2023MARTIN/cyberisk-ai-pentest-lab

# 网络安全风险-AI渗透测试实验室 CYBERISK LLC 推出的人工智能驱动的进攻性安全实验室，包含 PentestGPT、红队实验室、云安全测试、DevSecOps 自动化及高级渗透测试实验。 # 概述 CYBERISK AI Pentest LAB 是由 CYBERISK LLC 开发的高级进攻性安全与人工智能驱动渗透测试实验室。 该仓库旨在： - 模拟现实世界网络攻击 - 构建进攻性安全工作流 - 将人工智能集成到渗透测试操作中 - 自动化漏洞评估 - 实践红队技术 - 验证云安全架构 - 展示 DevSecOps 安全能力 本实验室融合了： - 人工智能 - 渗透测试 - 云安全 - DevSecOps - 红队运营 - 安全基础设施验证 # 目标 - 构建现代化的人工智能辅助渗透测试工作流 - 在隔离环境中安全实践进攻性安全技术 - 开发云原生安全测试方法论 - 研究人工智能在网络安全领域的应用 - 创建可复用的渗透测试自动化脚本 - 模拟企业及政府安全场景 - 提升检测与响应能力 # 技术与工具 ## 进攻性安全 - Nmap - Burp Suite - Metasploit 框架 - Gobuster - ffuf - Hydra - Wireshark - Nikto - SQLMap - John The Ripper ## 人工智能与自动化 - PentestGPT - OpenAI API - Ollama - LangChain - MCP 服务器 - Python 自动化 - 人工智能辅助报告 ## 云与 DevSecOps - AWS - Docker - Kubernetes - NGINX - GitHub Actions - Terraform - CI/CD 安全流水线 # 实验室结构 ``` cyberisk-ai-pentest-lab/ │ ├── docs/ ├── screenshots/ ├── scripts/ ├── pentestgpt/ ├── ai-security/ ├── labs/ │ ├── dvwa/ │ ├── juice-shop/ │ ├── metasploitable/ │ └── active-directory/ │ ├── reports/ ├── automation/ └── docker/ Included Labs DVWA (Damn Vulnerable Web Application) Practice: SQL Injection XSS CSRF Command Injection File Inclusion OWASP Juice Shop Practice: Modern Web Application Exploitation JWT attacks Authentication bypass API testing Broken Access Control Metasploitable Practice: Linux exploitation Service enumeration Privilege escalation Vulnerability validation Active Directory Lab Practice: Kerberoasting Lateral movement NTLM attacks Privilege escalation Windows domain exploitation AI-Powered Pentesting This lab explores the integration of AI into: reconnaissance payload generation vulnerability analysis attack path recommendations automated report generation defensive security validation Security Notice This repository is strictly intended for: educational purposes authorized security testing research environments ethical hacking practice Unauthorized use against systems without explicit permission is prohibited. Future Enhancements AI Red Team Assistant Automated pentest report generation Cloud attack simulations Kubernetes security labs AWS offensive security scenarios Detection engineering SIEM integrations Purple Team simulations Developed By CYBERISK LLC Cybersecurity • Cloud Security • AI Security • DevSecOps • Offensive Security Founder: Dr. Martin Guillaume Tchio Tchinda Connect GitHub https://github.com/2023MARTIN Company https://www.cyberisk.company License MIT License Disclaimer The authors assume no liability and are not responsible for any misuse or damage caused by this repository. Use responsibly and ethically. ```

标签：CTI, Petitpotam, 子域名突变, 漏洞利用检测, 请求拦截, 逆向工具