.D.