Attack graphs, bayesian networks and backTrack tools

[other1]

Some time ago I had this idea of mine of turning my attack graphs into bayesian networks. The aim of this is to automate the attacks. I have learned that the idea was not new:
see: http://www.iaeng.org/publication/IME...p1194-1199.pdf
So I started to learn and implement the theory. I am a student so I can waste as much time as I want .
Anyway I am still at prerequisites part, testing libs, understanding theory.
What I liked about backTrack is it's organization of tools.
So today I extracted the menu, information about the tools from the wiki and put them into a weighted organic graph.
Mainly eye candy...

I have a uploaded on mediafire:
graph0.graphml

Use yEd to view the graph:
yEd - Graph Editor

[KMDave]

I prefer to look at the menu, the graph is pretty confusing at the first look

On a more serious note, nice job.

[Guerreiro]

Wow, that is intensive work, but very awesome! If you finished completely can you post that one too ?

[other1]

I refactored the paper from the first post to make it easier to understand.
https://docs.google.com/document/edi...thkey=CKOHtIkH



The graph I made has raised a question about it's structure.
The structure of the graph is like this:
backTrack->category_of_tools->tool->description_of_tool(optional)
The number assigned to a vertice is based on the number of incoming and outgoing edges. In this case the outgoing edges are important.

"BT-Information-Gathering-Searchengine" is a category, so is "BT-Penetration-Metasploit-3".
Why has metasploit a lower score then the search engine category?
This is because metasploit has few successors, but we all know how big metasploit is. So you I have to my scripts to go further in the tools to extract components.