Kali Linux

Shennina : Automating Host Exploitation With AI

Shennina is an automated host exploitation framework. The mission of the project is to fully automate the scanning, vulnerability scanning/analysis, and exploitation using Artificial Intelligence. Shennina is integrated with Metasploit and Nmap for performing the attacks, as well as being integrated with an in-house Command-and-Control Server for exfiltrating data from compromised machines automatically.

This was developed by Mazin Ahmed and Khalid Farah within the HITB CyberWeek 2019 AI challenge. The project is developed based on the concept of DeepExploit by Isao Takaesu.

Shennina scans a set of input targets for available network services, uses its AI engine to identify recommended exploits for the attacks, and then attempts to test and attack the targets. If the attack succeeds, Shennina proceeds with the post-exploitation phase.

The AI engine is initially trained against live targets to learn reliable exploits against remote services.

Shennina also supports a “Heuristics” mode for identfying recommended exploits.

The documentation can be found in the Docs directory within the project.

Features

  • Automated self-learning approach for finding exploits.
  • High performance using managed concurrency design.
  • Intelligent exploits clustering.
  • Post exploitation capabilities.
  • Deception detection.
  • Ransomware simulation capabilities.
  • Automated data exfiltration.
  • Vulnerability scanning mode.
  • Heuristic mode support for recommending exploits.
  • Windows, Linux, and macOS support for agents.
  • Scriptable attack method within the post-exploitation phase.
  • Exploits suggestions for Kernel exploits.
  • Out-of-Band technique testing for exploitation checks.
  • Automated exfiltration of important data on compromised servers.
  • Reporting capabilities.
  • Coverage for 40+ TTPs within the MITRE ATT&CK Framework.
  • Supports multi-input targets.

Why are we solving this problem with AI?

The problem should be solved by a hash tree without using “AI”, however, the HITB Cyber Week AI Challenge required the project to find ways to solve it through AI.

Note

This project is a security experiment.

Legal Disclaimer

This project is made for educational and ethical testing purposes only. Usage of Shennina for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.

Authors

Click Here To Download
R K

Leave a Comment
Share
Published by
R K
Tags: FrameworkmetasploitnmapShennina
2 years ago

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

3 days ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

3 days ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

5 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

1 week ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago