Locked GyoiThon

[0x1]

This is the hidden content, please

• Sign In
• or
• Sign Up

GyoiThon is a fully automated penetration testing tool against web server. GyoiThon nondestructively identifies the software installed on web server (OS, Middleware, Framework, CMS, etc...) using multiple methods such as machine learning, Google Hacking, pattern matching. After that, GyoiThon executes valid exploits for the identified software. Finally, GyoiThon generates report of scan results. GyoiThon executes the above processing fully automatically.

Video Demo:

Spoiler

 

GyoiThon consists of three engines:

• Software analysis engine: It identifies software based on HTTP response obtained by normal access to web server using Machine Learning base and signature base. In addition, it uses Google Hacking.
• Vulnerability determination engine: It collects vulnerability information corresponding to identified software by the software analysis engine. And, it executes an exploit corresponding to the vulnerability of the software and checks whether the software is affected by the vulnerability.
• Report generation engine: It generates a report that summarizes the risks of vulnerabilities and the countermeasure.

Traditional penetration testing tools are very inefficient because they execute all signatures. On the other hand, GyoiThon is very efficient because it executes only valid exploits for the identified software. As a result, the user's burden will be greatly reduce, and GyoiThon will greatly contribute to the security improvement of many web servers.

Source & Usage & Download :

This is the hidden content, please

• Sign In
• or
• Sign Up