DeepExploit is fully automated penetration test tool linked with Metasploit.
DeepExploit identifies the status of all opened ports on the target server and executes the exploit at pinpoint using Machine Learning. It's key features are following.
Efficiently execute exploit.
DeepExploit can execute exploits at pinpoint (minimum 1 attempt) using Machine Learning.
If DeepExploit succeeds the exploit to the target server, it further executes the exploit to other internal servers.
DeepExploit can learn how to exploitation by itself (uses Reinforcement Learning).
It is not necessary for humans to prepare learning data.
Learning time is very fast.
Generally, reinforcement learning takes a lot of time.
So, DeepExploit uses distributed learning by multi agents.
We adopted an advanced machine learning model called A3C.
Powerful intelligence gathering
To gather the information of software operated on the target server is very important for successful the exploitation. DeepExploit can identify product name and version using following methods.
- Port scanning
- Machine Learning (Analyze HTTP responses gathered by Web crawling)
- Contents exploration
Current DeepExploit's version is a beta.
But, it can fully automatically execute following actions:
- Intelligence gathering.
- Threat modeling.
- Vulnerability analysis.
Deep Exploit is developed by @bbr_bbq.