Deep Exploit: Fully automatic penetration test tool using Machine Learning

by do son · Published April 7, 2018 · Updated May 9, 2020

Deep Exploit

Fully automatic penetration test tool using Machine Learning.

Deep Exploit is fully automated penetration tool linked with Metasploit.
Deep Exploit has two exploitation modes.

Intelligence mode
Deep Exploit identifies the status of all opened ports on the target server and executes the exploit at pinpoint based on past experience (trained result).
Brute force mode
Deep Exploit executes exploits using all combinations of “exploit module”, “target” and “payload” corresponding to a user’s indicated product name and port number.

Deep Exploit’s key features are following.

Efficiently execute exploit.
If “intelligence mode”, Deep Exploit can execute exploits at pinpoint (minimum 1 attempt).
If “Brute force mode”, Deep Exploit can execute exploits thoroughly corresponding to user’s indicated product name and port number.
Deep penetration.
If Deep Exploit succeeds the exploit to the target server, it further executes the exploit to other internal servers.
Operation is very easy.
Your only operation is to input one command.
It is very easy!!
Self-learning.
Deep Exploit doesn’t need the “learning data”.
Deep Exploit can learn how to method of exploitation by itself (uses reinforcement learning).
Learning time is very fast.
Deep Exploit uses distributed learning by multi-agents.
So, we adopted an advanced machine learning model called A3C.

Current Deep Exploit’s version is a beta.
But, it can automatically execute following actions:

Intelligence gathering.
Threat Modeling.
Vulnerability analysis.
Exploitation.
Post-Exploitation.
Reporting.

System component.

Processing flow

Intelligence mode

Step 1. Port scan the target server.

Deep Exploit executes the port scanning using Nmap for gathering target server’s information.
After, Deep Exploit executes two Metasploit’s command (hosts and services) via RPC API.

ex) result of hosts command.

Hosts

=====



address          mac                name  os_name  os_flavor  os_sp  purpose  info  comments

-------          ---                ----  -------  ---------  -----  -------  ----  --------

192.168.220.145  00:0c:29:16:3a:ce        Linux               2.6.X  server

Deep Exploit gets OS type from a result of hosts command. In above example, Deep Exploit gets OS type as Linux.

ex) result of services command.

Services

========



host             port  proto  info

----             ----  -----  ----

192.168.220.145  21    tcp    vsftpd 2.3.4

192.168.220.145  22    tcp    OpenSSH 4.7p1 Debian 8ubuntu1 protocol 2.0

192.168.220.145  23    tcp    Linux telnetd

192.168.220.145  25    tcp    Postfix smtpd

192.168.220.145  53    tcp    ISC BIND 9.4.2



...snip...



192.168.220.145  5900  tcp    VNC protocol 3.3

192.168.220.145  6000  tcp    access denied

192.168.220.145  6667  tcp    UnrealIRCd

192.168.220.145  8009  tcp    Apache Jserv Protocol v1.3

192.168.220.145  8180  tcp    Apache Tomcat/Coyote JSP engine 1.1



RHOSTS => 192.168.220.145

Deep Exploit gets port numbers, protocol types, product name, product version from the result of port scanning.
In above example, Deep Exploit gets port number as 21, protocol as tcp, product as vsftpd, version as 2.3.4

Step 2. Exploit using Metasploit for training.

Deep Exploit learns how to method of exploitation using advanced machine learning model called A3C.
So, Deep Exploit uses vulnerable servers such as metasploitable2, owaspbwa for learning.