SecForCARs logo

Automotive Pentesting Guide

Fraunhofer AISEC

The task of the Automotive Pentesting Guide is to provide tool-based support for carrying out a security test in the automotive sector. The goal is to clearly define the scope to test for all parties involved, to run the test in a uniformly structured and repeatable manner, and to record the results in a clean and comparable manner.


The Automotive Pentesting Guide is a modular web application, which can be divided into three parts. The first module provides the functionality for the customer and all other stakeholders to define the scope of the device under test and roughly identify the tests to be performed. The second module is subsequently used by the testers and is a kind of checklist with additional functionalities such as a test dependency matrix, Docker-based tool deployment, and many more. In addition, the module assists in recording the performed tests and resulting findings. The last module will then, as far as possible, automatically generate a report of the security test in the desired format. Due to its modular structure, the Automotive Pentesting Guide can be easily extended and is intended to solve many current problems, such as the organization, comparability, and repeatability of security tests, and to improve the feasibility of such tests significantly.