GyoiThon: growing penetration test tool using Machine Learning
Category : Blog
GyoiThon is a growing penetration test tool using Deep Learning. Deep Learning improves classification accuracy in proportion to the amount of learning data. Therefore, GyoiThon will be taking in new learning data during every scan. Since GyoiThon uses various features of software included in HTTP response as learning data, the more you scan, the more the accuracy of software detection improves. For this reason, GyoiThon is a growing penetration test tool.
GyoiThon identifies the software installed on web server (OS, Middleware, Framework, CMS, etc…) based on the learning data. After that, GyoiThon executes valid exploits for the identified software. GyoiThon automatically generates reports of scan results. GyoiThon executes the above processing automatically.
GyoiThon consists of three engines:
- Software analysis engine – It identifies software based on HTTP response obtained by normal access to web server using Deep Learning base and signature base.
- Vulnerability determination engine – It collects vulnerability information corresponding to identify software by the software analysis engine. And, the engine executes an exploit corresponding to the vulnerability of the software and checks whether the software is affected by the vulnerability.
- Report generation engine – It generates a report that summarizes the risks of vulnerabilities and the countermeasure.
Step 1. Gather HTTP responses.
Gathers several HTTP responses of target website while crawling.
Step 2. Identify product name.
It identifies product name installed on web server using following two methods.
1. Based on Machine Learning.
2. Based on String matching.
It can identify the CMS Drupal. It is very easy.
Step 3. Exploit using Metasploit.
Executes exploit corresponding to the identified software using Metasploit and it checks whether the software is affected by the vulnerability.
Step 4. Generate scan report.
Generates a report that summarizes vulnerabilities. Report’s style is html.
Most Popular Training Courses at Indian Cyber Security Solutions:
Cybersecurity services that can protect your company: