DeepExploit
Research framework that applies deep reinforcement learning to learn multi-step attack chains
โก TL;DR
๐ฏ The Problem It Solves
Most offensive tools follow static playbooks. DeepExploit asks a different question: can an RL agent LEARN to chain exploits by trial-and-error in a simulated network? The answer is yes โ with caveats. It trains a deep Q-network against Metasploit modules to discover multi-step attack paths, treating pentesting as a sequential decision problem. It is NOT a production tool; it is a research platform for studying how RL maps to real attack graphs.
๐ง How It Works
DeepExploit models pentesting as a Markov Decision Process. The state is the current compromise (owned hosts, open services), the actions are Metasploit modules (exploit/windows/smb/ms17_010_eternalblue, etc.), and the reward is reaching a goal host. A DQN agent explores this space over thousands of episodes, learning which module-sequence gets from a low-priv foothold to Domain Admin. You train it in your simulated lab environment (Metasploit + vulnerable VMs), then deploy the learned policy against a new target. The project is built on ChainerRL and requires a working Metasploit installation.
๐ Installation & Quick Start
Installation
git clone https://github.com/13o-bbr-bbq/DeepExploit.git
cd DeepExploit
pip install -r requirements.txt
# Metasploit must be installed and msfrpcd running
msfrpcd -P yourpassword -S -fQuick Start
- git clone https://github.com/13o-bbr-bbq/DeepExploit && cd DeepExploit
- pip install -r requirements.txt
- Start msfrpcd: msfrpcd -P yourpassword -S -f
- Train: python deepexploit.py train --episodes 1000
- Run against your lab: python deepexploit.py run --target 10.0.0.0/24
โ Pros
- โขNovel, research-grade approach to attack-path automation
- โขLearns unexpected chains a static playbook would miss
- โขTightly integrated with Metasploit's module library
- โขExcellent for understanding RL applied to security
โ Cons
- โขLong training time (hours to days for meaningful results)
- โขReward design is brittle and task-specific
- โขNot validated on real modern environments
- โขProject is largely inactive since ~2022
๐ฌ Practitioner Verdict
"DeepExploit is a fascinating research artifact that proves RL CAN learn multi-step attack chains. It is NOT a tool you run before a pentest on Monday. If you're a security researcher studying ML-based attack automation, it's worth studying. If you're a pentester who wants to hack something this week, look elsewhere."
๐ Specifications
- Language
- Python
- License
- MIT
- Platform
- Linux, macOS, Windows
- Kill Chain
- Research / Exploitation modelling
- MITRE ATT&CK
- T1595, T1592, T1210
๐ฐ Pricing Reality
DeepExploit is free (MIT). Costs are pure research compute: GPU time for training (recommended) and a lab of vulnerable VMs.
๐ฅ Community Health
๐ท๏ธ Tags
๐ฌ Video Tutorials
DeepExploit RL Pentesting Demo
DeepExploit ยท 18K views ยท 16:40