PHOENIX, Aug. 8, 2019 /PRNewswire/ -- Bishop Fox, the largest private professional services firm focused on offensive security testing, has created a new AI-based, open source pentesting tool called Eyeballer. Senior Security Associate Dan Petro and Senior Security Analyst Gavin Stroy presented Eyeballer to the world today at a 2019 Black Hat Arsenal presentation, "A Picture is Worth a Thousand Vulns – Weaponized Machine Learning to Target Website Screenshots," in Las Vegas.
The machine learning Eyeballer tool was designed to help pentesters quickly identify what websites are "interesting" – and which ones aren't – when looking at a large-scale external perimeter. Notably, Eyeballer doesn't actually "hack into" anything. Its whole job is to look at screenshots of websites and identify the ones that are most likely to contain actionable leads for the human hacker.
"We strongly believe that the future of hacking includes augmenting human expertise with AI analysis. While there are a number of AI tools on the defensive side, there are few, if any, that pentesters can use for offensive security," said Petro. "With Eyeballer, we wanted to make a practical pentesting tool that would help every offensive hacker do their jobs better and faster."
Eyeballer uses a convolutional neural network to sift through mountains of screenshots and tells the hacker what is likely to have vulnerabilities and what isn't, just by looking at it. Specifically, Eyeballer tags images with one or more labels that are of specific value to pentesters: things that human beings typically are looking for during large scale external engagements. For example: Is the site old-looking? Does it have a login? Is it the homepage of the app? Is this a custom 404 page?
In particular, finding websites that "look old" is extremely valuable when trying to break in. Old websites have a distinct look-and-feel that is hard to pinpoint an exact definition for, and impossible to make a traditional signature on. Yet, they're extremely valuable targets for pentesters. Having AI that can identify "old looking" websites is extremely useful.
"In terms of accuracy, our latest Eyeballer models are hitting a benchmark of approximately 92% overall accuracy on an evaluation dataset," add Stroy. "Eyeballer is a practical pentesting tool that security professionals can use now in the real world."
Bishop Fox is releasing both the source code behind Eyeballer and their training dataset of thousands of carefully curated website screenshots. Click here to download the tool.
About Bishop Fox
Bishop Fox is the largest private professional services firm focused on offensive security testing. Since 2005, the firm has provided security consulting services to the world's leading organizations — working with over 25% of the Fortune 100 — to help secure their products, applications, networks, and cloud resources with penetration testing and security assessments. In February 2019, Bishop Fox closed $25 million in Series A funding from ForgePoint Capital, which will allow the company to continue to grow its research capabilities and develop next generation offensive security technologies. The company is headquartered in Phoenix, AZ and has offices in Atlanta, GA; San Francisco, CA; New York, NY; and Barcelona, Spain.
SOURCE Bishop Fox