GBHackers come across a new ChatGPT-powered Penetration testing Tool called “PentestGPT” that helps penetration testers to automate their pentesting operations.
PentestGPT has been released on GitHub under the operator “GreyDGL,” a Ph.D. student at Nanyang Technological University, Singapore.
It is constructed on top of ChatGPT and works in an interactive way to direct penetration testers during general and particular procedures.
To access the PentestGPT Tool, ChatGPT plus member is required as it relies on GPT-4 model for high-quality reasoning, also no public GPT-4 API yet.
To support PentestGPT, a wrapper for ChatGPT sessions has been added.
According to GreyDGL, “It is designed to automate the penetration testing process.
It is built on top of ChatGPT and operates in an interactive mode to guide penetration testers in both overall progress and specific operations.”
PentestGPT is capable of solving simple to moderate HackTheBox machines as well as other CTF puzzles.
You could discover this example in the materials we used to tackle the TEMPLATED HackTheBox challenge.
You can check here the sample testing process of PentestGPT on a target VulnHub machine (Hackable II).
Here is a quick video demonstrated by GreyDGL about how effectively pentesters can use the PentestGPT.
Installation:
requirements.txt with pip install -r requirements.txtconfig. You may follow a sample by cp config/chatgpt_config_sample.py config/chatgpt_config.py. If you’re using cookies: Inspect - Network, find the connections to the ChatGPT session page.https://chat.openai.com/api/auth/session and paste it into the cookie field of config/chatgpt_config.py. (You may use Inspect->Network, find a session, and copy the cookie field in request_headers to https://chat.openai.com/api/auth/session)userAgent with your user agent.chatgpt_config.py.python3 test_connection.py. You should see some sample conversations with ChatGPT.1. You're connected with ChatGPT Plus cookie. To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-4> ## Test connection for OpenAI api (GPT-4) 2. You're connected with OpenAI API. You have GPT-4 access. To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-4 --useAPI> ## Test connection for OpenAI api (GPT-3.5) 3. You're connected with OpenAI API. You have GPT-3.5 access. To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-3.5-turbo --useAPI>https://chat.openai.com/backend-api/conversations. Please submit an issue if you encounter any problems.The handler is the main entry point of the penetration testing tool. It allows pentesters to perform the following operations:
There are 3 modules added with PentestGPT.
You can read the complete details here on GitHub and the top 30 best penetration testing tools.
Best DNS Management Tools play a crucial role in efficiently managing domain names and their…
Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS environments…
Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling them…
SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases from…
In late October 2024, a coordinated IP spoofing attack targeted the Tor network, prompting abuse…
The Metasploit Framework, a widely used open-source penetration testing tool maintained by Rapid7, has introduced…