The Advanced AI Exploit Framework is a cutting-edge cybersecurity toolkit leveraging artificial intelligence to automate and enhance the process of vulnerability discovery and exploitation. Designed for ethical hackers, this framework provides an extensive arsenal of tools to simulate real-world attacks on web, mobile, and API platforms. Its AI-driven modules enable intelligent fuzzing, advanced payload crafting, and targeted exploitation, significantly improving the efficiency and precision of security assessments.
Tries to identify zero-day vulnerabilities in applications.
Automate fuzzing, injection testing, and vulnerability analysis.
Perform advanced exploits like GraphQL injection, NoSQL injection, XXE, LDAP injection, and more.
Simulate sophisticated real-world attack vectors using AI-generated payloads.
๐ค AI-Powered Exploit Generation:
Automatically craft intelligent payloads for SQL injection, XSS, XXE, LDAP injection, and more.
Generate custom, real-world exploits tailored to the target system.
๐ Vulnerability Detection:
Detect advanced vulnerabilities like GraphQL injection, mass assignment, and SAML injection.
Perform automated discovery of misconfigurations and privilege escalation vectors.
Perform an nmap scan of the entire network and automatically test and find working CVE's against the target
โก Advanced Attack Modules:
Support for SAML injection, NoSQL Injection, HPP (HTTP Parameter Pollution), Mass Assignment Exploits, and more.
Real-time detection of issues with categorized severity levels.
๐ ๏ธ Custom Payload Integration:
Import your own payloads or let the AI dynamically generate payloads to test edge cases.
๐ Wide Application Support:
Web applications
REST APIs
GraphQL endpoints
SAML authentication systems
๐ Safe and Legal:
Designed for authorized security testing.
Built-in logging for traceability during penetration tests.
Clone the repository directly from GitHub:
--target:
This is the target URL you want to test. For example, entering http://your-website.com will direct all testing activities to that website. This is the primary input for the tests and is required for every execution.
--wordlist:
The wordlist is a text file containing a list of potential usernames or passwords, usually for brute-force or credential stuffing attacks. This wordlist provides the tool with a variety of login attempts, simulating different user input combinations.
--jwt:
JWT stands for JSON Web Token. Here, you provide an existing JWT that you want the tool to manipulate to test for cryptographic vulnerabilities. By adjusting elements within the token, the framework can reveal weaknesses in how authentication data is verified or validated.
--proxy:
This option lets you set a specific proxy, such as http://127.0.0.1:8080. Using a proxy is essential for routing traffic through a third-party server or monitoring requests. It helps test from various network locations or analyze requests in tools like Burp Suite.
--auto-ml:
Enabling --auto-ml will activate machine learning capabilities to predict vulnerability likelihood based on previous outcomes. This uses data from past tests to make better attack decisions, optimizing and prioritizing methods that are most likely to succeed.
--saml_attack:
This activates SAML (Security Assertion Markup Language) attack testing. SAML is used in Single Sign-On (SSO) environments. Testing these attacks includes methods like XML signature wrapping, replay, or stripping to identify SAML-based weaknesses.
--tor:
When enabled, --tor will route traffic through the Tor network, providing anonymity and IP rotation. This feature helps avoid detection or rate-limiting mechanisms on the target application. Remember to have Tor installed and running for this option.
--breached_creds:
Specify a file containing breached or compromised credentials. This is used to simulate credential stuffing attacks, where known breached usernames and passwords are tested against the target. It's particularly useful for identifying weak or reused passwords.
--mfa_bypass:
Multi-Factor Authentication (MFA) is a secondary security layer. This option tests for potential MFA bypass methods, such as guessing backup codes or testing weaknesses in MFA implementation. This option activates only if the tool detects an MFA requirement during login.
--rate_limit_delay:
This option sets a custom delay (in seconds) between each login attempt. It's designed to avoid triggering the target's rate-limiting protections. For example, setting --rate_limit_delay 5 inserts a pause of 5 seconds between each login attempt, making detection harder and allowing low-frequency password spraying.
Update Your System
Before installing Tor, ensure your system is up-to-date.
Install Tor
Use the following command to install Tor from the default repositories:
Check the Status of Tor
Once installed, you can check the status of the Tor service to ensure itโs properly set up:
Start the Tor Service
If the service is not running, you can start it using:
Once you compile both scripts, install all required libraries from requirements.txt, then build the backend.py to get this
Screen.Recording.2024-11-21.at.5.33.42a.PM.MOV
Screen.Recording.2024-11-21.at.5.33.42a.PM.2.mp4
The Zebra Infiltrator UI is designed to provide a clean, user-friendly experience while delivering powerful network scanning and vulnerability assessment capabilities. Below is a detailed breakdown of the application's interface:
Located on the left-hand side of the application, the navigation panel provides quick access to key features:
Home: Redirects to the main dashboard.
Start a Scan: Opens a form to input IPs or domain names for scanning. This includes an "Add" button for customization.
Previous Scans: Displays a collapsible list of previous scans, showing scan names and completion status (e.g., "Completed").
About Infiltrate AI: Provides information about the platform.
Profile: Links to user profile settings and account details.
The central area of the UI when you click "Start a Scan":
Input field labeled "Enter the IP/Domain Name": Allows users to input the target for scanning.
Dropdown menu labeled "Type": Choose between "URL" or "IP" to specify the type of scan.
Scan Button: Initiates the scan process.
This tab summarizes key information about the scanned system:
Host: Displays the IP address or hostname.
OS: Shows the operating system version.
OS Versions: Lists detected OS variations.
Available Ports Table: Details ports, protocols, states (open/closed), services, and vulnerabilities detected for each port.
The vulnerability dashboard offers a high-level overview of the scan results:
Total Vulnerabilities: Displays the number of detected vulnerabilities.
Clean Ports: Shows the number and percentage of secure ports.
Critical Vulnerabilities: Number and percentage of vulnerabilities classified as "Critical."
Medium Vulnerabilities: Number and percentage of vulnerabilities classified as "Medium."
Low Vulnerabilities: Number and percentage of vulnerabilities classified as "Low."
Charts:
Pie Chart: Displays vulnerability severity distribution.
Bar Graph: Shows vulnerabilities per port.
The interactive table provides detailed vulnerability information:
Ordering by Severity: Allows sorting vulnerabilities based on severity.
CVE Entries: Displays CVE (Common Vulnerabilities and Exposures) IDs along with associated ports and protocols.
Interactive Details: Users can click on entries for detailed information about each vulnerability.
When selecting a specific vulnerability, detailed information is displayed:
Fix Cost: Estimated cost to address the vulnerability.
Time Estimate: Duration needed to resolve the issue.
Action Plan:
Identify systems affected.
Download necessary patches.
Backup critical data.
Apply patches.
Test and monitor systems post-fix.
Skills Needed: Lists required skills for resolution, such as "Network Security," "Patch Management," etc.
Usage of this tool for unauthorized activities is strictly prohibited. This framework is intended for educational purposes and authorized penetration testing only. It is the user's responsibility to comply with all applicable laws and regulations. The developers assume no liability for any misuse or damage caused by this program. Always test responsibly.