Advanced AI-Powered Penetration Testing and Cybersecurity Framework
Metasploit-AI is a cutting-edge cybersecurity framework that combines the power of Metasploit with advanced artificial intelligence and machine learning capabilities. Designed for cybersecurity professionals, ethical hackers, and penetration testers, this framework automates and enhances traditional penetration testing workflows with intelligent vulnerability assessment, exploit recommendation, and payload optimization.
Created by Yashab Alam, Founder & CEO of ZehraSec
- Intelligent Vulnerability Analysis: Machine learning models for vulnerability classification and risk assessment
- Smart Exploit Recommendation: AI-driven exploit selection based on target characteristics
- Adaptive Payload Generation: Dynamic payload creation and optimization using neural networks
- Automated Evasion: AI-based techniques to evade detection systems
- Multi-threaded Network Scanning: Fast and comprehensive network reconnaissance
- Service Enumeration: Detailed service detection and version identification
- OS Fingerprinting: Advanced operating system detection
- Stealth Scanning: Evasive scanning techniques to avoid detection
- Automated Exploit Execution: Smart exploit chaining and execution
- Success Probability Prediction: ML-based exploit success rate estimation
- Session Management: Advanced post-exploitation session handling
- Real-time Monitoring: Live exploitation status and progress tracking
- Web Interface: Modern, responsive web dashboard with Bootstrap 5
- Desktop GUI: CustomTkinter-based desktop application with dark theme
- CLI Interface: Rich command-line interface with syntax highlighting and auto-completion
- REST API: Comprehensive API endpoints for integration and automation
- Real-time Updates: WebSocket support for live updates across all interfaces
- Automated Report Generation: AI-enhanced penetration testing reports
- Risk Assessment: Intelligent risk scoring and prioritization
- Compliance Mapping: NIST, OWASP, and other framework alignment
- Executive Summaries: Business-focused security summaries
- Python 3.8+
- Metasploit Framework
- Operating System: Linux (Kali Linux recommended), macOS, or Windows WSL
# Clone the repository
git clone https://github.com/yashab-cyber/metasploit-ai.git
cd metasploit-ai
# Run the setup script
python setup.py
# Install dependencies
pip install -r requirements.txt
# Initialize the framework
python app.py --mode web# Build the Docker image
docker build -t metasploit-ai .
# Run the container
docker run -d -p 8080:8080 --name msf-ai metasploit-aiFor detailed installation instructions, including Metasploit setup and configuration, see the Installation Guide.
The framework supports multiple interfaces to suit different use cases:
| Interface | Best For | Command |
|---|---|---|
| ๐ฅ๏ธ CLI | Automation, scripting, remote access | python app.py --mode cli |
| ๐ Web | Team collaboration, remote access | python app.py --mode web |
| ๐ฑ๏ธ GUI | Desktop users, visual workflow | python app.py --mode gui |
# Start the web interface
python app.py --mode web --host 0.0.0.0 --port 8080
# Open your browser to http://localhost:8080
# Default credentials: admin/adminFeatures:
- Modern Bootstrap 5 dashboard
- Real-time updates via WebSocket
- Multi-user session management
- Responsive design for mobile/tablet
- Comprehensive API endpoints
# Install GUI dependencies
pip install customtkinter pillow
# Start the desktop GUI
python app.py --mode guiFeatures:
- Modern dark-themed interface with CustomTkinter
- Native desktop integration
- Real-time scanning and exploitation
- AI-powered recommendations and analysis
- Interactive session management
- Comprehensive reporting tools
- Drag-and-drop target import
# Start the CLI
python app.py --mode cli
# Basic commands
msf-ai> status # Check framework status
msf-ai> scan 192.168.1.0/24 # Scan network
msf-ai> recommend # Get exploit recommendations
msf-ai> exploit 1 # Execute recommended exploit
msf-ai> sessions list # List active sessions# API mode will be available in future releases
# Currently available through web interface endpoints
python app.py --mode web --port 8080
# Example API calls
curl -X POST http://localhost:8080/api/scan \
-H "Content-Type: application/json" \
-d '{"target": "192.168.1.100", "scan_type": "comprehensive"}'# Python API example
from src.core.framework import MetasploitAIFramework
from src.core.config import Config
# Initialize framework
config = Config.load_config()
framework = MetasploitAIFramework(config)
await framework.initialize()
# Run automated penetration test
targets = ["192.168.1.100", "192.168.1.101"]
results = await framework.automated_penetration_test(targets)
# Generate report
report = await framework.report_generator.generate_pentest_report(results)# Advanced vulnerability analysis
scan_result = await framework.scan_target("192.168.1.100", "comprehensive")
vulnerabilities = await framework.vuln_analyzer.analyze(scan_result)
# Get AI recommendations
recommendations = await framework.recommend_exploits("192.168.1.100", vulnerabilities)
# Execute top recommendation
if recommendations:
result = await framework.execute_exploit(
"192.168.1.100",
recommendations[0]['exploit_name']
)Edit config/default.yaml:
framework:
name: "Metasploit-AI"
version: "1.0.0"
debug: false
metasploit:
host: "127.0.0.1"
port: 55553
username: "msf"
password: "msf"
ai:
enabled: true
models_path: "data/models"
openai_api_key: "your-openai-key"
security:
api_key_required: true
rate_limit: 100
max_concurrent_scans: 5For advanced configuration options, see the Configuration Guide.
The framework includes several pre-trained AI models:
- Vulnerability Classifier: Categorizes and scores vulnerabilities
- Exploit Recommender: Suggests optimal exploits for targets
- Payload Optimizer: Generates and optimizes payloads
- Evasion Engine: Applies anti-detection techniques
# Train vulnerability classifier
python scripts/train_models.py --model vulnerability_classifier --data data/vulns.csv
# Train exploit recommender
python scripts/train_models.py --model exploit_recommender --data data/exploits.csv- Executive Summary: High-level business impact analysis
- Technical Report: Detailed vulnerability and exploit information
- Compliance Report: NIST, ISO 27001, PCI DSS compliance mapping
- Remediation Guide: Step-by-step fix recommendations
# Generate custom report
from src.modules.report_generator import ReportGenerator
generator = ReportGenerator(config)
report = await generator.generate_custom_report(
scan_results=results,
template="custom_template.html",
include_charts=True,
include_raw_data=False
)- Obtain proper authorization before testing any systems
- Comply with all applicable laws and regulations
- Use responsibly and ethically
- Not use for malicious purposes
- Audit Logging: Comprehensive logging of all activities
- Access Control: Role-based access control and API keys
- Encryption: Encrypted communications and data storage
- Rate Limiting: Protection against abuse and DoS
We welcome contributions from the cybersecurity community!
# Clone and setup development environment
git clone https://github.com/yashab-cyber/metasploit-ai.git
cd metasploit-ai
# Install development dependencies
pip install -r requirements-dev.txt
# Run tests
pytest tests/
# Run linting
flake8 src/
black src/- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
See CONTRIBUTING.md for detailed guidelines.
# Run all tests
pytest
# Run specific test category
pytest tests/test_scanner.py
pytest tests/test_ai_models.py
pytest tests/test_exploits.py
# Run with coverage
pytest --cov=src tests/-
Metasploit Connection Failed
# Start Metasploit RPC server sudo msfconsole -x "load msgrpc ServerHost=127.0.0.1 ServerPort=55553 User=msf Pass=msf"
-
AI Models Not Loading
# Download pre-trained models python scripts/download_models.py -
Permission Errors
# Fix permissions sudo chown -R $USER:$USER data/ logs/
For more troubleshooting help, see TROUBLESHOOTING.md.
We welcome contributions from the cybersecurity community! Please read our contributing guidelines before getting started.
- Contributing Guide - How to contribute to the project
- Code of Conduct - Community standards and expectations
- Security Policy - Security vulnerability reporting
- Development Setup - Setting up your development environment
- API Documentation - Complete API reference
Please review our Security Policy for information on:
- Reporting security vulnerabilities
- Responsible disclosure guidelines
- Security best practices
- Bug bounty information
If you find this project helpful, consider supporting its development:
- โญ Star the repository
- ๐ด Fork and contribute
- ๐ Make a donation
- ๐ข Share with the community
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.
This software is provided for educational and authorized testing purposes only. The authors and contributors are not responsible for any misuse or damage caused by this software. Users are solely responsible for ensuring they have proper authorization before using this tool on any systems.
- Metasploit Framework - The foundational exploitation framework
- NIST Cybersecurity Framework - Security guidelines and standards
- OWASP - Web application security methodology
- CVE/NVD - Vulnerability database and scoring
- The Cybersecurity Community - For continuous research and innovation
- Website: www.zehrasec.com
- Instagram: @_zehrasec
- Facebook: ZehraSec Official
- X (Twitter): @zehrasec
- LinkedIn: ZehraSec Company
- GitHub: @yashab-cyber
- Instagram: @yashab.alam
- LinkedIn: Yashab Alam
- Email: yashabalam707@gmail.com
- Documentation: Installation Guide
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- WhatsApp Business: ZehraSec Channel
Made with โค๏ธ by Yashab Alam and the ZehraSec Team
Advancing Cybersecurity Through AI Innovation
ZehraSec Website โข GitHub Repository โข Issues โข Documentation