Skip to content
isao takaesu edited this page Nov 28, 2018 · 6 revisions

Deep Exploit

DeepExploit is fully automated penetration test tool linked with Metasploit.

Overview

DeepExploit identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning. It's key features are following.  

  • Efficiently execute exploit.
    DeepExploit can execute exploits at pinpoint (minimum 1 attempt) using Machine Learning.

  • Deep penetration.
    If DeepExploit succeeds the exploit to the target server, it further executes the exploit to other internal servers.  

  • Self-learning.
    DeepExploit can learn how to exploitation by itself (uses Reinforcement Learning).
    It is not necessary for humans to prepare learning data.  

  • Learning time is very fast.
    Generally, reinforcement learning takes a lot of time.
    So, DeepExploit uses distributed learning by multi agents.
    We adopted an advanced machine learning model called A3C.

  • Powerful intelligence gathering
    To gather the information of software operated on the target server is very important for successful the exploitation. DeepExploit can identify product name and version using following methods.

    • Port scanning
    • Machine Learning (Analyze HTTP responses gathered by Web crawling)
    • Contents exploration

Current DeepExploit's version is a beta.
But, it can fully automatically execute following actions:

  • Intelligence gathering.
  • Threat modeling.
  • Vulnerability analysis.
  • Exploitation.
  • Post-Exploitation.
  • Reporting.

Deep Exploit is developed by @bbr_bbq.

Clone this wiki locally
You can’t perform that action at this time.