The PentestoBots project - Penetration testing Automation Bots
We are introducing a new area of interest, an extremely new genre of bots - The PentestoBots!
We are aware of the possibilities of Automation, Machine learning, Artificial Intelligence, NLP and chat bots; These technologies are making quite a boom in the industry.
My question is, why cant we include intelligent chat bots to the security equation? Why can't we use Natural language based chat bots for security assessments or vulnerability assessments? That thought lead to the concept of Penetration testing automation chat bots!
We believe, the idea of PentestoBots are going to make a big difference in the cyber security world!
Ongoing Research updates
We are working on a few challenging and innovative enhancements. It'll be updated here, after the next public presentation.
Other than the enhancements mentioned above, I’m working for the goals which was mentioned in the previous presentation. For example, Integrating with advanced "AI/NLP/Deep learning/Context based" libraries for better human like bahaviour; The idea is to perform a basic penetration testing or security assessment with the help of PentestoBot, including report generation and vulnerability management. Just imagine, penetration tester or dev team member asking our bot to perform an initial penetration test or security assessment against a web application or host. It’ll perform a basic assessment and comes back to you with a report! and many many more things! How cool that would be ?? Sky is the limit right??
Don’t worry guys, PentestoBots are not gonna take over our jobs! Just consider him as an awesome team mate, who is willing to help you on anything, and has extreme knowledge about Cyber security.
Manual security testing cannot be automated in an utmost level till now! (May be we have to re-think about that! Some greatest minds on the planet earth, still working to push Cognitive AI to reality. Let’s see what happens next!)
Previous reasearch and protypes
Old version of PentestoBots are more concentrated on the outomation of security testing of web applications. Please have a look at this article in my blog.
Demo video of previous bot prototype - Web application security testing automation
Video from the BSides 2017 talk