Growing penetration test tool using Machine Learning.
GyoiThon is Intelligence Gathering tool for Web Server.
GyoiThon execute remote access to target Web server and identifies product operated on the server such as CMS, Web server software, Framework, Programming Language etc,. And, it can execute exploit modules to identified products using Metasploit. GyoiThon fully automatically execute above action.
GyoiThon's main features are following.
- Remote access/Fully automatic
GyoiThon can fully automatically gather the information of target Web server using only remote access. You only execute GyoiThon once for your operation.
- Non-destructive test
GyoiThon can gather information of target Web server using only normally access.
But, when you use a part of option, GyoiThon execute abnormally access such as sending exploit modules.
- Gathering various information
GyoiThon has various intelligence gathering engines such as Web crawler, Google Custom Search API, Censys, explorer of default contents, examination of cloud services etc,. By analyze gathered information using strings pattern matching and machine learning, GyoiThon can identify product/version/CVE number operated on the target web server, unnecceary html comments/debug messages, login page etc,.
- Examination of real vulnerability
GyoiThon can execute exploit modules to identified products using Metasploit.
As a result, it can examine real vulnerability of target web server.