Jump to content
dannybest

Deep Exploit: Fully automatic penetration test tool using Machine Learning

Recommended Posts

Posted

Deep Exploit - Official Link

Fully automatic penetration test tool using Deep Reinforcement Learning.


Presentation

Cooperation

Demonstration

See the demo page.

Documentation (Installation, Usage)

See the project's wiki for installation, usage and changelog.

Overview

DeepExploit is fully automated penetration test tool linked with Metasploit.

DeepExploit identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning. It's key features are following.  

  • Efficiently execute exploit.
    DeepExploit can execute exploits at pinpoint (minimum 1 attempt) using Machine Learning.

  • Deep penetration.
    If DeepExploit succeeds the exploit to the target server, it further executes the exploit to other internal servers.  

  • Self-learning.
    DeepExploit can learn how to exploitation by itself (uses Reinforcement Learning).
    It is not necessary for humans to prepare learning data.  

  • Learning time is very fast.
    Generally, reinforcement learning takes a lot of time.
    So, DeepExploit uses distributed learning by multi agents.
    We adopted an advanced machine learning model called A3C.

  • Powerful intelligence gathering
    To gather the information of software operated on the target server is very important for successful the exploitation. DeepExploit can identify product name and version using following methods.

    • Port scanning
    • Machine Learning (Analyze HTTP responses gathered by Web crawling)
    • Contents exploration

Abilities of "Deep Exploit".

Current DeepExploit's version is a beta.
But, it can fully automatically execute following actions:

  • Intelligence gathering.
  • Threat modeling.
  • Vulnerability analysis.
  • Exploitation.
  • Post-Exploitation.
  • Reporting.

Your benefits.

By using our DeepExploit, you will benefit from the following.

For pentester:
(a) They can greatly improve the test efficiency.
(b) The more pentester uses DeepExploit, DeepExploit learns how to method of exploitation using machine learning. As a result, accuracy of test can be improve.

For Information Security Officer:
(c) They can quickly identify vulnerabilities of own servers. As a result, prevent that attackers attack to your servers using vulnerabilities, and protect your reputation by avoiding the negative media coverage after breach.

Since attack methods to servers are evolving day by day, there is no guarantee that yesterday's security countermeasures are safety today. It is necessary to quickly find vulnerabilities and take countermeasures. Our DeepExploit will contribute greatly to keep your safety.

  • Upvote 4

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...