Towards Lightweight Mobile Pentesting Tools to Quickly Assess Machine Security Levels

Security audits are required to maintain appropriate security levels on computing device infrastructures. These audits require specialized tools, but sometimes they turn difficult to use when the infrastructure location, computational resources, or characteristics do not suit their requirements. This paper describes Lightpen, a security audit tool able to perform on-demand and fully customizable lightweight security tests from a mobile device. It enables agile security auditing tasks from any place, giving auditors full control about its activities so they adapt to the audited devices capabilities. This way, some serious security vulnerabilities may be discovered and mitigated quicker, also saving resources and time. Lightpen is also very modular, using reflection to incorporate features dynamically.