Usage
You execute Deep Exploit with training mode.
root@kali:~/machine_learning_security/DeepExploit# python3 -V
Python 3.6.5rc1
root@kali:~/machine_learning_security/DeepExploit# python3 DeepExploit.py -t 192.168.184.132 -m train
| command options | description |
|---|---|
| -t, --target | IP address of training vulnerable host. |
| -m, --mode | Execution mode "train". |
- ex) The learning with 10 threads.
You execute Deep Exploit with testing mode.
root@kali:~/machine_learning_security/DeepExploit# python DeepExploit.py -t 192.168.184.129 -m test
| command options | description |
|---|---|
| -t, --target | IP address of test target host. |
| -m, --mode | Execution mode "test". |
- Demo) testing with 1 thread.
Demonstration
Please check scan report using any web browser.
root@kali:~/machine_learning_security/DeepExploit# firefox report/DeepExploit_test_report.html
When Deep Exploit exploits, it uses default value of Exploit module options.
If you want to change option values, please input any value to "user_specify" in exploit_tree.json as following.
"unix/webapp/joomla_media_upload_exec": {
"targets": {
"0": [
"generic/custom",
"generic/shell_bind_tcp",
"generic/shell_reverse_tcp",
...snip...
"TARGETURI": {
"type": "string",
"required": true,
"advanced": false,
"evasion": false,
"desc": "The base path to Joomla",
"default": "/joomla",
"user_specify": "/my_original_dir/"
},
Above example is to change value of TARGETURI option in exploit module "exploit/unix/webapp/joomla_media_upload_exec" to "/my_original_dir/" from "/joomla".
You can prohibit scanning of specific server using config.ini.
If you want to prohibit scanning specific server, please add IP address of target server to prohibited_list in config.ini as following.
[Metasploit]
lport : 4444
proxy_host : 127.0.0.1
proxy_port : 1080
prohibited_list : 192.168.220.1@192.168.220.2@192.168.220.254
path_collection : path@uri@dir@folder@file