Team makes system for automatically finding and patching leaks open source

The team behind the ‘Mechanical Phish’ system made this open source on GitHub. With this system, the Shellphish team managed to take third place in the Darpa Cyber ​​Grand Challenge in early August. It is able to automatically find and patch software leaks.

In a post accompanying the GitHub project, the team writes that the software is “extremely complicated.” This has to do with the fact that there was no similar system before the Cyber ​​Grand Challenge, the makers explain. Therefore, Mechanical Phish features a large number of ‘raw’ components and lacks documentation in many areas. The self-proclaimed hacker collective Shellphish therefore hopes that the community will pick up on the project and improve it, especially on this last point.

The team also warns that Mechanical Phish is difficult to set up. Some components of the project have their own GitHub pages, and others fall under the main project. For example, vulnerabilities are found by the Rex component and the Patcherex component is responsible for patching. Everything is then held together by the Worker component.

The final of the Cyber ​​Grand Challenge took place in the American city of Las Vegas at the beginning of August. This was the first time a tournament had taken place where the participating systems had to automatically discover leaks in each other’s software while simultaneously fixing vulnerabilities of their own. The tournament was won by the ForAllSecure team’s Mayhem system, earning that team $2 million. The American Darpa has organized the tournament to support the development of systems that can independently perform security tasks.