# Mechanical Phish auto-exploit auto-patch kit lands on GitHub



## JMH3143

> One of the top-three in DARPA's recent cyber-challenge, Mechanical Phish, has been open sourced at GitHub.
> 
> The Cyber Grand Challenge posed a hellish problem indeed: write software that could expose bugs (a la Metasploit) _and_ patch them, without human intervention.
> 
> In that competition, team (led by UC Santa Barbara's Giovanni Vigna) Shellphish came third with Mechanical Phish, behind Carnegie Mellon's first placegetting ForAllSecure team and the University of Virginia / GrammaTech TechX team.
> 
> Warning: installation won't be for the faint-hearted, because not only can Mechanical Phish be “an ordeal” to set up, but also because at this stage documentation is, ahem, incomplete.
> 
> Mechanical Phish is based on the UC Santa Barbara angr binary analysis framework, which at least has better documentation than the competition entry, at this stage.
> 
> “Absent” might be as good a word, as the project explains: “There is very little documentation of the whole thing. This is something that we would love community involvement for (although it's admittedly a chicken-and-egg problem).”


Mechanical Phish auto-exploit auto-patch kit lands on GitHub â€¢ The Register


----------

