AI-based hacking tools are here and taking aim at your network perimeter. With recent advances in machine learning, hackers can now solve tasks that previously required human experience and decision making. Our open source tool Eyeballer uses a convolutional neural network to sift through mountains of screenshots and tells the hacker what is likely to have vulnerabilities and what isn't, just by looking at it.
You know a busted website when you see one: broken HTML, blocky frames—something obviously written in raw PHP before MVC frameworks even existed, made custom by your target over a decade ago. Signature-based scanners won't help you find this diamond-in-the-rough vulnerability. And who has time to look through 100,000 EyeWitness screenshots to find your most likely entry point? This is where AI comes in to give those websites a quick eyeballing so you don't have to.
The future of hacking will augment human expertise with AI analysis. To help spur this on, we'll be releasing both the source code behind Eyeballer and our training dataset of tens of thousands of carefully curated website screenshots. We'll also be showing off live demos of the whole thing so you can witness for yourself the results of melding machine and man.
See Dan Petro and Gavin Stroy at the Black Hat USA Arsenal 2019 this summer.