Search the Community
Showing results for tags 'gyoithon'.
-
GyoiThon is a growing penetration test tool using Machine Learning. It identifies the software installed on the web server (OS, Middleware, Framework, CMS, etc…) based on the learning data. After that, it executes valid exploits for the identified software using Metasploit. Finally, it generates reports of scan results. It executes the above processing automatically. [hide][Hidden Content]]
-
- 1
-
- gyoithon
- v0.0.4-beta
-
(and 7 more)
Tagged with:
-
GyoiThon is a fully automated penetration testing tool against web server. GyoiThon nondestructively identifies the software installed on web server (OS, Middleware, Framework, CMS, etc...) using multiple methods such as machine learning, Google Hacking, pattern matching. After that, GyoiThon executes valid exploits for the identified software. Finally, GyoiThon generates report of scan results. GyoiThon executes the above processing fully automatically. Video Demo: GyoiThon consists of three engines: Software analysis engine: It identifies software based on HTTP response obtained by normal access to web server using Machine Learning base and signature base. In addition, it uses Google Hacking. Vulnerability determination engine: It collects vulnerability information corresponding to identified software by the software analysis engine. And, it executes an exploit corresponding to the vulnerability of the software and checks whether the software is affected by the vulnerability. Report generation engine: It generates a report that summarizes the risks of vulnerabilities and the countermeasure. Traditional penetration testing tools are very inefficient because they execute all signatures. On the other hand, GyoiThon is very efficient because it executes only valid exploits for the identified software. As a result, the user's burden will be greatly reduce, and GyoiThon will greatly contribute to the security improvement of many web servers. Source & Usage & Download : [hide][Hidden Content]]