๐Ÿ”’SecurityRepoIndex

DeepExploit

Research framework that applies deep reinforcement learning to learn multi-step attack chains

3.7/ 52,200 GitHub starsPythonMIT

โšก TL;DR

What
Research framework that applies deep reinforcement learning to learn multi-step attack chains
Who
Security Researchers, RL/ML practitioners, Red Teams studying automation
Catch
Long training time (hours to days for meaningful results)
Verdict
โญโญโญโญ Recommended

๐ŸŽฏ The Problem It Solves

Most offensive tools follow static playbooks. DeepExploit asks a different question: can an RL agent LEARN to chain exploits by trial-and-error in a simulated network? The answer is yes โ€” with caveats. It trains a deep Q-network against Metasploit modules to discover multi-step attack paths, treating pentesting as a sequential decision problem. It is NOT a production tool; it is a research platform for studying how RL maps to real attack graphs.

๐Ÿ”ง How It Works

DeepExploit models pentesting as a Markov Decision Process. The state is the current compromise (owned hosts, open services), the actions are Metasploit modules (exploit/windows/smb/ms17_010_eternalblue, etc.), and the reward is reaching a goal host. A DQN agent explores this space over thousands of episodes, learning which module-sequence gets from a low-priv foothold to Domain Admin. You train it in your simulated lab environment (Metasploit + vulnerable VMs), then deploy the learned policy against a new target. The project is built on ChainerRL and requires a working Metasploit installation.

๐Ÿš€ Installation & Quick Start

Installation

git clone https://github.com/13o-bbr-bbq/DeepExploit.git
cd DeepExploit
pip install -r requirements.txt
# Metasploit must be installed and msfrpcd running
msfrpcd -P yourpassword -S -f

Quick Start

  1. git clone https://github.com/13o-bbr-bbq/DeepExploit && cd DeepExploit
  2. pip install -r requirements.txt
  3. Start msfrpcd: msfrpcd -P yourpassword -S -f
  4. Train: python deepexploit.py train --episodes 1000
  5. Run against your lab: python deepexploit.py run --target 10.0.0.0/24

โœ… Pros

  • โ€ขNovel, research-grade approach to attack-path automation
  • โ€ขLearns unexpected chains a static playbook would miss
  • โ€ขTightly integrated with Metasploit's module library
  • โ€ขExcellent for understanding RL applied to security

โŒ Cons

  • โ€ขLong training time (hours to days for meaningful results)
  • โ€ขReward design is brittle and task-specific
  • โ€ขNot validated on real modern environments
  • โ€ขProject is largely inactive since ~2022

๐Ÿ’ฌ Practitioner Verdict

"DeepExploit is a fascinating research artifact that proves RL CAN learn multi-step attack chains. It is NOT a tool you run before a pentest on Monday. If you're a security researcher studying ML-based attack automation, it's worth studying. If you're a pentester who wants to hack something this week, look elsewhere."
โ€” Emmanuel, Security Reviewer

๐Ÿ“Š Specifications

Language
Python
License
MIT
Platform
Linux, macOS, Windows
Kill Chain
Research / Exploitation modelling
MITRE ATT&CK
T1595, T1592, T1210

๐Ÿ’ฐ Pricing Reality

DeepExploit is free (MIT). Costs are pure research compute: GPU time for training (recommended) and a lab of vulnerable VMs.

๐Ÿ‘ฅ Community Health

Stars2,200
Forks275
Contributors44
Health Score4.8/10

๐Ÿท๏ธ Tags

AgentsLLM

๐ŸŽฌ Video Tutorials

DeepExploit RL Pentesting Demo

DeepExploit ยท 18K views ยท 16:40