Nvidia Unveils Futuristic Gaming Experience at Computex 2023
News

Nvidia Unveils Futuristic Gaming Experience at Computex 2023, Blending Gaming and AI

by Isabel
May 29, 2023
0

At Computex 2023, Nvidia displays a futuristic gaming experience that...

Read more
Adobe Introduces Powerful Generative AI Tools in Photoshop

Adobe Introduces Powerful Generative AI Tools in Photoshop Beta

May 29, 2023
Adobe Photoshop's Generative Fill Feature

Exploring the Power of Adobe Photoshop’s Generative Fill Feature

May 27, 2023
NVIDIA and Microsoft Partner to Accelerate AI

NVIDIA and Microsoft Partner to Accelerate AI

May 25, 2023
google photos security and privacy

Exploring the Top 5 Privacy and Security Risks of using Google Photos

May 24, 2023
AutoGPT plugins

Simplify Your Email Life with AutoGPT Plugins

May 5, 2023
Semantic kernel

Semantic Kernel for Natural Language Processing

May 29, 2023
ChatGPT Error

ChatGPT Errors: How to Resolve Common Issues

May 11, 2023
Midjourney Alternatives That Will Blow Your Mind

10 Midjourney Alternatives That Will Blow Your Mind

May 20, 2023
Microsoft Launches Bing with AI Powered ChatGPT

Microsoft Launches Bing with AI Powered ChatGPT

February 8, 2023
Qdrant Vector Search Engine

Qdrant: Boost Your Search Capabilities with Efficient Vector Search

May 9, 2023
Cloudbooklet
  • News
  • Artificial Intelligence
  • Linux
  • Google Cloud
  • AWS
No Result
View All Result
Cloudbooklet
  • News
  • Artificial Intelligence
  • Linux
  • Google Cloud
  • AWS
No Result
View All Result
Cloudbooklet
No Result
View All Result
Home Artificial Intelligence

PentestGPT: A New Tool for Automated Penetration Testing

by Cloudbooklet
May 9, 2023
in Artificial Intelligence
Reading Time: 11 mins read
PentestGPT
Share on FacebookShare on TwitterShare on WhatsAppShare on Telegram

Penetration testing is an important step in determining the security of systems and networks. It involves modelling real-world assaults and identifying weaknesses that malicious actors can exploit. However, penetration testing may be time-consuming, difficult, and tiresome, particularly for beginner testers.

Table of Contents

  1. What is PentestGPT?
  2. Installation
  3. Usage
  4. PentestGPT Function
  5. Features of PentestGPT
  6. FAQs of PentestGPT

What is PentestGPT?

PentestGPT is a program that automates penetration testing procedures by utilizing natural language processing and artificial intelligence. It is capable of creating realistic phishing emails, developing malicious payloads, exploiting vulnerabilities, and performing post-exploitation tasks. PentestGPT is designed to minimize the time and effort necessary for penetration testers to conduct security assessments while also improving the quality and accuracy of their findings.

You might also like

ChatGPT app

The Easiest Way to Download ChatGPT App Free

May 31, 2023
LLM Connected with APIs

Gorilla: LLM Connected with APIs

May 31, 2023

Installation

Create a new directory for downloading the repository.

mkdir pentestgpt

Navigate inside the directory.

cd pentestgpt

Pull the source code from the official Pentest GPT GitHub repository

git clone https://github.com/GreyDGL/PentestGPT.git .

Note the .at the end of the command, this will not create additional directories, instead pull the source code inside the current directory.

Install the required packages by executing the below command:

pip install -r requirements.txt

Next, copy the sample configuration file by running the following command:

cp config/chatgpt_config_sample.py config/chatgpt_config.py

Open the config/chatgpt_config.py file in a text editor and fill in the necessary details based on your preferred authentication method (cookie or API).

Note: If you’re using cookie authentication follow this steps

  • Log in to the ChatGPT session page in your web browser.
  • Open the developer tools by pressing F12 or right-clicking and selecting “Inspect”.
  • Go to the “Network” tab in the developer tools and filter for requests to the ChatGPT session page.
  • Look for a request to https://chat.openai.com/api/auth/session and copy the cookie from the “Request Headers” section.
  • Paste the copied cookie into the cookie field of config/chatgpt_config.py.
  • Fill in the userAgent field with your browser user agent. You can find your user agent by visiting https://www.whatismybrowser.com/detect/what-is-my-user-agent.

Note: If you’re using API authentication Follow this steps

  • Fill in the apiKey field in config/chatgpt_config.py with your OpenAI API key.
  • Save the config/chatgpt_config.py file.
  • To verify that the connection is properly configured, run the following command:
python3 test_connection.py

You should see some sample conversation with ChatGPT, which means your connection is working correctly. here we give sample output below for your knowledge.

1. You're connected with ChatGPT Plus cookie. 
To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-4>
## Test connection for OpenAI api (GPT-4)
2. You're connected with OpenAI API. You have GPT-4 access. To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-4 --useAPI>
## Test connection for OpenAI api (GPT-3.5)
3. You're connected with OpenAI API. You have GPT-3.5 access. To start PentestGPT, please use <python3 main.py --reasoning_model=gpt-3.5-turbo --useAPI>

The cookie verification method described above. If you continue to receive errors after numerous tries, please reload the page, repeat the preceding instructions, and try again. You might also try using the cookie to navigate to https://chat.openai.com/backend-api/conversations. Please submit an issue if you encounter any problem.

Usage

1. Install the required packages by running below code in your terminal.

pip install -r requirements.txt

2. Configure the cookies in config/chatgpt_config.py. Copy the sample file cp config/chatgpt_config_sample.py config/chatgpt_config.py, and fill in the cookie and user agent fields. You may follow the sample by logging into the ChatGPT session page, inspecting the network, finding the cookie in the request header, and pasting it into the cookie field of config/chatgpt_config.py.

3. If you’re using the OpenAI API, fill in the API key in config/chatgpt_config.py.

4. Verify the connection is properly configured by running the below code. You should see a sample conversation with ChatGPT.

python3 test_connection.py

5. Start PentestGPT by running, depending on your preference for the reasoning model and use of API.

python3 main.py --reasoning_model=gpt-4 
python3 main.py --reasoning_model=gpt-4 --useAPI
python3 main.py --reasoning_model=gpt-3.5-turbo --useAPI, 

6. Once PentestGPT is running, you can use the following basic commands:

  • help: show the help message.
  • next: key in the test execution result and get the next step.
  • more: let PentestGPT explain more details of the current step, and create a new sub-task solver to guide the tester.
  • todo: show the to-do list.
  • discuss: discuss with Pentest GPT.
  • google: search on Google (under development).
  • quit: exit the tool and save the output as a log file.

7. Use <SHIFT + right arrow> to end your input and move to the next line.

8. Use TAB to autocomplete the commands.

9. When given a drop-down selection list, use the cursor or arrow keys to navigate the list and press ENTER to select the item. Use <SHIFT + right arrow> to confirm the selection.

10. In the sub-task handler initiated by more, you can execute more commands to investigate a specific problem:

  • help: show the help message.
  • brainstorm: let Pentest GPT brainstorm on the local task for all possible solutions.
  • discuss: discuss with PentestGPT about this local task.
  • google: search on Google (under development).
  • continue: exit the subtask and continue the main testing session.

PentestGPT Function

The handler is the primary point of entry for the penetration testing tool. It enables pentesters to carry out the following tasks:

  1. (Begin with some pre-programmed prompts.)
  2. Begin a new penetration testing session by inputting the target data.
  3. Request a to-do list and learn about the next action to take.
  4. After finishing the operation, send the data to PentestGPT.
    • Send a tool output.
    • Send a webpage’s content.
    • Pass a human description.

There are 3 modules added with PentestGPT.

  • Test generation module: creates the precise penetration testing instructions or processes for users to conduct.
  • Test reasoning module: carries out the test reasoning, directing the penetration testers on what to do next.
  • Parsing module: parses the output of the penetration tools and the contents on the webUI.

You can read the complete details here on GitHub and the top 30 best penetration testing tools.

Features of PentestGPT

PentestGPT can produce custom payloads for a variety of attacks, including SQL injection, cross-site scripting, command injection, and others. PentestGPT will produce an appropriate payload for you if you supply some basic information about the target system and the sort of attack you wish to undertake.

PentestGPT can create commands and scripts for a variety of pentesting tools, including Nmap, Metasploit, and Burp Suite. Simply indicate the tool to be used and the parameters to be specified, and Pentest GPT will produce a command or script for you.

Pentest GPT is capable of producing reports and summaries of pentesting findings. Simply give some raw data or logs from your pentesting operations, and Pentest GPT will develop a report or overview of the major results, dangers, and suggestions.

Pentest GPT can produce realistic phishing emails and landing pages. You only need to supply basic information about the target organization and the sort of phishing campaign you want to conduct, and PentestGPT will produce an email and a landing page that appear convincing and enticing.

FAQs of PentestGPT

What is PentestGPT?

PentestGPT is a ChatGPT-enabled penetration testing tool. Its purpose is to automate the penetration testing procedure. It is built on ChatGPT and works in an interactive mode to help penetration testers through both overall progress and specific procedures.

Do I have to be a member of ChatGPT plus to use PentestGPT?

Yes. PentestGPT’s high-quality reasoning is based on the GPT-4 model. Because there is no public GPT-4 API yet, a wrapper is added to allow Pentest GPT using a ChatGPT session.

Why GPT-4?

After empirical testing, we discovered that GPT-4 performs better than GPT-3.5 in terms of penetration testing logic. In fact, GPT-3.5 causes tests to fail in easy jobs.

what about AutoGPT?

AutoGPT wasn’t built for pentesting. It has the potential to carry out harmful operations. Because of this, we designed Pentest GPT in an interactive mode. Our ultimate goal is, of course, an automated pentest system.

This article helps you learn about PentestGPT. We trust that it has been helpful to you. Please feel free to share your thoughts and feedback in the comment section below.

Share2Tweet1SendShare
Cloudbooklet

Cloudbooklet

Help us grow and support our blog! Your contribution can make a real difference in providing valuable content to our readers. Join us in our journey by supporting our blog today!
Buy me a Coffee

Related Posts

Soundstorm-Pytorch

Soundstorm-Pytorch: A Powerful Tool for Audio Generation

May 30, 2023
Midjourney vs Adobe Firefly

Midjourney vs Adobe Firefly: A Comparison of Two AI Image Generation Tools

May 30, 2023
ChatGPT

How to Use ChatGPT Code Interpreter

May 31, 2023
Leonardo AI Login

How to login and use Leonardo AI to generate high-quality image

May 30, 2023

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

  • Trending
  • Comments
  • Latest
DragGAN The AI-Powered Image Editing Tool

DragGAN: The AI-Powered Image Editing Tool That Makes Editing Images Easy

May 30, 2023
DragGAN AI editing Tool Install and Use DragGAN Photo Editor

DragGAN AI editing Tool Install and Use DragGAN Photo Editor

May 27, 2023
Bard API key

Everything You Need to Know About Google’s Bard API Key

May 20, 2023
Install PHP 8.1 on Ubuntu

How to Install or Upgrade PHP 8.1 on Ubuntu 20.04

May 17, 2023
DragGAN The AI-Powered Image Editing Tool

DragGAN: The AI-Powered Image Editing Tool That Makes Editing Images Easy

75
Upgrade PHP version to PHP 7.4 on Ubuntu

Upgrade PHP version to PHP 7.4 on Ubuntu

28
Install Odoo 13 on Ubuntu 18.04 with Nginx - Google Cloud

Install Odoo 13 on Ubuntu 18.04 with Nginx – Google Cloud

25
Best Performance WordPress with Google Cloud CDN and Load Balancing

Best Performance WordPress with Google Cloud CDN and Load Balancing

23
How to Setup SSH Keys on Ubuntu

How to Setup SSH Keys on Ubuntu 20.04

May 31, 2023
ChatGPT app

The Easiest Way to Download ChatGPT App Free

May 31, 2023
LLM Connected with APIs

Gorilla: LLM Connected with APIs

May 31, 2023
Soundstorm-Pytorch

Soundstorm-Pytorch: A Powerful Tool for Audio Generation

May 30, 2023

Popular Articles

  • DragGAN The AI-Powered Image Editing Tool

    DragGAN: The AI-Powered Image Editing Tool That Makes Editing Images Easy

    1437 shares
    Share 575 Tweet 359
  • DragGAN AI editing Tool Install and Use DragGAN Photo Editor

    333 shares
    Share 133 Tweet 83
  • Auto-Photoshop-Stable Diffusion-Plugin: A New Way to Create AI-Generated Images in Photoshop

    70 shares
    Share 28 Tweet 18
  • InternGPT: A New Way to Interact with ChatGPT

    54 shares
    Share 22 Tweet 14
  • Midjourney vs Adobe Firefly: A Comparison of Two AI Image Generation Tools

    10 shares
    Share 4 Tweet 3
Cloudbooklet

Welcome to our technology blog, where we explore the latest advancements in the field of artificial intelligence (AI) and how they are revolutionizing cloud computing. In this blog, we dive into the powerful capabilities of cloud platforms like Google Cloud Platform (GCP), Amazon Web Services (AWS), and Microsoft Azure, and how they are accelerating the adoption and deployment of AI solutions across various industries. Join us on this exciting journey as we explore the endless possibilities of AI and cloud computing.

  • About
  • Contact
  • Disclaimer
  • Privacy Policy

Cloudbooklet © 2023 All rights reserved.

No Result
View All Result
  • News
  • Artificial Intelligence
  • Linux
  • Google Cloud
  • AWS

Cloudbooklet © 2023 All rights reserved.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.