Skip to content
/ Neural-Payload Public

Neural Networks for penetration testing. Part of active research.

10 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

TheMorpheus407/Neural-Payload

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Sites
Sites
 
 
To_Predict
To_Predict
 
 
README.md
README.md
 
 
config.json
config.json
 
 
config001.json
config001.json
 
 
enlarge_xss_payloads.py
enlarge_xss_payloads.py
 
 
equalize_payloads_evaluator.py
equalize_payloads_evaluator.py
 
 
evaluator.py
evaluator.py
 
 
generate_training_data_evaluator.py
generate_training_data_evaluator.py
 
 
generator_information.json
generator_information.json
 
 
losses_neural_evaluator.txt
losses_neural_evaluator.txt
 
 
losses_seq2seq_v0.01.txt
losses_seq2seq_v0.01.txt
 
 
losses_to_plot.py
losses_to_plot.py
 
 
negativepayloads
negativepayloads
 
 
neural_evaluator_model.pt
neural_evaluator_model.pt
 
 
neuralevaluator.py
neuralevaluator.py
 
 
neuralevaluator_booleanoutput.py
neuralevaluator_booleanoutput.py
 
 
neuralevaluator_cnn.py
neuralevaluator_cnn.py
 
 
reinforcedpayload.py
reinforcedpayload.py
 
 
requirements.txt
requirements.txt
 
 
seq2seq_payload.py
seq2seq_payload.py
 
 
seq2seq_payloadv2.py
seq2seq_payloadv2.py
 
 
seq2seq_payloadv3.py
seq2seq_payloadv3.py
 
 
seq2seqv4.py
seq2seqv4.py
 
 
traindata.txt
traindata.txt
 
 
util.py
util.py
 
 
website_attacks.txt
website_attacks.txt
 
 
website_attacks_validation.txt
website_attacks_validation.txt
 
 
xss.txt
xss.txt
 
 

Repository files navigation

NEURAL PAYLOAD and NEURAL EVALUATOR

Neural Payload is a Neural Network written in PyTorch for generating website attack vectors for penetration tests. Neural Evaluator is a Neural Network for evaluating the success of a website attack. This project is a cooperation of C&M of the Institute for Technology in Karlsruhe, Germany and IC-Consult. It was created as part of the master thesis of Cedric Mössner.

PLEASE NOTE that this repo contains ALL the files, I used while working on the project. There are multiple executables, helping scripts as well as networks and multiple text-files containing data or config. Clean-Up could be done, however, I decided against it, so everyone can test for themselves, all my work can be seen and my mistakes can be comprehended and fixed. Thus, this is more to be considered, research in work in progress as a finished project. So please use with caution!!! However, feel free to improve, fork, create pull requests or whatever your heart (or brain) tells you to do. Also, please refer to my thesis you can find here: https://drive.google.com/open?id=1Gqq4D6mqnqFaYFtwZKSPALJu1LcqcU8z

There are many versions:

  • Reinforcement Learning Neural Payload
    • Does Reinforcement Learning supervised based on a payload list
    • and unsupervised based on the attacks from a website.
  • Seq2seq Neual Payload (Version 1 to 4)
    • uses a Sequence-to-Sequence Encoder-Decoder Model for Generating Payloads
    • Some Versions use an autoencoder, which did not achieve the promising results
    • Version 3 for usage, others for studies only, since they do not work and:
  • Neural Evaluator
    • uses LSTMs for evaluating. Encodes unattacked website, attacked website and payload and tries to classify which parts of the code are vulnerable. No success, only for studies.
  • Neural Evaluator - Boolean Output
    • does not classify WHERE but only IF the attack was successful. Boolean output. Still uses LSTMs. No success, only for studies.
  • CNN Neural Evaluator
    • uses CNNs (and differences). Works pretty well. Therefore included in the microservice API, see other project. Can be used (and studied).

USAGE

Needs Linux, Python3 and the modules specified in requirements.txt On Linux with python installed (default on most systems), do:

$ pip -r requirements.txt

then you can run it with

$ python3 script.py

where script.py is the script you want to execute. Anyways, you probably need to edit the file first. Look at the section for executing under

if __name__ == "__main__":

for how the script can be used.

About

Neural Networks for penetration testing. Part of active research.

Resources

Readme
Activity

Stars

10 stars

Watchers

5 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages